Расширена логика создания новостей: добавлена поддержка публикаций для партнёрских программ. Обновлено представление NewsList и разрешения IsNewsCreatorOrReadOnly для учёта менеджеров программ. Добавлена проверка прав на уровне has_permission и has_object_permission. Также оптимизировано представление PartnerProgramDetail: удалена избыточная обработка DoesNotExist

Author: Toksi86

news/permissions.py

@@ -1,6 +1,6 @@
 from django.contrib.auth import get_user_model
+from django.shortcuts import get_object_or_404
 from rest_framework import permissions
-from rest_framework.exceptions import NotFound
 from rest_framework.permissions import SAFE_METHODS
 
 from partner_programs.models import PartnerProgram
@@ -10,47 +10,37 @@
 
 
 class IsNewsCreatorOrReadOnly(permissions.BasePermission):
-    def has_object_permission(self, request, view, obj):
-        """
-        read/update/delete permission
-        currently can only be updated/deleted in admin panel
-        """
+    def has_permission(self, request, view):
         if request.method in SAFE_METHODS:
             return True
-        if (
-            isinstance(obj.content_object, Project)
-            and obj.content_object.leader == request.user
-        ):
-            return True
-        if isinstance(obj.content_object, User) and obj.content_object == request.user:
-            return True
-        if isinstance(obj.content_object, PartnerProgram):
-            # TODO: implement
-            pass
+
+        if view.kwargs.get("project_pk"):
+            project = get_object_or_404(Project, pk=view.kwargs["project_pk"])
+            return request.user == project.leader
+
+        if view.kwargs.get("user_pk"):
+            user = get_object_or_404(User, pk=view.kwargs["user_pk"])
+            return request.user == user
+
+        if view.kwargs.get("partnerprogram_pk"):
+            program = get_object_or_404(
+                PartnerProgram, pk=view.kwargs["partnerprogram_pk"]
+            )
+            return program.is_manager(request.user)
+
         return False
 
-    def has_permission(self, request, view):
-        """
-        Creation permission
-        Currently can only be created via admin panel
-        """
+    def has_object_permission(self, request, view, obj):
         if request.method in SAFE_METHODS:
             return True
 
-        if view.kwargs.get("project_pk"):
-            try:
-                project = Project.objects.get(pk=view.kwargs["project_pk"])
-                if request.method in SAFE_METHODS or (request.user == project.leader):
-                    return True
-            except Project.DoesNotExist:
-                raise NotFound
+        if isinstance(obj.content_object, Project):
+            return obj.content_object.leader == request.user
 
-        if view.kwargs.get("user_pk"):
-            try:
-                user = User.objects.get(pk=view.kwargs["user_pk"])
-                if request.method in SAFE_METHODS or (request.user == user):
-                    return True
-            except User.DoesNotExist:
-                raise NotFound
+        if isinstance(obj.content_object, User):
+            return obj.content_object == request.user
+
+        if isinstance(obj.content_object, PartnerProgram):
+            return obj.content_object.is_manager(request.user)
 
         return False

news/views.py

@@ -2,20 +2,21 @@
 from django.shortcuts import get_object_or_404
 from rest_framework import generics, status
 from rest_framework.permissions import IsAuthenticated
-from rest_framework.response import Response
 from rest_framework.request import Request
+from rest_framework.response import Response
 
-from core.serializers import SetViewedSerializer, SetLikedSerializer
+from core.serializers import SetLikedSerializer, SetViewedSerializer
 from core.services import add_view, set_like
 from news.mixins import NewsQuerysetMixin
 from news.models import News
 from news.pagination import NewsPagination
 from news.permissions import IsNewsCreatorOrReadOnly
 from news.serializers import (
-    NewsListSerializer,
     NewsDetailSerializer,
     NewsListCreateSerializer,
+    NewsListSerializer,
 )
+from partner_programs.models import PartnerProgram
 from projects.models import Project
 
 User = get_user_model()
@@ -44,7 +45,12 @@ def post(self, request: Request, *args, **kwargs) -> Response:
                 NewsDetailSerializer(news).data, status=status.HTTP_201_CREATED
             )
 
-        # creating partner program news, not implemented yet, return 400
+        if kwargs.get("partnerprogram_pk"):
+            program = get_object_or_404(PartnerProgram, pk=kwargs["partnerprogram_pk"])
+            news = News.objects.add_news(program, **data)
+            return Response(
+                NewsDetailSerializer(news).data, status=status.HTTP_201_CREATED
+            )
         return Response(status=status.HTTP_400_BAD_REQUEST)
 
     def get(self, request: Request, *args, **kwargs) -> Response:

partner_programs/admin.py

@@ -45,7 +45,7 @@ class PartnerProgramAdmin(admin.ModelAdmin):
     )
     list_filter = ("city",)
 
-    filter_horizontal = ("users",)
+    filter_horizontal = ("users", "managers")
     date_hierarchy = "datetime_started"
 
     def get_queryset(self, request: HttpRequest) -> QuerySet[PartnerProgram]:

partner_programs/migrations/0008_partnerprogram_managers_and_more.py

@@ -0,0 +1,34 @@
+# Generated by Django 4.2.11 on 2025-07-22 08:44
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("partner_programs", "0007_partnerprogrammaterial"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="partnerprogram",
+            name="managers",
+            field=models.ManyToManyField(
+                blank=True,
+                help_text="Пользователи, имеющие право создавать и редактировать новости",
+                related_name="managed_partner_programs",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="Менеджеры программы",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="partnerprogrammaterial",
+            name="title",
+            field=models.CharField(
+                help_text="Укажите текст для гиперссылки",
+                max_length=255,
+                verbose_name="Название материала",
+            ),
+        ),
+    ]

partner_programs/models.py

@@ -80,6 +80,13 @@ class PartnerProgram(models.Model):
         verbose_name="Участники программы",
         through="PartnerProgramUserProfile",
     )
+    managers = models.ManyToManyField(
+        User,
+        related_name="managed_partner_programs",
+        blank=True,
+        verbose_name="Менеджеры программы",
+        help_text="Пользователи, имеющие право создавать и редактировать новости",
+    )
     draft = models.BooleanField(blank=False, default=True)
     projects_availability = models.CharField(
         choices=PROJECTS_AVAILABILITY_CHOISES,
@@ -103,6 +110,14 @@ class PartnerProgram(models.Model):
         verbose_name="Дата изменения", auto_now=True
     )
 
+    def is_manager(self, user: User) -> bool:
+        """
+        Возвращает True, если пользователь — менеджер этой программы.
+        """
+        if not user or not user.is_authenticated:
+            return False
+        return self.managers.filter(pk=user.pk).exists()
+
     class Meta:
         verbose_name = "Программа"
         verbose_name_plural = "Программы"

partner_programs/serializers.py

@@ -49,22 +49,35 @@ class Meta:
         )
 
 
-class PartnerProgramWithMaterialsMixin(serializers.ModelSerializer):
+class PartnerProgramBaseSerializerMixin(serializers.ModelSerializer):
+    """
+    Базовый миксин для сериализаторов PartnerProgram,
+    включает общие поля: materials и is_user_manager.
+    """
+
     materials = serializers.SerializerMethodField()
+    is_user_manager = serializers.SerializerMethodField()
 
-    def get_materials(self, program):
+    def get_materials(self, program: PartnerProgram):
         materials = program.materials.all()
         return PartnerProgramMaterialSerializer(materials, many=True).data
 
+    def get_is_user_manager(self, program: PartnerProgram) -> bool:
+        user = self.context.get("user")
+        return bool(user and program.is_manager(user))
+
     class Meta:
         abstract = True
 
 
-class PartnerProgramForMemberSerializer(PartnerProgramWithMaterialsMixin):
+class PartnerProgramForMemberSerializer(PartnerProgramBaseSerializerMixin):
     """Serializer for PartnerProgram model for member of this program"""
 
     views_count = serializers.SerializerMethodField(method_name="count_views")
     links = serializers.SerializerMethodField(method_name="get_links")
+    is_user_manager = serializers.SerializerMethodField(
+        method_name="get_is_user_manager"
+    )
 
     def count_views(self, program):
         return get_views_count(program)
@@ -96,10 +109,11 @@ class Meta:
             "presentation_address",
             "views_count",
             "datetime_registration_ends",
+            "is_user_manager",
         )
 
 
-class PartnerProgramForUnregisteredUserSerializer(PartnerProgramWithMaterialsMixin):
+class PartnerProgramForUnregisteredUserSerializer(PartnerProgramBaseSerializerMixin):
     """Serializer for PartnerProgram model for unregistered users in the program"""
 
     class Meta:
@@ -115,6 +129,7 @@ class Meta:
             "advertisement_image_address",
             "presentation_address",
             "datetime_registration_ends",
+            "is_user_manager",
         )
 
 

partner_programs/views.py

@@ -35,27 +35,25 @@ class PartnerProgramList(generics.ListCreateAPIView):
 
 
 class PartnerProgramDetail(generics.RetrieveAPIView):
-    queryset = PartnerProgram.objects.all()
+    queryset = PartnerProgram.objects.prefetch_related("materials", "managers").all()
     permission_classes = [permissions.IsAuthenticatedOrReadOnly]
-    serializer_class = PartnerProgramForUnregisteredUserSerializer
 
     def get(self, request, *args, **kwargs):
-        try:
-            program = self.get_object()
-            is_user_member = program.users.filter(pk=request.user.pk).exists()
-            serializer_class = (
-                PartnerProgramForMemberSerializer
-                if is_user_member
-                else PartnerProgramForUnregisteredUserSerializer
-            )
-            data = serializer_class(program).data
-            data["is_user_member"] = is_user_member
-            if request.user.is_authenticated:
-                add_view(program, request.user)
-
-            return Response(data=data, status=status.HTTP_200_OK)
-        except PartnerProgram.DoesNotExist:
-            return Response(status=status.HTTP_404_NOT_FOUND)
+        program = self.get_object()
+        is_user_member = program.users.filter(pk=request.user.pk).exists()
+        serializer_class = (
+            PartnerProgramForMemberSerializer
+            if is_user_member
+            else PartnerProgramForUnregisteredUserSerializer
+        )
+        serializer = serializer_class(
+            program, context={"request": request, "user": request.user}
+        )
+        data = serializer.data
+        data["is_user_member"] = is_user_member
+        if request.user.is_authenticated:
+            add_view(program, request.user)
+        return Response(data, status=status.HTTP_200_OK)
 
 
 class PartnerProgramCreateUserAndRegister(generics.GenericAPIView):