[FIX] HORILLA API: Changed the action type api workflow from base to employee module

2024-10-18 09:16:31 +05:30
parent 22e48fc7a3
commit 5c126892ea
7 changed files with 126 additions and 76 deletions
--- a/horilla_api/api_methods/employee/methods.py
+++ b/horilla_api/api_methods/employee/methods.py
@@ -1,12 +1,7 @@
 import re

-from django.http import QueryDict
-from responses import logger
-from rest_framework.pagination import PageNumberPagination
-
 from base.models import *
 from employee.models import *
-from employee.models import Employee


 def get_next_badge_id():
@@ -54,6 +49,5 @@ def get_next_badge_id():
                prefix.insert(0, str(item))
            prefix = "".join(prefix)
    except Exception as e:
-        logger.exception(e)
        prefix = get_initial_prefix(None)["get_initial_prefix"]
    return prefix
--- a/horilla_api/api_serializers/base/serializers.py
+++ b/horilla_api/api_serializers/base/serializers.py
@@ -1,11 +1,7 @@
 import datetime
-from datetime import date, timezone

-import django
 from django.core.exceptions import ValidationError as DjangoValidationError
-from django.http import QueryDict
 from rest_framework import serializers
-from rest_framework.serializers import ValidationError

 from base.models import (
    Company,
@@ -23,7 +19,6 @@ from base.models import (
    WorkType,
    WorkTypeRequest,
 )
-from employee.models import Actiontype, Employee
 from horilla import horilla_middlewares


@@ -446,9 +441,3 @@ class ShiftRequestSerializer(serializers.ModelSerializer):
    class Meta:
        model = ShiftRequest
        fields = "__all__"
-
-
-class ActiontypeSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = Actiontype
-        fields = ["id", "title", "action_type"]
--- a/horilla_api/api_serializers/employee/serializers.py
+++ b/horilla_api/api_serializers/employee/serializers.py
@@ -2,6 +2,7 @@ from rest_framework import serializers

 from base.models import Department, EmployeeType, JobPosition
 from employee.models import (
+    Actiontype,
    DisciplinaryAction,
    Employee,
    EmployeeBankDetails,
@@ -13,6 +14,12 @@ from horilla_documents.models import Document, DocumentRequest
 from ...api_methods.employee.methods import get_next_badge_id


+class ActiontypeSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Actiontype
+        fields = ["id", "title", "action_type"]
+
+
 class EmployeeListSerializer(serializers.ModelSerializer):
    job_position_name = serializers.CharField(
        source="employee_work_info.job_position_id.job_position", read_only=True
--- a/horilla_api/api_urls/base/urls.py
+++ b/horilla_api/api_urls/base/urls.py
@@ -223,16 +223,6 @@ urlpatterns = [
        views.RotatingShiftAssignBulkDelete.as_view(),
        name="rotating-shift-assigns-bulk-delete",
    ),
-    path(
-        "disciplinary-action-type/",
-        views.ActiontypeView.as_view(),
-        name="disciplinary-action-type",
-    ),
-    path(
-        "disciplinary-action-type/<int:pk>/",
-        views.ActiontypeView.as_view(),
-        name="disciplinary-action-type",
-    ),
    path(
        "rotating-worktype-create-permission-check/<int:id>",
        views.RotatingWorKTypePermissionCheck.as_view(),
@@ -258,4 +248,5 @@ urlpatterns = [
        views.EmployeeTabPermissionCheck.as_view(),
        name="rotating-shift-create-permission-check",
    ),
+    path("check-user-level", views.CheckUserLevel.as_view(), name="check-user-level"),
 ]
--- a/horilla_api/api_urls/employee/urls.py
+++ b/horilla_api/api_urls/employee/urls.py
@@ -56,6 +56,16 @@ urlpatterns = [
        views.DisciplinaryActionAPIView.as_view(),
        name="disciplinary-action-detail",
    ),
+    path(
+        "disciplinary-action-type/",
+        views.ActiontypeView.as_view(),
+        name="disciplinary-action-type",
+    ),
+    path(
+        "disciplinary-action-type/<int:pk>/",
+        views.ActiontypeView.as_view(),
+        name="disciplinary-action-type",
+    ),
    path("policies/", views.PolicyAPIView.as_view(), name="policy-list"),
    path("policies/<int:pk>/", views.PolicyAPIView.as_view(), name="policy-detail"),
    path(
--- a/horilla_api/api_views/base/views.py
+++ b/horilla_api/api_views/base/views.py
@@ -44,7 +44,6 @@ from ...api_decorators.base.decorators import (
 )
 from ...api_methods.base.methods import groupby_queryset, permission_based_queryset
 from ...api_serializers.base.serializers import (
-    ActiontypeSerializer,
    CompanySerializer,
    DepartmentSerializer,
    EmployeeShiftScheduleSerializer,
@@ -1203,48 +1202,6 @@ class RotatingShiftAssignBulkDelete(APIView):
            return Response({"error": str(E)}, status=400)


-class ActiontypeView(APIView):
-    serializer_class = ActiontypeSerializer
-    permission_classes = [IsAuthenticated]
-
-    def get(self, request, pk=None):
-        if pk:
-            action_type = object_check(Actiontype, pk)
-            if action_type is None:
-                return Response({"error": "Actiontype not found"}, status=404)
-            serializer = self.serializer_class(action_type)
-            return Response(serializer.data, status=200)
-        action_types = Actiontype.objects.all()
-        paginater = PageNumberPagination()
-        page = paginater.paginate_queryset(action_types, request)
-        serializer = self.serializer_class(page, many=True)
-        return paginater.get_paginated_response(serializer.data)
-
-    def post(self, request):
-        serializer = self.serializer_class(data=request.data)
-        if serializer.is_valid():
-            serializer.save()
-            return Response(serializer.data, status=201)
-        return Response(serializer.errors, status=400)
-
-    def put(self, request, pk):
-        action_type = object_check(Actiontype, pk)
-        if action_type is None:
-            return Response({"error": "Actiontype not found"}, status=404)
-        serializer = self.serializer_class(action_type, data=request.data)
-        if serializer.is_valid():
-            serializer.save()
-            return Response(serializer.data, status=200)
-        return Response(serializer.errors, status=400)
-
-    def delete(self, request, pk):
-        action_type = object_check(Actiontype, pk)
-        if action_type is None:
-            return Response({"error": "Actiontype not found"}, status=404)
-        response, status_code = object_delete(Actiontype, pk)
-        return Response(response, status=status_code)
-
-
 class RotatingWorKTypePermissionCheck(APIView):
    permission_classes = [IsAuthenticated]

@@ -1275,7 +1232,7 @@ class WorktypeRequestApprovePermissionCheck(APIView):
    permission_classes = [IsAuthenticated]

    def get(self, request):
-        instance = request.user.employee_get
+        instance = Employee.objects.filter(id=request.GET.get("employee_id")).first()
        if (
            _is_reportingmanger(request, instance)
            or request.user.has_perm("approve_shiftrequest")
@@ -1289,7 +1246,7 @@ class ShiftRequestApprovePermissionCheck(APIView):
    permission_classes = [IsAuthenticated]

    def get(self, request):
-        instance = request.user.employee_get
+        instance = Employee.objects.filter(id=request.GET.get("employee_id")).first()
        if (
            _is_reportingmanger(request, instance)
            or request.user.has_perm("approve_shiftrequest")
@@ -1307,10 +1264,20 @@ class EmployeeTabPermissionCheck(APIView):
        instance = Employee.objects.filter(id=request.GET.get("employee_id")).first()
        if _is_reportingmanger(request, instance) or request.user.has_perms(
            [
-                "attendance.view_worktyperequest",
+                "view.view_worktyperequest",
                "attendance.view_shiftrequest",
                "employee.change_employee",
            ]
        ):
            return Response(status=200)
        return Response({"message": "No permission"}, status=400)
+
+
+class CheckUserLevel(APIView):
+    def get(self, request):
+        perm = request.GET.get("perm")
+        instance = Employee.objects.filter(id=request.GET.get("employee_id")).first()
+        if _is_reportingmanger(request, instance) or request.user.has_perm(perm):
+
+            return Response(status=200)
+        return Response({"error": "No permission"}, status=400)
--- a/horilla_api/api_views/employee/views.py
+++ b/horilla_api/api_views/employee/views.py
@@ -14,6 +14,7 @@ from employee.filters import (
    EmployeeFilter,
 )
 from employee.models import (
+    Actiontype,
    DisciplinaryAction,
    Employee,
    EmployeeBankDetails,
@@ -35,6 +36,7 @@ from ...api_decorators.base.decorators import (
 from ...api_decorators.employee.decorators import or_condition
 from ...api_methods.base.methods import groupby_queryset, permission_based_queryset
 from ...api_serializers.employee.serializers import (
+    ActiontypeSerializer,
    DisciplinaryActionSerializer,
    DocumentRequestSerializer,
    DocumentSerializer,
@@ -48,6 +50,22 @@ from ...api_serializers.employee.serializers import (
 )


+def object_check(cls, pk):
+    try:
+        obj = cls.objects.get(id=pk)
+        return obj
+    except cls.DoesNotExist:
+        return None
+
+
+def object_delete(cls, pk):
+    try:
+        cls.objects.get(id=pk).delete()
+        return "", 200
+    except Exception as e:
+        return {"error": str(e)}, 400
+
+
 class EmployeeTypeAPIView(APIView):
    """
    Retrieves employee types.
@@ -404,6 +422,48 @@ class EmployeeBulkUpdateView(APIView):
        return Response({"status": "success"}, status=200)


+class ActiontypeView(APIView):
+    serializer_class = ActiontypeSerializer
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request, pk=None):
+        if pk:
+            action_type = object_check(Actiontype, pk)
+            if action_type is None:
+                return Response({"error": "Actiontype not found"}, status=404)
+            serializer = self.serializer_class(action_type)
+            return Response(serializer.data, status=200)
+        action_types = Actiontype.objects.all()
+        paginater = PageNumberPagination()
+        page = paginater.paginate_queryset(action_types, request)
+        serializer = self.serializer_class(page, many=True)
+        return paginater.get_paginated_response(serializer.data)
+
+    def post(self, request):
+        serializer = self.serializer_class(data=request.data)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=201)
+        return Response(serializer.errors, status=400)
+
+    def put(self, request, pk):
+        action_type = object_check(Actiontype, pk)
+        if action_type is None:
+            return Response({"error": "Actiontype not found"}, status=404)
+        serializer = self.serializer_class(action_type, data=request.data)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=200)
+        return Response(serializer.errors, status=400)
+
+    def delete(self, request, pk):
+        action_type = object_check(Actiontype, pk)
+        if action_type is None:
+            return Response({"error": "Actiontype not found"}, status=404)
+        response, status_code = object_delete(Actiontype, pk)
+        return Response(response, status=status_code)
+
+
 class DisciplinaryActionAPIView(APIView):
    """
    Endpoint for managing disciplinary actions.
@@ -436,12 +496,44 @@ class DisciplinaryActionAPIView(APIView):

    def get(self, request, pk=None):
        if pk:
+            employee = request.user.employee_get
            disciplinary_action = self.get_object(pk)
-            serializer = DisciplinaryActionSerializer(disciplinary_action)
-            return Response(serializer.data, status=200)
+            is_manager = (
+                True
+                if employee.get_subordinate_employees()
+                & disciplinary_action.employee_id.all()
+                else False
+            )
+            if (
+                (employee == disciplinary_action.employee_id)
+                or is_manager
+                or request.user.has_perm("employee.view_disciplinaryaction")
+            ):
+                serializer = DisciplinaryActionSerializer(disciplinary_action)
+                return Response(serializer.data, status=200)
+            return Response({"error": "No permission"}, status=400)
        else:
+            employee = request.user.employee_get
+            is_manager = EmployeeWorkInformation.objects.filter(
+                reporting_manager_id=employee
+            ).exists()
+            subordinates = employee.get_subordinate_employees()
+
+            if request.user.has_perm("employee.view_disciplinaryaction"):
+                queryset = DisciplinaryAction.objects.all()
+            elif is_manager:
+                queryset_subordinates = DisciplinaryAction.objects.filter(
+                    employee_id__in=subordinates
+                )
+                queryset_employee = DisciplinaryAction.objects.filter(
+                    employee_id=employee
+                )
+                queryset = queryset_subordinates | queryset_employee
+            else:
+                queryset = DisciplinaryAction.objects.filter(employee_id=employee)
+
            paginator = PageNumberPagination()
-            disciplinary_actions = DisciplinaryAction.objects.all()
+            disciplinary_actions = queryset
            disciplinary_action_filter_queryset = self.filterset_class(
                request.GET, queryset=disciplinary_actions
            ).qs