feat: add permission that checks if user has created five distinct bi…

…ds on an auction and raises permission denied error indicating to users that they can not created more than five bids on an auction if they do not have the premium account
sweeftdigital · Nov 2, 2024 · 799a258 · 799a258
1 parent b62087c
commit 799a258
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 8 deletions.
diff --git a/bid/openapi/bid_create_openapi_examples.py b/bid/openapi/bid_create_openapi_examples.py
@@ -170,4 +170,25 @@ def create_bid_examples():
             response_only=True,
             status_codes=[400],
         ),
+        OpenApiExample(
+            "Error: No permission (GET)",
+            summary="No permission to perform the requested operation.",
+            description="This example shows an error response when a user tries "
+            "to create new bid, but the user has already created five bids "
+            "and does not have a premium account.",
+            value={
+                "type": "client_error",
+                "errors": [
+                    {
+                        "code": "permission_denied",
+                        "message": "As a non-premium user you can not place more than "
+                        "five unique bids on this auction. But you can "
+                        "change the offer of a bid as many times as you want.",
+                        "field_name": None,
+                    }
+                ],
+            },
+            response_only=True,
+            status_codes=[403],
+        ),
     ]
diff --git a/bid/permissions.py b/bid/permissions.py
@@ -1,5 +1,9 @@
+from django.utils.translation import gettext_lazy as _
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.permissions import BasePermission
 
+from bid.models import Bid
+
 
 class IsBidAuthorOrAuctionAuthor(BasePermission):
     """
@@ -22,3 +26,30 @@ class IsBidOwner(BasePermission):
     def has_object_permission(self, request, view, obj):
         is_author = str(obj.author) == str(request.user.id)
         return is_author
+
+
+class OnlyFiveUniqueBidsPerUser(BasePermission):
+    """
+    Custom permission to only allow users to place five unique bids on an auction.
+    """
+
+    def has_permission(self, request, view):
+        auction_id = view.kwargs.get("auction_id")
+
+        if auction_id is None:
+            return False
+
+        user_bids_count = Bid.objects.filter(
+            auction_id=auction_id, author=request.user.id
+        ).count()
+
+        if user_bids_count >= 5:
+            raise PermissionDenied(
+                _(
+                    "As a non-premium user you can not place more than five unique bids on this "
+                    "auction. But you can change the offer of a bid as many "
+                    "times as you want."
+                )
+            )
+
+        return True
diff --git a/bid/views.py b/bid/views.py
@@ -23,7 +23,11 @@
 from bid.openapi.bid_reject_openapi_examples import reject_bid_examples
 from bid.openapi.bid_retrive_openapi_examples import retrieve_bid_examples
 from bid.openapi.bid_update_openapi_examples import update_bid_examples
-from bid.permissions import IsBidAuthorOrAuctionAuthor, IsBidOwner
+from bid.permissions import (
+    IsBidAuthorOrAuctionAuthor,
+    IsBidOwner,
+    OnlyFiveUniqueBidsPerUser,
+)
 from bid.serializers import (
     BaseBidSerializer,
     BidListSerializer,
@@ -38,6 +42,7 @@
         201: CreateBidSerializer,
         400: CreateBidSerializer,
         401: CreateBidSerializer,
+        403: CreateBidSerializer,
         404: CreateBidSerializer,
     },
     examples=create_bid_examples(),
@@ -72,7 +77,12 @@ class CreateBidView(generics.CreateAPIView):
     """
 
     serializer_class = CreateBidSerializer
-    permission_classes = (IsAuthenticated, IsSeller, HasCountryInProfile)
+    permission_classes = (
+        IsAuthenticated,
+        IsSeller,
+        HasCountryInProfile,
+        OnlyFiveUniqueBidsPerUser,
+    )
 
     def get_auction(self):
         """

diff --git a/locale/ka/LC_MESSAGES/django.po b/locale/ka/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-01 23:58+0000\n"
+"POT-Creation-Date: 2024-11-02 01:52+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
@@ -53,12 +53,12 @@ msgstr "თეგების გადმოცემა სავალდე
 msgid "Start date cannot be in the past."
 msgstr "აუქციონის საწყისი დრო არ შეიძლება იყოს ამჟამინდელ დროზე ნაკლები."
 
-#: auction/serializers.py:322 auction/serializers.py:388
+#: auction/serializers.py:320 auction/serializers.py:388
 #: auction/serializers.py:399
 msgid "End date must be after the start date."
 msgstr "აუქციონის დასასრულის დორ არ შეიძლება იყოს საწყის დროზე ნაკლები."
 
-#: auction/serializers.py:345
+#: auction/serializers.py:344
 msgid "There was an error during the creation of an auction. Please try again."
 msgstr "აუქციონის შექმნისას პრობლემამ იჩინა თავი. გთხოვთ სცადოთ თავიდან."
 
@@ -74,23 +74,31 @@ msgstr ""
 msgid "There was an error during the update of the auction. Please try again."
 msgstr "აუქციონის შექმნისას პრობლემამ იჩინა თავი. გთხოვთ სცადოთ თავიდან."
 
-#: auction/views.py:560
+#: auction/views.py:562
 msgid "Auction deleted successfully."
 msgstr "აუქციონი წარმატებით წაიშალა."
 
-#: auction/views.py:635
+#: auction/views.py:672
 #, python-brace-format
 msgid "Auction with UUID {id} does not exist."
 msgstr "აუქციონი მოცემული იდენტიფიკატორით {id} არ არსებობს."
 
-#: auction/views.py:644
+#: auction/views.py:681
 #, python-brace-format
 msgid ""
 "{deleted} auctions deleted and {marked_deleted} auctions marked as deleted."
 msgstr ""
 "წაიშალა {deleted} აუქციონი და {marked_deleted} აუქციონი მონიშნულია, როგორც "
 "წაშლილი."
 
+#: bid/permissions.py:45
+msgid ""
+"As a non-premium user you can not place more than five unique bids on this "
+"auction. But you can change the offer of a bid as many times as you want."
+msgstr "მომხმარებლებს, რომლებსაც არ აქვთ პრემიუმ ტიპის ანგარიში, არ შეუძლიათ "
+"ერთ აუქციონზე დადონ 5-ზე მეტი სხვადასხვა ბიდი, მაგრამ თქვენ შეგიძლიათ, რომ"
+"უკვე არსებული ბიდის შეთავაზება განაახლოთ იმდენჯერ, რამდენჯერაც მოგესურვებათ."
+
 #: bid/serializers.py:255
 msgid ""
 "You can not update bid with an offer that is more or equal than the current "