From 9d1507f445c2a635bc1b55b979a6c2a3643fb3ae Mon Sep 17 00:00:00 2001
From: Francisco Sandoval <fesv1975@gmail.com>
Date: Mon, 8 Jan 2024 21:08:31 -0300
Subject: [PATCH] se filtran lineas si usuario no es superuser

---
 project/api/views/linea.py   | 16 +++++++++++++++-
 project/api/views/usuario.py | 12 +++++++-----
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/project/api/views/linea.py b/project/api/views/linea.py
index 0df137a..3ac71d6 100755
--- a/project/api/views/linea.py
+++ b/project/api/views/linea.py
@@ -5,7 +5,8 @@ from rest_framework.decorators import action, api_view
 from django_filters.rest_framework import DjangoFilterBackend
 from django.db import connection
 from .. import models, serializers
-from django.http import JsonResponse
+from django.http import JsonResponse, HttpResponse
+from django.forms.models import model_to_dict
 from os import getenv
 import redis
 import json
@@ -18,6 +19,19 @@ class LineaViewSet(viewsets.ModelViewSet):
     filter_backends = [DjangoFilterBackend]
     filterset_fields = ['id_operador', 'route_short_name', 'route_long_name', 'vigente']
 
+    def list(self, request, pk=None, *args, **kwargs):
+        login = request.jwt_info['login']
+        usuario = models.Usuario.objects.filter(login=login).first()
+
+        if usuario.superuser == False:
+            rol_lineas = models.RolLinea.objects.filter(id_rol=usuario.id_rol)
+            lineas = []
+            for row in rol_lineas:
+                lineas.append(model_to_dict(row.id_linea))
+
+            return JsonResponse(lineas, safe=False)
+        else:
+            return super().list(request, pk, *args, **kwargs)
 
     @action(detail=False, methods=['get'])
     def proto(self, request, pk=None):
diff --git a/project/api/views/usuario.py b/project/api/views/usuario.py
index 989ca77..5e2f76b 100755
--- a/project/api/views/usuario.py
+++ b/project/api/views/usuario.py
@@ -160,15 +160,20 @@ class UsuarioViewSet(viewsets.ModelViewSet):
 
         login = request.jwt_info['login']
         usuario = models.Usuario.objects.filter(login=login).first()
+        escritura = usuario.superuser
 
         if 'path' in input:
             path = input.get('path')
             aplicacion = models.Aplicacion.objects.filter(path_app=path).first()
-            rol_aplicacion = models.RolAplicacion.objects.filter(id_rol=usuario.id_rol, id_aplicacion=aplicacion.id_aplicacion).first()
+
+            if escritura == False:
+                rol_aplicacion = models.RolAplicacion.objects.filter(id_rol=usuario.id_rol, id_aplicacion=aplicacion.id_aplicacion).first()
+                escritura = rol_aplicacion.solo_visualizar == False
+
             return JsonResponse({
                 'path_app': path,
                 'nombre_app': aplicacion.nombre_app,
-                'escritura': rol_aplicacion.solo_visualizar == False
+                'escritura': escritura
             })
         else:
             registros = models.RolAplicacion.objects.filter(id_rol=usuario.id_rol)
@@ -176,9 +181,6 @@ class UsuarioViewSet(viewsets.ModelViewSet):
             for registro in registros:
                 if registro.id_aplicacion.vigente:
                     rol_app = models.RolAplicacion.objects.filter(id_rol=registro.id_rol, id_aplicacion=registro.id_aplicacion).first()
-                    escritura = True
-                    if rol_app != None:
-                        escritura = rol_app.solo_visualizar != True
                     
                     aplicaciones.append({
                         'path_app': registro.id_aplicacion.path_app,