tanner/spaceport
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add API route for training

Browse Source
This commit is contained in:
Tanner Collin
2020-01-16 06:17:33 +00:00
parent 801d35aa88
commit 57407be11e
6 changed files with 72 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apiserver/apiserver/api/views.py
+48 -7
View File
@@ -1,4 +1,5 @@
from django.contrib.auth.models import User, Group
from django.shortcuts import get_object_or_404
from django.db.models import Max
from rest_framework import viewsets, views, mixins, generics, exceptions
from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS
@@ -15,11 +16,21 @@ class AllowMetadata(BasePermission):
return request.method in ['OPTIONS', 'HEAD']
def is_admin_director(user):
return user.is_staff or user.member.is_director or user.member.is_staff
return bool(user.is_staff or user.member.is_director or user.member.is_staff)
class IsOwnerOrAdmin(BasePermission):
class IsObjOwnerOrAdmin(BasePermission):
def has_object_permission(self, request, view, obj):
return request.user and (obj.user == request.user or is_admin_director(request.user))
return bool(request.user and (obj.user == request.user or is_admin_director(request.user)))
class IsSessionInstructorOrAdmin(BasePermission):
def has_object_permission(self, request, view, obj):
return bool(request.user and (obj.session.instructor == request.user or is_admin_director(request.user)))
class ReadOnly(BasePermission):
def has_permission(self, request, view):
return bool(request.method in SAFE_METHODS)
def has_object_permission(self, request, view, obj):
return bool(request.method in SAFE_METHODS)
class IsAdminOrReadOnly(BasePermission):
def has_permission(self, request, view):
@@ -58,7 +69,7 @@ def gen_search_strings():
search_strings[string] = m.id
NUM_SEARCH_RESULTS = 10
class SearchViewSet(viewsets.GenericViewSet, mixins.RetrieveModelMixin):
class SearchViewSet(Base, Retrieve):
permission_classes = [AllowMetadata | IsAuthenticated]
def get_serializer_class(self):
@@ -113,7 +124,7 @@ class SearchViewSet(viewsets.GenericViewSet, mixins.RetrieveModelMixin):
class MemberViewSet(Base, Retrieve, Update):
permission_classes = [AllowMetadata | IsAuthenticated, IsOwnerOrAdmin]
permission_classes = [AllowMetadata | IsAuthenticated, IsObjOwnerOrAdmin]
queryset = models.Member.objects.all()
def get_serializer_class(self):
@@ -124,7 +135,7 @@ class MemberViewSet(Base, Retrieve, Update):
class CardViewSet(Base, Create, Retrieve, Update, Destroy):
permission_classes = [AllowMetadata | IsAuthenticated, IsOwnerOrAdmin, IsAdminOrReadOnly]
permission_classes = [AllowMetadata | IsAuthenticated, IsObjOwnerOrAdmin, IsAdminOrReadOnly]
queryset = models.Card.objects.all()
serializer_class = serializers.CardSerializer
@@ -142,7 +153,6 @@ class CourseViewSet(Base, List, Retrieve, Create, Update):
class SessionViewSet(Base, List, Retrieve, Create, Update):
permission_classes = [AllowMetadata | IsAuthenticated, IsAdminOrReadOnly | IsInstructorOrReadOnly]
serializer_class = serializers.SessionSerializer
def get_queryset(self):
if self.action == 'list':
@@ -150,6 +160,37 @@ class SessionViewSet(Base, List, Retrieve, Create, Update):
else:
return models.Session.objects.all()
def get_serializer_class(self):
if self.action == 'list':
return serializers.SessionListSerializer
else:
return serializers.SessionSerializer
def perform_create(self, serializer):
serializer.save(instructor=self.request.user)
class TrainingViewSet(Base, Retrieve, Create, Update):
permission_classes = [AllowMetadata | IsAuthenticated, IsObjOwnerOrAdmin | IsSessionInstructorOrAdmin | ReadOnly]
serializer_class = serializers.TrainingSerializer
queryset = models.Training.objects.all()
def get_serializer_class(self):
user = self.request.user
if is_admin_director(user) or user.member.is_instructor:
return serializers.TrainingSerializer
else:
return serializers.StudentTrainingSerializer
def perform_create(self, serializer):
session_id = self.request.data['session']
session = get_object_or_404(models.Session, id=session_id)
training = models.Training.objects.filter(user=self.request.user, session=session)
if training.exists():
raise exceptions.ValidationError('You have already registered')
if self.request.user == session.instructor:
raise exceptions.ValidationError('You are teaching this session')
serializer.save(user=self.request.user)
class UserView(views.APIView):
permission_classes = [AllowMetadata | IsAuthenticated]