From 13fce8f7390a53684fc36246a1d0372895cdb054 Mon Sep 17 00:00:00 2001 From: Andrey Date: Thu, 26 Oct 2017 18:31:25 +0300 Subject: [PATCH] access update --- access/init_group.py | 1 + access/serializers.py | 17 ++++++++++++++ access/urls.py | 2 ++ access/views.py | 54 +++++++++++++++++++++++++++++++++++++++++-- finance/models.py | 4 ++-- 5 files changed, 74 insertions(+), 4 deletions(-) diff --git a/access/init_group.py b/access/init_group.py index f51b30c..8f9703b 100644 --- a/access/init_group.py +++ b/access/init_group.py @@ -14,4 +14,5 @@ if __name__ == '__main__': Group.objects.get_or_create(name='lead_managers') Group.objects.get_or_create(name='curators') Group.objects.get_or_create(name='partners') + Group.objects.get_or_create(name='supports') Group.objects.get_or_create(name='project_managers') \ No newline at end of file diff --git a/access/serializers.py b/access/serializers.py index 803ee08..c768798 100644 --- a/access/serializers.py +++ b/access/serializers.py @@ -32,6 +32,23 @@ class UserInitSerializer(serializers.ModelSerializer): return [group.name for group in self.groups.all()] +class UserSearchSerializer(serializers.ModelSerializer): + pay = serializers.SerializerMethodField() + phone = serializers.SerializerMethodField() + + class Meta: + model = get_user_model() + fields = ('id', 'email', 'first_name', 'last_name', 'phone', 'pay') + + @staticmethod + def get_phone(self): + return self.account.phone + + @staticmethod + def get_pay(self): + return sum([i.get_full_price() for i in self.bill_user.all()]) + + class ExtraPrivilegeSerializer(serializers.ModelSerializer): class Meta: model = ExtraPrivilege diff --git a/access/urls.py b/access/urls.py index 02a5e01..17a0eec 100644 --- a/access/urls.py +++ b/access/urls.py @@ -4,6 +4,8 @@ from access import views urlpatterns = [ url(r'teachers/$', views.TeacherListView.as_view()), url(r'info/$', views.InfoUserView.as_view()), + url(r'detail/([0-9]{1,99})/$', views.DetailUserView.as_view()), + url(r'find/$', views.FindUserView.as_view()), url(r'check/$', views.CheckUserView.as_view()), url(r'registration/$', views.RegistrationView.as_view()), url(r'change_password/$', views.ChangePasswordView.as_view()), diff --git a/access/views.py b/access/views.py index 7a52eca..51f23e9 100644 --- a/access/views.py +++ b/access/views.py @@ -4,9 +4,10 @@ from django.shortcuts import redirect from rest_framework.views import APIView from rest_framework.renderers import JSONRenderer from rest_framework.response import Response +from django.db.models import Q from access.models import Invite -from access.serializers import UserInitSerializer +from access.serializers import UserInitSerializer, UserSearchSerializer class TeacherListView(APIView): @@ -37,6 +38,55 @@ class InfoUserView(APIView): return Response('anonymous', status=self.status_code) +class FindUserView(APIView): + renderer_classes = (JSONRenderer,) + status_code = 200 + + def get(self, request): + if request.user.is_authenticated() and \ + (request.user.is_superuser + or 'managers' in request.user.groups.all() or 'lead_managers' in request.user.groups.all()): + + key = request.GET.get('key', None) + count = int(request.GET.get('count', '10')) + + if key: + res = get_user_model().objects.filter( + Q(id__contains=key) | Q(email__contains=key.lower()) | Q(first_name__contains=key) | + Q(last_name__contains=key) | Q(account__phone__contains=key), groups__name='students' + ) + + else: + res = get_user_model().objects.all() + + res = res[:(count if len(res) > count else len(res))] + + return Response([ + UserSearchSerializer(i).data for i in res], + status=self.status_code + ) + + return Response('Permission denied', status=403) + + +class DetailUserView(APIView): + renderer_classes = (JSONRenderer,) + + @staticmethod + def get(request, pk): + if request.user.is_authenticated() and \ + (request.user.is_superuser or request.user.is_staff or request.user.id == pk): + + try: + user = get_user_model().objects.get(id=pk) + except get_user_model().DoesNotExist: + return Response("User doesn't exist", status=404) + + return Response(UserInitSerializer(user).data, status=200) + + return Response('Permission denied', status=403) + + class RegistrationView(APIView): renderer_classes = (JSONRenderer,) @@ -98,4 +148,4 @@ class LogoutView(APIView): def post(request): if request.user.is_authenticated(): auth.logout(request) - return Response(status=204) \ No newline at end of file + return Response(status=204) diff --git a/finance/models.py b/finance/models.py index 7d09a77..628d09f 100755 --- a/finance/models.py +++ b/finance/models.py @@ -6,9 +6,9 @@ from courses.models import Course, Vertex class Bill(models.Model): course = models.ForeignKey(to=Course, verbose_name='Курс', blank=True, null=True) - user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='Плательщик', related_name=u'bill_user') + user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='Плательщик', related_name='bill_user') opener = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='Ответственный сотрудник', null=True) - comment = models.TextField(verbose_name=u'Комментарий продавца', help_text=u'Будет показано пользователю', + comment = models.TextField(verbose_name='Комментарий продавца', help_text='Будет показано пользователю', blank=True, editable=False) description = models.TextField(verbose_name='Внутренняя заметка', default='')