diff --git a/access/serializers.py b/access/serializers.py index a9d5c6f..5d29a96 100644 --- a/access/serializers.py +++ b/access/serializers.py @@ -1,10 +1,9 @@ from django.contrib.auth import get_user_model from rest_framework import serializers -from rest_framework.generics import get_object_or_404 from access.models.other import Account from achievements.serialers import DiplomaSerializer, AchievementsSerializer -from progress.serializers import ProgressSerializer +from progress.serializers import SecureProgressSerializer class AccountSerializer(serializers.ModelSerializer): @@ -49,7 +48,7 @@ class UserSelfSerializer(serializers.ModelSerializer): @staticmethod def get_progress(self): - return [ProgressSerializer(i).data for i in self.progress_set.all()] + return [SecureProgressSerializer(i).data for i in self.progress_set.all()] class UserProfileSerializer(serializers.ModelSerializer): diff --git a/access/urls.py b/access/urls.py index 579905d..f2961b6 100644 --- a/access/urls.py +++ b/access/urls.py @@ -18,10 +18,6 @@ urlpatterns = [ url(r'logout/$', views.LogoutView.as_view()), url(r'reset/$', views.ResetPasswordView.as_view()), url(r'progress_detail/upload/(?P[0-9A-Fa-f-]+)/$', progress.views.UploadCourseProgressUserView.as_view()), - url( - r'management/password/$', - views.ManagementPassword.as_view(), - name='management-password' - ) + url(r'management/password/$', views.ManagementPassword.as_view(), name='management-password') ] diff --git a/lms/settings.py b/lms/settings.py index 92db76a..8dfbb82 100644 --- a/lms/settings.py +++ b/lms/settings.py @@ -68,6 +68,8 @@ DATABASES = { 'default': env.db(), } +COURSE_PROGRESS_SECRET_KEY = "!gf?s3@4Hr5#J#&%Kfr@56s" + SESSION_ENGINE = 'redis_sessions.session' CELERY_EMAIL_CHUNK_SIZE = 1 diff --git a/progress/serializers.py b/progress/serializers.py index ea27df1..a7a9e65 100644 --- a/progress/serializers.py +++ b/progress/serializers.py @@ -1,6 +1,8 @@ from rest_framework import serializers from progress.models import Progress, ProgressLesson +import jwt +from django.conf import settings class ProgressSerializer(serializers.ModelSerializer): @@ -15,6 +17,24 @@ class ProgressSerializer(serializers.ModelSerializer): return [ProgressLessonSerializer(i).data for i in self.progresslesson_set.all()] +class SecureProgressSerializer(serializers.ModelSerializer): + jwt_token = serializers.SerializerMethodField() + + class Meta: + model = Progress + fields = ('jwt_token', ) + + @staticmethod + def get_jwt_token(self): + payload = { + 'lessons': [ProgressLessonSerializer(i).data for i in self.progresslesson_set.all()], + 'course_token': str(self.course_token), + 'only_watch': self.only_watch, + 'is_finish': self.is_finish, + } + return jwt.encode(payload, settings.COURSE_PROGRESS_SECRET_KEY, algorithm='HS256') + + class ProgressAnalyticSerializer(serializers.ModelSerializer): name = serializers.SerializerMethodField() email = serializers.SerializerMethodField() @@ -47,8 +67,8 @@ class ProgressLessonSerializer(serializers.ModelSerializer): @staticmethod def get_student(self): - return {'name': self.progress.user.get_full_name(), "out_key": self.progress.user.out_key} + return {'name': self.progress.user.get_full_name(), "out_key": str(self.progress.user.out_key)} @staticmethod def get_course_token(self): - return self.progress.course_token \ No newline at end of file + return str(self.progress.course_token) diff --git a/progress/views.py b/progress/views.py index 2b43719..ed3db3f 100644 --- a/progress/views.py +++ b/progress/views.py @@ -175,47 +175,41 @@ class StudentUpdateProgress(APIView): @staticmethod def post(request): lesson_token = request.JSON.get('lesson_token', None) - course_token = request.JSON.get('course_token', None) comment = request.JSON.get('comment', None) - if lesson_token is None or course_token is None: - return Response('Не передан слаг курса или токен урока', status=400) - try: - student = request.user - - p = Progress.objects.get(user=student, course_token=course_token) - - try: - pv = ProgressLesson.objects.get( - progress=p, - lesson_token=lesson_token, - ) + if lesson_token is None: + return Response('Не передан токен урока', status=400) - if not pv.status == ProgressLesson.STATUSES.wait: - if pv.checker == p.teacher and not comment is None: - pv.status = ProgressLesson.STATUSES.wait - pv.comment_tokens.append(comment) + student = request.user - elif pv.checker == p.user: - pv.status = ProgressLesson.STATUSES.done - pv.finish_date = datetime.datetime.now() + try: + pv = ProgressLesson.objects.get( + progress__user=student, + lesson_token=lesson_token, + ) - else: - raise ValueError("Этого никогда не должно происходить, но я уверен, что произойдёт") + if not pv.status == ProgressLesson.STATUSES.wait: + if pv.checker == pv.progress.teacher and not comment is None: + pv.status = ProgressLesson.STATUSES.wait + pv.comment_tokens.append(comment) - pv.save() + elif pv.checker == pv.progress.user: + pv.status = ProgressLesson.STATUSES.done + pv.finish_date = datetime.datetime.now() else: - return Response("Ошибка прав доступа", status=403) + raise ValueError("Этого никогда не должно происходить, но я уверен, что произойдёт") - except ProgressLesson.DoesNotExist: - return Response('Урок не проходится этим пользователем', status=403) + pv.save() + + else: + return Response("Ошибка прав доступа", status=403) if pv.status == ProgressLesson.STATUSES.done: # TODO: Ассинхроннаязадача для celery - add_next_lesson(p) + add_next_lesson(pv.progress) - return Response(ProgressSerializer(p).data, status=200) + return Response(ProgressSerializer(pv.progress).data, status=200) except Progress.DoesNotExist: return Response('Не найден прогресс по заданным параметрам', status=404)