a

access/management/commands/add_users_in_groups.py

@@ -1,9 +1,6 @@
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group
-from django.core.management.base import BaseCommand, CommandError
+from django.core.management.base import BaseCommand
-import os
-import shutil
-from django.conf import settings
 
 
 class Command(BaseCommand):
@@ -31,6 +28,7 @@ class Command(BaseCommand):
                 for name in options['groups_names'].split(', '):
                     try:
                         g = Group.objects.get(name=name)
+                        g.user_set.add(user)
                     except Group.DoesNotExist:
                         print("""Group with name "%s" doesn't exist""")
 
@@ -39,7 +37,6 @@ class Command(BaseCommand):
                         user.is_staff = True
                     if name != "students":
                         user.is_staff = True
-                    g.user_set.add(user)
                 user.save()
             except get_user_model().DoesNotExist:
                 print("""user with email: "%s" not found""" % email)

access/migrations/0009_auto_20171119_1736.py

@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.6 on 2017-11-19 17:36
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('access', '0008_auto_20171117_1113'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='account',
+            name='photo',
+            field=models.ImageField(blank=True, default='/static/default/access/default.png', null=True, upload_to='user/photo/'),
+        ),
+    ]

access/migrations/0010_teacher.py

@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.6 on 2017-11-20 12:34
+from __future__ import unicode_literals
+
+import access.models
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('access', '0009_auto_20171119_1736'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Teacher',
+            fields=[
+            ],
+            options={
+                'proxy': True,
+                'indexes': [],
+            },
+            bases=('access.user',),
+            managers=[
+                ('objects', access.models.CustomUserManager()),
+            ],
+        ),
+    ]

access/migrations/0011_delete_teacher.py

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.6 on 2017-11-20 12:37
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('access', '0010_teacher'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='Teacher',
+        ),
+    ]

access/models.py

@@ -41,7 +41,7 @@ class Account(models.Model):
     city = models.CharField(max_length=63, null=True, blank=True)
     gender = models.SmallIntegerField(choices=GENDER_CHOICES, default=0)
     owner = models.OneToOneField(to=settings.AUTH_USER_MODEL)
-    photo = models.ImageField(null=True, blank=True, default='user/photo/default_avatar.png', upload_to='user/photo/')
+    photo = models.ImageField(null=True, blank=True, default='/static/default/access/default.png', upload_to='user/photo/')
     phone = models.CharField(max_length=15, null=True, blank=True)
 
     def __str__(self):
@@ -86,6 +86,12 @@ class CustomUserManager(BaseUserManager):
         user = self.model(email=email, is_staff=is_staff, is_active=is_active, first_name=first_name,
                           is_superuser=is_superuser, date_joined=date_joined, last_login=last_login, **extra_fields)
 
+        Thread.objects.create(
+            key="""user_%s""" % user.id,
+            text="""Приватный тред пользователя %s""" % user.email,
+            is_recurse=True,
+        )
+
         if not password:
             password = ''.join(random.choice(string.ascii_letters) for x in range(8))
 
@@ -157,6 +163,9 @@ class User(AbstractBaseUser, PermissionsMixin):
     def get_short_name(self):
         return self.first_name
 
+    def get_thread(self):
+        Thread.objects.get(key="""user_%s""" % self.id,)
+
     class Meta:
         verbose_name = _('Пользователь')
         verbose_name_plural = _('Пользователи')

access/urls.py

@@ -5,6 +5,7 @@ urlpatterns = [
     url(r'teachers/$', views.TeacherListView.as_view()),
     url(r'info/$', views.InfoUserView.as_view()),
     url(r'detail/([0-9]{1,99})/$', views.DetailUserView.as_view()),
+    url(r'guard/(?P<pk>[0-9]{1,99})/(?P<page>.+)/$', views.UserGuardView.as_view()),
     url(r'find/$', views.FindUserView.as_view()),
     url(r'check/$', views.CheckUserView.as_view()),
     url(r'registration/$', views.RegistrationView.as_view()),

access/views.py

@@ -1,6 +1,7 @@
 from django.contrib.auth import get_user_model
 from django.contrib import auth
 from django.shortcuts import redirect
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.views import APIView
 from rest_framework.renderers import JSONRenderer
 from rest_framework.response import Response
@@ -9,6 +10,7 @@ from django.db.models import Q
 from access.models import Invite, Progress, ExtraPrivilege
 from access.serializers import UserInitSerializer, UserSearchSerializer, UserProfileSerializer
 from courses.models import Vertex
+from journals.models import Thread
 
 
 class TeacherListView(APIView):
@@ -72,18 +74,22 @@ class FindUserView(APIView):
 
 class DetailUserView(APIView):
     renderer_classes = (JSONRenderer,)
+    permission_classes = (IsAuthenticated,)
 
     @staticmethod
     def get(request, pk):
-        if request.user.is_authenticated() and \
+        if request.user.is_superuser or request.user.is_staff or request.user.id == pk:
-                (request.user.is_superuser or request.user.is_staff or request.user.id == pk):
 
             try:
                 user = get_user_model().objects.get(id=pk)
             except get_user_model().DoesNotExist:
                 return Response("User doesn't exist", status=404)
 
-            return Response(UserProfileSerializer(user).data, status=200)
+            serialized_user = UserProfileSerializer(user).data
+
+            serialized_user['is_i'] = request.user == user
+
+            return Response(serialized_user, status=200)
 
         return Response('Permission denied', status=403)
 
@@ -168,20 +174,55 @@ class UpdateProgress(APIView):
 
     @staticmethod
     def post(request):
+        """
+            На вход обязательно передаётся параметр id (id узла).
+        """
         pk = int(request.JSON.get('id'))
+        res_403 = Response('Permission denied', status=403)
+
         try:
             vertex = Vertex.objects.get(id=pk)
         except Vertex.DoesNotExist:
             return Response("Объект не найден", status=404)
 
-        next_vertex = vertex.get_next(['task', 'tutorial'])
+        if vertex.content_type.model == 'task':
+            return res_403
 
         try:
-            progress = Progress.objects.get(user=request.user, course=vertex.course)
+            next_vertex = vertex.get_next(['task', 'tutorial'])
-            if progress.active_obj == vertex:
+        except ValueError:
-                if next_vertex.is_more(progress.active_obj):
+            next_vertex = None
-                    progress.active_obj = next_vertex
+
-                    progress.save()
+        try:
+            progress = Progress.objects.get(user=request.user, course=vertex.course, active_obj=vertex)
+            progress.active_obj = next_vertex
+
+            if not next_vertex:
+                progress.success = True
+
+            if next_vertex.content_type.model == 'task':
+                """
+                  создание тредов для приёма домашки
+                """
+                thread, is_create = Thread.objects.get_or_create(
+                    key="""user_%s__user_%s""" % (vertex.course.get_teacher().id, request.user.id,),
+                    text="""Приватный диалог %s и %s""" % (vertex.course.get_teacher().email, request.user.email,),
+                    is_recurse=True,
+                )
+
+                if is_create:
+                    thread.subscribers.add(request.user)
+                    thread.subscribers.add(vertex.course.get_teacher())
+
+                child_thread = Thread.objects.create(
+                    key="""user_%s__vertex_%s""" % (request.id, vertex.id,),
+                    text="""Домашняя работа по курсу %s и теме %s для студента %s""" %
+                         (vertex.course.title, vertex.vertex_set.all()[0].title, request.user.get_full_name()),
+                )
+
+                child_thread.parent.add(thread)
+
+            progress.save()
             return Response({'id': progress.active_obj.id, 'type': progress.active_obj.content_type.model}, status=200)
         except Progress.DoesNotExist:
             pass
@@ -192,4 +233,36 @@ class UpdateProgress(APIView):
             privilege.save()
             return Response({'id': next_vertex.id, 'type': next_vertex.content_type.model}, status=200)
         except ExtraPrivilege.DoesNotExist:
-            return Response('У вас нет прав', status=403)
+            return res_403
+
+
+class UserGuardView(APIView):
+    renderer_classes = (JSONRenderer,)
+    permission_classes = (IsAuthenticated,)
+
+    @staticmethod
+    def get(request, pk, page):
+        try:
+            user = get_user_model().objects.get(id=pk)
+        except get_user_model().DoesNotExist:
+            return Response("User doesn't exist", status=404)
+
+        is_i = request.user == user
+        res_403 = Response('Permission denied', status=403)
+        res_204 = Response(status=204)
+
+        if is_i and not request.user.groups.filter(name='teachers').exists() and page == 'homeworks':
+            return res_403
+
+        if is_i and not \
+                request.user.groups.filter(name__in=['students', 'managers', 'lead_managers']).exists() \
+                and page == 'payment':
+            return res_403
+
+        if is_i:
+            return res_204
+
+        if page == 'profile' and (request.user.is_superuser or request.user.is_staff):
+            return res_204
+
+        return res_403

courses/models.py

@@ -55,7 +55,8 @@ class CourseManager(models.Manager):
         try:
             course = self.get(id=id)
             for i in kwargs:
-                setattr(course, i, kwargs[i])
+                if kwargs[i]:
+                    setattr(course, i, kwargs[i])
             course.save()
         except ObjectDoesNotExist:
             kwargs['slug'] = slug
@@ -93,6 +94,9 @@ class Course(models.Model):
     def __str__(self):
         return self.title
 
+    def get_teacher(self):
+        return
+
     def get_tree(self, serializer):
         """
             Способ отображения дочерних элементов.