diff --git a/access/serializers.py b/access/serializers.py index a9d5c6f..2aea54b 100644 --- a/access/serializers.py +++ b/access/serializers.py @@ -1,10 +1,9 @@ from django.contrib.auth import get_user_model from rest_framework import serializers -from rest_framework.generics import get_object_or_404 from access.models.other import Account from achievements.serialers import DiplomaSerializer, AchievementsSerializer -from progress.serializers import ProgressSerializer +from progress.serializers import SecureProgressSerializer class AccountSerializer(serializers.ModelSerializer): @@ -22,13 +21,13 @@ class AccountSerializer(serializers.ModelSerializer): class UserSelfSerializer(serializers.ModelSerializer): account = serializers.SerializerMethodField() groups = serializers.SerializerMethodField() - progress = serializers.SerializerMethodField() + progresses = serializers.SerializerMethodField() diplomas = serializers.SerializerMethodField() achievements = serializers.SerializerMethodField() class Meta: model = get_user_model() - fields = ('out_key', 'email', 'first_name', 'last_name', 'progress', 'achievements', + fields = ('out_key', 'email', 'first_name', 'last_name', 'progresses', 'achievements', 'account', 'groups', 'is_staff', 'is_superuser', 'diplomas', 'is_active') @staticmethod @@ -48,8 +47,8 @@ class UserSelfSerializer(serializers.ModelSerializer): return [group.name for group in self.groups.all()] @staticmethod - def get_progress(self): - return [ProgressSerializer(i).data for i in self.progress_set.all()] + def get_progresses(self): + return [SecureProgressSerializer(i).data for i in self.progress_set.all()] class UserProfileSerializer(serializers.ModelSerializer): diff --git a/access/urls.py b/access/urls.py index 579905d..f2961b6 100644 --- a/access/urls.py +++ b/access/urls.py @@ -18,10 +18,6 @@ urlpatterns = [ url(r'logout/$', views.LogoutView.as_view()), url(r'reset/$', views.ResetPasswordView.as_view()), url(r'progress_detail/upload/(?P[0-9A-Fa-f-]+)/$', progress.views.UploadCourseProgressUserView.as_view()), - url( - r'management/password/$', - views.ManagementPassword.as_view(), - name='management-password' - ) + url(r'management/password/$', views.ManagementPassword.as_view(), name='management-password') ] diff --git a/courses/models.py b/courses/models.py index 7785b4c..3bc61ac 100755 --- a/courses/models.py +++ b/courses/models.py @@ -154,19 +154,26 @@ class Course(models.Model): lesson_list += list(topic.lesson_set.all()) return lesson_list - def get_next(self, lesson: Lesson) -> Lesson: + def get_next(self, lesson: Lesson, f=None) -> Lesson: lessons = self.get_lesson_list() try: - return lessons[lessons.index(lesson)] + n = lessons[lessons.index(lesson)+1] + if f is None or f(n): + return n + else: + return self.get_next(n, f) except IndexError: pass - def get_previous(self, lesson: Lesson): + def get_previous(self, lesson: Lesson, f=None): lessons = self.get_lesson_list() - try: - return lessons[lessons.index(lesson) - 2] - except IndexError: - pass + idx = lessons.index(lesson) - 1 + if idx > -1: + prev = lessons[idx] + if f is None or f(prev): + return prev + else: + return self.get_previous(prev, f) def get_first_lesson(self) -> Lesson: lessons = self.get_lesson_list() diff --git a/courses/serializers.py b/courses/serializers.py index 70e4ba6..359386b 100644 --- a/courses/serializers.py +++ b/courses/serializers.py @@ -23,11 +23,16 @@ class MiniLessonSerializer(serializers.ModelSerializer): class LessonSerializer(MiniLessonSerializer): + course_slug = serializers.SerializerMethodField() class Meta: model = Lesson exclude = ('id', 'topic', 'key') + @staticmethod + def get_course_slug(self): + return self.topic.course.slug + class TeacherLessonSerializer(MiniLessonSerializer): topic_sort = serializers.SerializerMethodField() diff --git a/courses/tasks.py b/courses/tasks.py new file mode 100644 index 0000000..9384958 --- /dev/null +++ b/courses/tasks.py @@ -0,0 +1,13 @@ +from progress.models import ProgressLesson, Progress +from django.contrib.auth import get_user_model + + +def add_lesson(user_out_key: str, course_token: str, lesson_token: str, teacher_key: str, is_hm: bool): + + p = Progress.objects.get(course_token=course_token, user__out_key=user_out_key) + + ProgressLesson.objects.get_or_create( + progress=p, + lesson_token=lesson_token, + checker=get_user_model().objects.get(out_key=(teacher_key if is_hm else user_out_key)), + ) \ No newline at end of file diff --git a/courses/urls.py b/courses/urls.py index d30f49b..819f814 100644 --- a/courses/urls.py +++ b/courses/urls.py @@ -3,8 +3,8 @@ from django.conf.urls import url from courses import views as views urlpatterns = [ - url(r'vertex/(?P.+)/$', views.LessonDetail.as_view()), url(r'lesson/teacher/(?P.+)/$', views.LessonInfoView.as_view()), + url(r'lesson/(?P.+)/$', views.LessonDetail.as_view()), url(r'tree/(?P.+)/$', views.TreeView.as_view()), url(r'detail/(?P.+)/$', views.CourseDetailView.as_view()), url(r'^$', views.CourseListView.as_view()), diff --git a/courses/views.py b/courses/views.py index ea9536f..1a6138b 100644 --- a/courses/views.py +++ b/courses/views.py @@ -1,3 +1,5 @@ +from jwt import DecodeError + from courses.models import Course, Lesson from rest_framework.renderers import JSONRenderer from rest_framework.response import Response @@ -5,7 +7,10 @@ from rest_framework.views import APIView from django.contrib.auth import get_user_model from courses.serializers import CourseDetailSerializer, CourseTreeSerializer, LessonSerializer, TeacherLessonSerializer -from progress.models import ProgressLesson +import jwt + +from courses.tasks import add_lesson +from lms import settings class TreeView(APIView): @@ -93,33 +98,53 @@ class LessonDetail(APIView): renderer_classes = (JSONRenderer,) @staticmethod - def get(request, token): + def post(request, token): + jwt_token = request.JSON.get('jwt_token', None) try: lesson = Lesson.objects.get(token=token) except Lesson.DoesNotExist: - return Response("Lesson doesn't exist", status=404) - - if not lesson.free and not ProgressLesson.objects.filter(lesson_token=lesson.token).exists(): - previous_lesson = lesson.topic.course.get_previous(lesson) - - if not previous_lesson is None or not ProgressLesson.objects.filter( - lesson_token=previous_lesson.token, status=ProgressLesson.STATUSES.done).exists(): - return Response("Lesson doesn't access", status=403) - - # TODO: Доделать систему прав на курс - - res = LessonSerializer(lesson).data - # progress = vertex.course.progress_set.filter(user=request.user) - # try: - # if progress.exists(): - # next_vertex = vertex.get_next(progress[0].get_template()) - # if next_vertex: - # res['next'] = MiniVertexSerializer(next_vertex).data - # res['is_in_progress'] = vertex in progress[0].get_objects_in_progress() - # else: - # res['next'] = MiniVertexSerializer(vertex.get_next(vertex.course.route)).data - # except Thread.DoesNotExist or Vertex.DoesNotExist: - # res['next'] = MiniVertexSerializer(vertex.get_next(vertex.course.route)).data - - return Response(res, status=200) + return Response("Урока не существует", status=404) + + l = LessonSerializer(lesson).data + + try: + payload = None if jwt_token is None\ + else jwt.decode(jwt_token, settings.COURSE_PROGRESS_SECRET_KEY, algorithms=['HS256']) + except DecodeError: + payload = None + + course = lesson.topic.course + + if payload is None: + if not lesson.free: + return Response("Bad token", status=400) + + else: + return Response(l, status=200) + + prev_lesson = course.get_previous(lesson, (lambda x: not x.is_hm) if payload['only_watch'] else None) + next_lesson = course.get_next(lesson, (lambda x: not x.is_hm) if payload['only_watch'] else None) + + if not prev_lesson is None: + l['prev_token'] = prev_lesson.token + + if not next_lesson is None: + l['next_token'] = next_lesson.token + + new_lesson = False + for payload_lesson in payload['lessons']: + if payload_lesson['lesson_token'] == str(lesson.token): + return Response(l, status=200) + + if not prev_lesson is None and str(prev_lesson.token) == payload_lesson['lesson_token']: + new_lesson = True if prev_lesson is None else \ + (payload_lesson['status'] == "done" or payload_lesson['status'] == "wait") + + if not new_lesson: + return Response("Permission denied", status=403) + + #TODO Задача для селери + add_lesson(request.user.out_key, course.token, lesson.token, course.get_teacher(), lesson.is_hm) + + return Response(l, status=200) diff --git a/finance/views.py b/finance/views.py index ac08320..c97513f 100644 --- a/finance/views.py +++ b/finance/views.py @@ -295,4 +295,13 @@ class YandexFailView(APIView): logger_yandex.error(data) - return redirect(to=settings.DOMAIN) \ No newline at end of file + return redirect(to=settings.DOMAIN) + + +class DemoYandexCheckView(YandexCheckView): + """для тестирования платежей""" + pass + + +class DemoYandexAvisoView(YandexAvisoView): + pass \ No newline at end of file diff --git a/lms/settings.py b/lms/settings.py index ff764b8..b4ae38d 100644 --- a/lms/settings.py +++ b/lms/settings.py @@ -68,6 +68,8 @@ DATABASES = { 'default': env.db(), } +COURSE_PROGRESS_SECRET_KEY = "!gf?s3@4Hr5#J#&%Kfr@56s" + SESSION_ENGINE = 'redis_sessions.session' CELERY_EMAIL_CHUNK_SIZE = 1 diff --git a/lms/urls.py b/lms/urls.py index 9ed625b..9acba7b 100644 --- a/lms/urls.py +++ b/lms/urls.py @@ -1,7 +1,7 @@ from django.conf.urls import url, include from django.contrib import admin from django.views.static import serve -from finance.views import YandexCheckView, YandexAvisoView +from finance.views import YandexCheckView, YandexAvisoView, DemoYandexCheckView, DemoYandexAvisoView from django.conf import settings @@ -12,5 +12,7 @@ urlpatterns = [ url(r'^static/(?P.*)/$', serve, {'document_root': settings.STATIC_ROOT}), url(r'^wallet/pay/check/$', YandexCheckView.as_view(), name='yandex_money_check'), url(r'^wallet/pay/result/$', YandexAvisoView.as_view(), name='yandex_money_notice'), - url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')) + url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), + url(r'^yandex-money/check/$', DemoYandexCheckView.as_view()), + url(r'^yandex-money/aviso/$', DemoYandexAvisoView.as_view()) ] diff --git a/progress/serializers.py b/progress/serializers.py index ea27df1..c2570e9 100644 --- a/progress/serializers.py +++ b/progress/serializers.py @@ -1,6 +1,8 @@ from rest_framework import serializers from progress.models import Progress, ProgressLesson +import jwt +from django.conf import settings class ProgressSerializer(serializers.ModelSerializer): @@ -15,6 +17,23 @@ class ProgressSerializer(serializers.ModelSerializer): return [ProgressLessonSerializer(i).data for i in self.progresslesson_set.all()] +class SecureProgressSerializer(serializers.ModelSerializer): + jwt_token = serializers.SerializerMethodField() + + class Meta: + model = Progress + fields = ('jwt_token', ) + + @staticmethod + def get_jwt_token(self): + payload = { + 'lessons': [ProgressLessonSerializer(i).data for i in self.progresslesson_set.all()], + 'course_token': str(self.course_token), + 'only_watch': self.only_watch, + } + return jwt.encode(payload, settings.COURSE_PROGRESS_SECRET_KEY, algorithm='HS256') + + class ProgressAnalyticSerializer(serializers.ModelSerializer): name = serializers.SerializerMethodField() email = serializers.SerializerMethodField() @@ -47,8 +66,8 @@ class ProgressLessonSerializer(serializers.ModelSerializer): @staticmethod def get_student(self): - return {'name': self.progress.user.get_full_name(), "out_key": self.progress.user.out_key} + return {'name': self.progress.user.get_full_name(), "out_key": str(self.progress.user.out_key)} @staticmethod def get_course_token(self): - return self.progress.course_token \ No newline at end of file + return str(self.progress.course_token) diff --git a/progress/views.py b/progress/views.py index 2b43719..842a3ec 100644 --- a/progress/views.py +++ b/progress/views.py @@ -14,7 +14,8 @@ from django.db.models import Q from courses.models import Course from progress.models import ProgressLesson, Progress -from progress.serializers import ProgressAnalyticSerializer, ProgressLessonSerializer, ProgressSerializer +from progress.serializers import ProgressAnalyticSerializer, ProgressLessonSerializer, ProgressSerializer, \ + SecureProgressSerializer from courses.api import CourseProgressApi, CourseParamsApi from progress.tasks import add_next_lesson @@ -175,47 +176,45 @@ class StudentUpdateProgress(APIView): @staticmethod def post(request): lesson_token = request.JSON.get('lesson_token', None) - course_token = request.JSON.get('course_token', None) comment = request.JSON.get('comment', None) - if lesson_token is None or course_token is None: - return Response('Не передан слаг курса или токен урока', status=400) - try: - student = request.user + if lesson_token is None: + return Response('Не передан токен урока', status=400) - p = Progress.objects.get(user=student, course_token=course_token) + student = request.user - try: - pv = ProgressLesson.objects.get( - progress=p, - lesson_token=lesson_token, - ) + try: + pv = ProgressLesson.objects.get( + progress__user=student, + lesson_token=lesson_token, + ) - if not pv.status == ProgressLesson.STATUSES.wait: - if pv.checker == p.teacher and not comment is None: - pv.status = ProgressLesson.STATUSES.wait - pv.comment_tokens.append(comment) + if pv.status == ProgressLesson.STATUSES.done: + Response(SecureProgressSerializer(pv.progress).data, status=200) - elif pv.checker == p.user: - pv.status = ProgressLesson.STATUSES.done - pv.finish_date = datetime.datetime.now() + if not pv.status == ProgressLesson.STATUSES.wait: + if pv.checker == pv.progress.user: + pv.status = ProgressLesson.STATUSES.done + pv.finish_date = datetime.datetime.now() - else: - raise ValueError("Этого никогда не должно происходить, но я уверен, что произойдёт") + elif not comment is None and\ + not pv.progress.progresslesson_set.filter(status=ProgressLesson.STATUSES.wait).exists(): + pv.status = ProgressLesson.STATUSES.wait + pv.comment_tokens.append(comment) - pv.save() + elif comment is None: + return Response("Не преложен комментарий", status=400) else: - return Response("Ошибка прав доступа", status=403) + return Response("В настоящее время, мы уже проверяем одно из ваших домашних заданий.
Как " + "только оно будет успешно сдано - вы сможете продолжить.", status=403) - except ProgressLesson.DoesNotExist: - return Response('Урок не проходится этим пользователем', status=403) + elif not comment is None: + pv.comment_tokens.append(comment) - if pv.status == ProgressLesson.STATUSES.done: - # TODO: Ассинхроннаязадача для celery - add_next_lesson(p) + pv.save() - return Response(ProgressSerializer(p).data, status=200) + return Response(SecureProgressSerializer(pv.progress).data, status=200) except Progress.DoesNotExist: return Response('Не найден прогресс по заданным параметрам', status=404) @@ -292,6 +291,7 @@ class SetProgress(APIView): course_slug = request.JSON.get('course_slug', None) topic_sort = int(request.JSON.get('topic', 1)) lesson_sort = int(request.JSON.get('lesson', 1)) + only_watch = request.JSON.get('only_watch', False) force = request.JSON.get('force', False) if course_slug is None: @@ -319,6 +319,9 @@ class SetProgress(APIView): teacher = get_user_model().objects.get(out_key=course.get_teacher()) progress = Progress.objects.create(course_token=course.token, user=student, teacher=teacher) + progress.only_watch = only_watch + progress.save() + token_list = [] lesson_list = [] for topic_idx, topic in enumerate(course.topic_set.all()): diff --git a/storage/views.py b/storage/views.py index 55770d6..1b7c14c 100644 --- a/storage/views.py +++ b/storage/views.py @@ -1,3 +1,6 @@ +import base64 +import json + from rest_framework.renderers import JSONRenderer from rest_framework.response import Response from rest_framework.views import APIView @@ -44,12 +47,19 @@ class CommentView(APIView): @staticmethod def get(request): - token = request.GET.get('token', None) + base64_tokens = request.GET.get('base64_tokens', None) - if not token: + if not base64_tokens: return Response("Attribute token not set", status=400) - try: - return Response(CommentSerializer(Comment.objects.get(token=token)).data, status=200) - except Comment.DoesNotExist: - return Response("Comment not found", status=404) + tokens = json.loads(base64.b64decode(base64_tokens).decode('utf-8')) + comments = [] + + for token in tokens: + try: + comment = Comment.objects.get(token=token) + comments.append(comment) + except Comment.DoesNotExist: + pass + + return Response([CommentSerializer(comment).data for comment in comments], status=200)