from django.contrib.auth import get_user_model from django.contrib import auth from django.shortcuts import redirect from rest_framework.permissions import IsAuthenticated from rest_framework.views import APIView from rest_framework.renderers import JSONRenderer from rest_framework.response import Response from django.db.models import Q from access.models import Invite, Progress, ExtraPrivilege from access.serializers import UserInitSerializer, UserSearchSerializer, UserProfileSerializer from courses.models import Vertex from journals.models import Thread class TeacherListView(APIView): renderer_classes = (JSONRenderer,) status_code = 200 def get(self, request): return Response([i.email for i in get_user_model().objects.filter(groups__name='teachers')], self.status_code) class CheckUserView(APIView): renderer_classes = (JSONRenderer,) status_code = 200 def get(self, request): if request.user.is_authenticated() and (request.user.is_staff or request.user.is_superuser): return Response(True, status=self.status_code) return Response(False, status=self.status_code) class InfoUserView(APIView): renderer_classes = (JSONRenderer,) status_code = 200 def get(self, request): if request.user.is_authenticated(): return Response(UserInitSerializer(request.user).data, status=self.status_code) return Response('anonymous', status=self.status_code) class FindUserView(APIView): renderer_classes = (JSONRenderer,) status_code = 200 def get(self, request): if request.user.is_authenticated() and \ (request.user.is_superuser or 'managers' in request.user.groups.all() or 'lead_managers' in request.user.groups.all()): key = request.GET.get('key', None) count = int(request.GET.get('count', '10')) if key: res = get_user_model().objects.filter( Q(id__contains=key) | Q(email__contains=key.lower()) | Q(first_name__contains=key) | Q(last_name__contains=key) | Q(account__phone__contains=key), groups__name='students' ) else: res = get_user_model().objects.all() res = res[:(count if len(res) > count else len(res))] return Response( [UserSearchSerializer(i).data for i in res], status=self.status_code ) return Response('Permission denied', status=403) class DetailUserView(APIView): renderer_classes = (JSONRenderer,) permission_classes = (IsAuthenticated,) @staticmethod def get(request, pk): if request.user.is_superuser or request.user.is_staff or request.user.id == pk: try: user = get_user_model().objects.get(id=pk) except get_user_model().DoesNotExist: return Response("User doesn't exist", status=404) serialized_user = UserProfileSerializer(user).data serialized_user['is_i'] = request.user == user return Response(serialized_user, status=200) return Response('Permission denied', status=403) class RegistrationView(APIView): renderer_classes = (JSONRenderer,) @staticmethod def get(request): try: invite = Invite.objects.get(hash=request.GET['hash']) invite.owner.is_active = True invite.owner.save() auth.login(request, invite.owner) invite.delete() return redirect('/') except Invite.DoesNotExist: return Response('Приглошения не существует возможно оно сгорело', status=404) @staticmethod def post(request): try: get_user_model().objects.get(email=request.JSON['email'].lower()) return Response('user already exist', status=403) except get_user_model().DoesNotExist: password = request.JSON.get('password') if password: user = get_user_model().objects.create_student( email=request.JSON['email'].lower(), password=request.JSON['password'] ) else: user = get_user_model().objects.create_student( email=request.JSON['email'].lower(), ) return Response(UserInitSerializer(user).data, status=200) class ChangePasswordView(APIView): renderer_classes = (JSONRenderer,) @staticmethod def post(request): if request.user.is_authenticated() and not request.user.check_password(request.JSON['old_password']): return Response("Неверный пароль", status=404) request.user.set_password(request.JSON['new_password']) request.user.save() return Response("Пароль был изменён", status=200) class LoginView(APIView): renderer_classes = (JSONRenderer,) @staticmethod def post(request): if not request.user.is_authenticated(): user = auth.authenticate(email=request.JSON.get('email'), password=request.JSON.get('password')) try: auth.login(request, user) except AttributeError: return Response("Неверный пароль", status=404) return Response(UserInitSerializer(request.user).data, status=200) class LogoutView(APIView): renderer_classes = (JSONRenderer,) @staticmethod def post(request): if request.user.is_authenticated(): auth.logout(request) return Response(status=204) class UpdateProgress(APIView): """ Переводит ученика на следующую стадию прохождения курса Запрос идёт синхронно возвращает id нового объекта прогресса """ renderer_classes = (JSONRenderer,) @staticmethod def post(request): """ На вход обязательно передаётся параметр id (id узла). """ pk = int(request.JSON.get('id')) res_403 = Response('Permission denied', status=403) try: vertex = Vertex.objects.get(id=pk) except Vertex.DoesNotExist: return Response("Объект не найден", status=404) if vertex.content_type.model == 'task': return res_403 try: next_vertex = vertex.get_next(['task', 'tutorial']) except ValueError: next_vertex = None try: progress = Progress.objects.get(user=request.user, course=vertex.course, active_obj=vertex) progress.active_obj = next_vertex if not next_vertex: progress.success = True if next_vertex.content_type.model == 'task': """ создание тредов для приёма домашки """ teacher_thread = Thread.objects.get( key="""user_%s""" % vertex.course.get_teacher().id, ) user_thread = Thread.objects.get( key="""user_%s""" % request.user.id, ) support_thread = Thread.objects.get( key="suports", ) child_thread = Thread.objects.create( key="""user_%s__vertex_%s""" % (request.user.id, vertex.id,), text="""Домашняя работа по курсу %s и теме %s для студента %s""" % (vertex.course.title, vertex.vertex_set.all()[0].title, request.user.get_full_name()), ) child_thread.subscribers.add(request.user) child_thread.parent.add(teacher_thread) child_thread.parent.add(support_thread) child_thread.parent.add(user_thread) progress.save() return Response({'id': progress.active_obj.id, 'type': progress.active_obj.content_type.model}, status=200) except Progress.DoesNotExist: pass try: privilege = ExtraPrivilege.objects.get(user=request.user, subject=vertex) privilege.is_done = True privilege.save() return Response({'id': next_vertex.id, 'type': next_vertex.content_type.model}, status=200) except ExtraPrivilege.DoesNotExist: return res_403 class UserGuardView(APIView): renderer_classes = (JSONRenderer,) permission_classes = (IsAuthenticated,) @staticmethod def get(request, pk, page): try: user = get_user_model().objects.get(id=pk) except get_user_model().DoesNotExist: return Response("User doesn't exist", status=404) is_i = request.user == user res_403 = Response('Permission denied', status=403) res_204 = Response(status=204) if is_i and not request.user.groups.filter(name='teachers').exists() and page == 'homeworks': return res_403 if is_i and not \ request.user.groups.filter(name__in=['students', 'managers', 'lead_managers']).exists() \ and page == 'payment': return res_403 if is_i: return res_204 if page == 'profile' and (request.user.is_superuser or request.user.is_staff): return res_204 return res_403