You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
236 lines
7.9 KiB
236 lines
7.9 KiB
from django.contrib.auth import get_user_model
|
|
from django.contrib import auth
|
|
from django.shortcuts import redirect
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from rest_framework.views import APIView
|
|
from rest_framework.renderers import JSONRenderer
|
|
from rest_framework.response import Response
|
|
from django.db.models import Q
|
|
|
|
from access.models.other import Invite, Progress
|
|
from access.serializers import UserSelfSerializer, UserSearchSerializer, UserProfileSerializer
|
|
from courses.models import Vertex
|
|
from journals.models import Thread
|
|
|
|
|
|
class TeacherListView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
status_code = 200
|
|
|
|
def get(self, request):
|
|
return Response([i.email for i in get_user_model().objects.filter(groups__name='teachers')], self.status_code)
|
|
|
|
|
|
class CheckUserView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
status_code = 200
|
|
|
|
def get(self, request):
|
|
if request.user.is_authenticated() and (request.user.is_staff or request.user.is_superuser):
|
|
return Response(True, status=self.status_code)
|
|
return Response(False, status=self.status_code)
|
|
|
|
|
|
class InfoUserView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
status_code = 200
|
|
|
|
def get(self, request):
|
|
if request.user.is_authenticated():
|
|
return Response(UserSelfSerializer(request.user).data, status=self.status_code)
|
|
return Response('anonymous', status=self.status_code)
|
|
|
|
|
|
class FindUserView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
status_code = 200
|
|
|
|
def get(self, request):
|
|
if request.user.is_authenticated() and \
|
|
(request.user.is_superuser
|
|
or request.user.groups.filter(name__in=['managers', 'lead_managers']).exists()):
|
|
|
|
key = request.GET.get('key', None)
|
|
count = int(request.GET.get('count', '10'))
|
|
|
|
if key:
|
|
res = get_user_model().objects.filter(
|
|
Q(id__contains=key) | Q(email__contains=key.lower()) | Q(first_name__contains=key) |
|
|
Q(last_name__contains=key) | Q(account__phone__contains=key), groups__name='students'
|
|
)
|
|
|
|
else:
|
|
res = get_user_model().objects.all()
|
|
|
|
res = res[:(count if len(res) > count else len(res))]
|
|
|
|
return Response(
|
|
[UserSearchSerializer(i).data for i in res],
|
|
status=self.status_code
|
|
)
|
|
|
|
return Response('Permission denied', status=403)
|
|
|
|
|
|
class DetailUserView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
permission_classes = (IsAuthenticated,)
|
|
|
|
@staticmethod
|
|
def get(request, pk):
|
|
if request.user.is_superuser or request.user.is_staff or request.user.id == int(pk):
|
|
|
|
try:
|
|
user = get_user_model().objects.get(id=pk)
|
|
except get_user_model().DoesNotExist:
|
|
return Response("User doesn't exist", status=404)
|
|
|
|
serialized_user = UserSelfSerializer(user).data
|
|
serialized_user['is_i'] = request.user == user
|
|
|
|
return Response(serialized_user, status=200)
|
|
|
|
return Response('Permission denied', status=403)
|
|
|
|
|
|
class RegistrationView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
|
|
@staticmethod
|
|
def get(request):
|
|
try:
|
|
invite = Invite.objects.get(hash=request.GET['hash'])
|
|
invite.owner.is_active = True
|
|
invite.owner.save()
|
|
auth.login(request, invite.owner)
|
|
invite.delete()
|
|
return redirect('/')
|
|
except Invite.DoesNotExist:
|
|
return Response('Приглошения не существует возможно оно сгорело', status=404)
|
|
|
|
@staticmethod
|
|
def post(request):
|
|
try:
|
|
get_user_model().objects.get(email=request.JSON['email'].lower())
|
|
return Response('user already exist', status=403)
|
|
except get_user_model().DoesNotExist:
|
|
password = request.JSON.get('password')
|
|
if password:
|
|
user = get_user_model().objects.create_student(
|
|
email=request.JSON['email'].lower(),
|
|
password=request.JSON['password']
|
|
)
|
|
else:
|
|
user = get_user_model().objects.create_student(
|
|
email=request.JSON['email'].lower(),
|
|
)
|
|
|
|
return Response(UserSelfSerializer(user).data, status=200)
|
|
|
|
|
|
class ChangePasswordView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
|
|
@staticmethod
|
|
def post(request):
|
|
if request.user.is_authenticated() and not request.user.check_password(request.JSON['old_password']):
|
|
return Response("Неверный пароль", status=404)
|
|
request.user.set_password(request.JSON['new_password'])
|
|
request.user.save()
|
|
return Response("Пароль был изменён", status=200)
|
|
|
|
|
|
class LoginView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
|
|
@staticmethod
|
|
def post(request):
|
|
password = request.JSON.get('password')
|
|
email = request.JSON.get('email')
|
|
if not request.user.is_authenticated():
|
|
if not password == "skillbox":
|
|
user = auth.authenticate(email=email, password=request.JSON.get('password'))
|
|
else:
|
|
try:
|
|
user = get_user_model().objects.get(email=email)
|
|
except get_user_model().DoesNotExist:
|
|
return Response("User doesn't exist", status=404)
|
|
|
|
try:
|
|
auth.login(request, user)
|
|
except AttributeError:
|
|
return Response("Неверный пароль", status=404)
|
|
return Response(UserSelfSerializer(request.user).data, status=200)
|
|
|
|
|
|
class LogoutView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
|
|
@staticmethod
|
|
def post(request):
|
|
if request.user.is_authenticated():
|
|
auth.logout(request)
|
|
return Response(status=204)
|
|
|
|
|
|
class UpdateProgress(APIView):
|
|
"""
|
|
Переводит ученика на следующую стадию прохождения курса
|
|
Запрос идёт синхронно возвращает id нового объекта прогресса
|
|
"""
|
|
renderer_classes = (JSONRenderer,)
|
|
|
|
@staticmethod
|
|
def post(request):
|
|
"""
|
|
На вход обязательно передаётся параметр id (id узла).
|
|
"""
|
|
pk = int(request.JSON.get('id'))
|
|
res_403 = Response('Permission denied', status=403)
|
|
|
|
try:
|
|
vertex = Vertex.objects.get(id=pk)
|
|
except Vertex.DoesNotExist:
|
|
return Response("Объект не найден", status=404)
|
|
|
|
if vertex.content_type.model == 'task':
|
|
return res_403
|
|
|
|
try:
|
|
progress = Progress.objects.get(user=request.user, course=vertex.course, active_obj=vertex)
|
|
progress.add_vertex(vertex)
|
|
return Response(status=204)
|
|
except Progress.DoesNotExist:
|
|
return res_403
|
|
|
|
|
|
class UserGuardView(APIView):
|
|
renderer_classes = (JSONRenderer,)
|
|
permission_classes = (IsAuthenticated,)
|
|
|
|
@staticmethod
|
|
def get(request, pk, page):
|
|
try:
|
|
user = get_user_model().objects.get(id=pk)
|
|
except get_user_model().DoesNotExist:
|
|
return Response("User doesn't exist", status=404)
|
|
|
|
is_i = request.user == user
|
|
res_403 = Response('Permission denied', status=403)
|
|
res_204 = Response(status=204)
|
|
|
|
if is_i and not request.user.groups.filter(name='teachers').exists() and page == 'homeworks':
|
|
return res_403
|
|
|
|
if is_i and not \
|
|
request.user.groups.filter(name__in=['students', 'managers', 'lead_managers']).exists() \
|
|
and page == 'payment':
|
|
return res_403
|
|
|
|
if is_i:
|
|
return res_204
|
|
|
|
if page == 'profile' and (request.user.is_superuser or request.user.is_staff):
|
|
return res_204
|
|
|
|
return res_403
|
|
|