mitri4
/
skill-back
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
292 Commits
5 Branches
0 Tags
165 MiB
 
 
 
 
 
 
Tag: Branch: Tree: c18b5d556f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c18b5d556f'
${ noResults }
skill-back/access/views.py

268 lines
9.3 KiB
Raw Blame History

from django.contrib.auth import get_user_model
from django.contrib import auth
from django.shortcuts import redirect
from rest_framework.permissions import IsAuthenticated
from rest_framework.views import APIView
from rest_framework.renderers import JSONRenderer
from rest_framework.response import Response
from django.db.models import Q
from access.models import Invite, Progress, ExtraPrivilege
from access.serializers import UserInitSerializer, UserSearchSerializer, UserProfileSerializer
from courses.models import Vertex
from journals.models import Thread
class TeacherListView(APIView):
renderer_classes = (JSONRenderer,)
status_code = 200
def get(self, request):
return Response([i.email for i in get_user_model().objects.filter(groups__name='teachers')], self.status_code)
class CheckUserView(APIView):
renderer_classes = (JSONRenderer,)
status_code = 200
def get(self, request):
if request.user.is_authenticated() and (request.user.is_staff or request.user.is_superuser):
return Response(True, status=self.status_code)
return Response(False, status=self.status_code)
class InfoUserView(APIView):
renderer_classes = (JSONRenderer,)
status_code = 200
def get(self, request):
if request.user.is_authenticated():
return Response(UserInitSerializer(request.user).data, status=self.status_code)
return Response('anonymous', status=self.status_code)
class FindUserView(APIView):
renderer_classes = (JSONRenderer,)
status_code = 200
def get(self, request):
if request.user.is_authenticated() and \
(request.user.is_superuser
or 'managers' in request.user.groups.all() or 'lead_managers' in request.user.groups.all()):
key = request.GET.get('key', None)
count = int(request.GET.get('count', '10'))
if key:
res = get_user_model().objects.filter(
Q(id__contains=key) | Q(email__contains=key.lower()) | Q(first_name__contains=key) |
Q(last_name__contains=key) | Q(account__phone__contains=key), groups__name='students'
)
else:
res = get_user_model().objects.all()
res = res[:(count if len(res) > count else len(res))]
return Response(
[UserSearchSerializer(i).data for i in res],
status=self.status_code
)
return Response('Permission denied', status=403)
class DetailUserView(APIView):
renderer_classes = (JSONRenderer,)
permission_classes = (IsAuthenticated,)
@staticmethod
def get(request, pk):
if request.user.is_superuser or request.user.is_staff or request.user.id == pk:
try:
user = get_user_model().objects.get(id=pk)
except get_user_model().DoesNotExist:
return Response("User doesn't exist", status=404)
serialized_user = UserProfileSerializer(user).data
serialized_user['is_i'] = request.user == user
return Response(serialized_user, status=200)
return Response('Permission denied', status=403)
class RegistrationView(APIView):
renderer_classes = (JSONRenderer,)
@staticmethod
def get(request):
try:
invite = Invite.objects.get(hash=request.GET['hash'])
invite.owner.is_active = True
invite.owner.save()
auth.login(request, invite.owner)
invite.delete()
return redirect('/')
except Invite.DoesNotExist:
return Response('Приглошения не существует возможно оно сгорело', status=404)
@staticmethod
def post(request):
try:
get_user_model().objects.get(email=request.JSON['email'].lower())
return Response('user already exist', status=403)
except get_user_model().DoesNotExist:
password = request.JSON.get('password')
if password:
user = get_user_model().objects.create_student(
email=request.JSON['email'].lower(),
password=request.JSON['password']
)
else:
user = get_user_model().objects.create_student(
email=request.JSON['email'].lower(),
)
return Response(UserInitSerializer(user).data, status=200)
class ChangePasswordView(APIView):
renderer_classes = (JSONRenderer,)
@staticmethod
def post(request):
if request.user.is_authenticated() and not request.user.check_password(request.JSON['old_password']):
return Response("Неверный пароль", status=404)
request.user.set_password(request.JSON['new_password'])
request.user.save()
return Response("Пароль был изменён", status=200)
class LoginView(APIView):
renderer_classes = (JSONRenderer,)
@staticmethod
def post(request):
if not request.user.is_authenticated():
user = auth.authenticate(email=request.JSON.get('email'), password=request.JSON.get('password'))
try:
auth.login(request, user)
except AttributeError:
return Response("Неверный пароль", status=404)
return Response(UserInitSerializer(request.user).data, status=200)
class LogoutView(APIView):
renderer_classes = (JSONRenderer,)
@staticmethod
def post(request):
if request.user.is_authenticated():
auth.logout(request)
return Response(status=204)
class UpdateProgress(APIView):
"""
Переводит ученика на следующую стадию прохождения курса
Запрос идёт синхронно возвращает id нового объекта прогресса
"""
renderer_classes = (JSONRenderer,)
@staticmethod
def post(request):
"""
На вход обязательно передаётся параметр id (id узла).
"""
pk = int(request.JSON.get('id'))
res_403 = Response('Permission denied', status=403)
try:
vertex = Vertex.objects.get(id=pk)
except Vertex.DoesNotExist:
return Response("Объект не найден", status=404)
if vertex.content_type.model == 'task':
return res_403
try:
next_vertex = vertex.get_next(['task', 'tutorial'])
except ValueError:
next_vertex = None
try:
progress = Progress.objects.get(user=request.user, course=vertex.course, active_obj=vertex)
progress.active_obj = next_vertex
if not next_vertex:
progress.success = True
if next_vertex.content_type.model == 'task':
"""
создание тредов для приёма домашки
"""
thread, is_create = Thread.objects.get_or_create(
key="""user_%s__user_%s""" % (vertex.course.get_teacher().id, request.user.id,),
text="""Приватный диалог %s и %s""" % (vertex.course.get_teacher().email, request.user.email,),
is_recurse=True,
)
if is_create:
thread.subscribers.add(request.user)
thread.subscribers.add(vertex.course.get_teacher())
child_thread = Thread.objects.create(
key="""user_%s__vertex_%s""" % (request.id, vertex.id,),
text="""Домашняя работа по курсу %s и теме %s для студента %s""" %
(vertex.course.title, vertex.vertex_set.all()[0].title, request.user.get_full_name()),
)
child_thread.parent.add(thread)
progress.save()
return Response({'id': progress.active_obj.id, 'type': progress.active_obj.content_type.model}, status=200)
except Progress.DoesNotExist:
pass
try:
privilege = ExtraPrivilege.objects.get(user=request.user, subject=vertex)
privilege.is_done = True
privilege.save()
return Response({'id': next_vertex.id, 'type': next_vertex.content_type.model}, status=200)
except ExtraPrivilege.DoesNotExist:
return res_403
class UserGuardView(APIView):
renderer_classes = (JSONRenderer,)
permission_classes = (IsAuthenticated,)
@staticmethod
def get(request, pk, page):
try:
user = get_user_model().objects.get(id=pk)
except get_user_model().DoesNotExist:
return Response("User doesn't exist", status=404)
is_i = request.user == user
res_403 = Response('Permission denied', status=403)
res_204 = Response(status=204)
if is_i and not request.user.groups.filter(name='teachers').exists() and page == 'homeworks':
return res_403
if is_i and not \
request.user.groups.filter(name__in=['students', 'managers', 'lead_managers']).exists() \
and page == 'payment':
return res_403
if is_i:
return res_204
if page == 'profile' and (request.user.is_superuser or request.user.is_staff):
return res_204
return res_403