Merge pull request #3 from djunicode/master

Update changes made in Upstream Repository

placementApp/models.py

@@ -57,6 +57,10 @@ def __str__(self):
 
     objects = MyAccountManager()
 
+    def save(self, *args, **kwargs):
+        self.username = self.email
+        super(User, self).save(*args, **kwargs)
+
     def __str__(self):
         return self.email
 
@@ -68,6 +72,15 @@ def has_perm(self, perm, obj=None):
     def has_module_perms(self, app_label):
         return True
 
+    def is_student(self):
+        return self.role == "STUDENT"
+
+    def is_co(self):
+        return self.role == "CO"
+
+    def is_tpo(self):
+        return self.role == "TPO"
+
 
 class Student(User):
     sap_regex = RegexValidator(
@@ -81,7 +94,7 @@ class Student(User):
         default=None,
         unique=True,
     )
-    
+
     department = models.CharField(max_length=5, blank=False, choices=DEPARTMENT_CHOICES)
     year = models.CharField(max_length=2, blank=False, choices=YEAR_CHOICES)
     Stud_req = ["department", "year", "sap_ID"]
@@ -97,24 +110,6 @@ class Coordinator(User):
     )
 
 
-@receiver(post_save, sender=settings.AUTH_USER_MODEL)
-def create_auth_token(sender, instance=None, created=False, **kwargs):
-    if created:
-        Token.objects.create(user=instance)
-
-
-@receiver(post_save, sender=Coordinator)
-def create_auth_token(sender, instance=None, created=False, **kwargs):
-    if created:
-        Token.objects.create(user=instance)
-
-
-@receiver(post_save, sender=Student)
-def create_auth_token(sender, instance=None, created=False, **kwargs):
-    if created:
-        Token.objects.create(user=instance)
-
-
 class Company(models.Model):
     name = models.CharField(max_length=128)
     category = models.CharField(max_length=1, choices=CATEGORY_CHOICES)
@@ -154,4 +149,3 @@ def __str__(self):
         return (
             self.student.f_name + " " + self.student.l_name + ", " + self.position.title
         )
-

placementApp/permissions.py

@@ -0,0 +1,41 @@
+from rest_framework.permissions import BasePermission, SAFE_METHODS
+
+# from customer.models import User
+
+
+class IsTPOOrOwner(BasePermission):
+    message = "You do not have the permission to perform this action."
+
+    def has_permission(self, request, view):
+        if request.user.is_student() and view.action == "list":
+            return False
+        return request.user.is_authenticated
+
+    def has_object_permission(self, request, view, obj):
+        return request.user.id == obj.id or request.user.is_tpo()
+
+
+class IsTPOOrReadOnly(BasePermission):
+    message = "You do not have the permission to perform this action."
+
+    def has_permission(self, request, view):
+        if view.action == "create":
+            return request.user.is_tpo()
+        return request.user.is_authenticated
+
+    def has_object_permission(self, request, view, obj):
+        if view.action == "retrieve":
+            return True
+        return request.user.is_tpo()
+
+
+class IsStaff(BasePermission):
+    message = "You do not have the permission to perform this action."
+
+    def has_permission(self, request, view):
+        return request.user.is_authenticated and (
+            request.user.is_co() or request.user.is_tpo()
+        )
+
+    def has_object_permission(self, request, view, obj):
+        return True

placementApp/serializers.py

@@ -42,7 +42,6 @@ class Meta:
         )
 
 
-
 class CoordinatorSignupSerializer(serializers.ModelSerializer):
     password = serializers.CharField(
         write_only=True, required=True, style={"input_type": "password"},
@@ -61,19 +60,24 @@ class Meta:
             "password2",
         )
 
+
 class CompanySerializer(serializers.ModelSerializer):
     class Meta:
         model = Company
         fields = "__all__"
 
+
 class PositionReadSerializer(serializers.ModelSerializer):
     company = CompanySerializer()
+
     class Meta:
         model = Position
         fields = "__all__"
 
+
 class PositionWriteSerializer(serializers.ModelSerializer):
     company = serializers.PrimaryKeyRelatedField(queryset=Company.objects.all())
+
     class Meta:
         model = Position
         fields = "__all__"

placementApp/urls.py

@@ -3,7 +3,7 @@
 from . import views
 
 router = routers.DefaultRouter()
-router.register("students", views.StudentViewSet)
+router.register("students", views.StudentViewSet, basename="Students")
 router.register("applications", views.ApplicationViewSet)
 router.register("positions", views.PositionViewSet)
 router.register("company", views.CompanyViewSet)

placementApp/views.py

@@ -1,12 +1,20 @@
-from django.shortcuts import HttpResponse
 from .models import Student, Position, Company, Application
-from .serializers import StudentSerializer, PositionReadSerializer, PositionWriteSerializer, CompanySerializer
+from .serializers import (
+    StudentSerializer,
+    PositionReadSerializer,
+    PositionWriteSerializer,
+    CompanySerializer,
+)
 from .serializers import *
+from .utils import generate_xls, get_curent_year
+from .permissions import IsTPOOrOwner, IsTPOOrReadOnly, IsStaff
 from django.contrib.auth import get_user_model
 from django.contrib.auth.hashers import make_password
+from django.http import JsonResponse
+from django.shortcuts import HttpResponse
+from rest_framework.decorators import api_view, permission_classes
 from rest_framework import viewsets, permissions, status, mixins, generics
 from rest_framework.response import Response
-from .utils import generate_xls, get_curent_year
 
 
 class StudentSignUpView(generics.CreateAPIView):
@@ -31,15 +39,15 @@ def create(self, request, *args, **kwargs):
             {"error": "Could not create Student"}, status=status.HTTP_400_BAD_REQUEST
         )
 
+
 class StudentViewSet(
     mixins.RetrieveModelMixin, mixins.ListModelMixin, viewsets.GenericViewSet,
 ):
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (IsTPOOrOwner,)
     queryset = Student.objects.all()
     serializer_class = StudentSerializer
 
 
-
 class UpdateStudentViewSet(generics.RetrieveUpdateDestroyAPIView):
     lookup_field = "id"
     permission_classes = (
@@ -50,6 +58,7 @@ class UpdateStudentViewSet(generics.RetrieveUpdateDestroyAPIView):
     )  # Requires current user instance for further progress
     serializer_class = StudentSerializer
 
+
 class CoordinatorSignUpView(generics.CreateAPIView):
     permission_classes = (permissions.AllowAny,)
     queryset = Coordinator.objects.all()
@@ -73,6 +82,7 @@ def create(self, request, *args, **kwargs):
             status=status.HTTP_400_BAD_REQUEST,
         )
 
+
 class ApplicationViewSet(
     mixins.CreateModelMixin,
     mixins.RetrieveModelMixin,
@@ -88,22 +98,25 @@ def perform_create(self, serializer):
 
 
 class PositionViewSet(viewsets.ModelViewSet):
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (IsTPOOrReadOnly,)
     queryset = Position.objects.all()
+
     def get_serializer_class(self):
-        if self.action in ['list', 'retrieve']:
+        if self.action in ["list", "retrieve"]:
             return PositionReadSerializer
-        print("here")
         return PositionWriteSerializer
 
+
 class CompanyViewSet(viewsets.ModelViewSet):
-    permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
+    permission_classes = (IsTPOOrReadOnly,)
     queryset = Company.objects.all()
     serializer_class = CompanySerializer
 
 
-
-
+@api_view(
+    ["GET",]
+)
+@permission_classes((IsStaff,))
 def get_xls(request, company_id):
     company = Company.objects.get(id=company_id)
 
@@ -115,5 +128,4 @@ def get_xls(request, company_id):
 
     wb = generate_xls(company)
     wb.save(response)
-
     return response