diff --git a/placementApp/models.py b/placementApp/models.py index 04b0bd2..94368f5 100644 --- a/placementApp/models.py +++ b/placementApp/models.py @@ -57,6 +57,10 @@ def __str__(self): objects = MyAccountManager() + def save(self, *args, **kwargs): + self.username = self.email + super(User, self).save(*args, **kwargs) + def __str__(self): return self.email @@ -68,6 +72,15 @@ def has_perm(self, perm, obj=None): def has_module_perms(self, app_label): return True + def is_student(self): + return self.role == "STUDENT" + + def is_co(self): + return self.role == "CO" + + def is_tpo(self): + return self.role == "TPO" + class Student(User): sap_regex = RegexValidator( @@ -81,7 +94,7 @@ class Student(User): default=None, unique=True, ) - + department = models.CharField(max_length=5, blank=False, choices=DEPARTMENT_CHOICES) year = models.CharField(max_length=2, blank=False, choices=YEAR_CHOICES) Stud_req = ["department", "year", "sap_ID"] @@ -97,24 +110,6 @@ class Coordinator(User): ) -@receiver(post_save, sender=settings.AUTH_USER_MODEL) -def create_auth_token(sender, instance=None, created=False, **kwargs): - if created: - Token.objects.create(user=instance) - - -@receiver(post_save, sender=Coordinator) -def create_auth_token(sender, instance=None, created=False, **kwargs): - if created: - Token.objects.create(user=instance) - - -@receiver(post_save, sender=Student) -def create_auth_token(sender, instance=None, created=False, **kwargs): - if created: - Token.objects.create(user=instance) - - class Company(models.Model): name = models.CharField(max_length=128) category = models.CharField(max_length=1, choices=CATEGORY_CHOICES) @@ -154,4 +149,3 @@ def __str__(self): return ( self.student.f_name + " " + self.student.l_name + ", " + self.position.title ) - diff --git a/placementApp/permissions.py b/placementApp/permissions.py index e69de29..b6e893c 100644 --- a/placementApp/permissions.py +++ b/placementApp/permissions.py @@ -0,0 +1,41 @@ +from rest_framework.permissions import BasePermission, SAFE_METHODS + +# from customer.models import User + + +class IsTPOOrOwner(BasePermission): + message = "You do not have the permission to perform this action." + + def has_permission(self, request, view): + if request.user.is_student() and view.action == "list": + return False + return request.user.is_authenticated + + def has_object_permission(self, request, view, obj): + return request.user.id == obj.id or request.user.is_tpo() + + +class IsTPOOrReadOnly(BasePermission): + message = "You do not have the permission to perform this action." + + def has_permission(self, request, view): + if view.action == "create": + return request.user.is_tpo() + return request.user.is_authenticated + + def has_object_permission(self, request, view, obj): + if view.action == "retrieve": + return True + return request.user.is_tpo() + + +class IsStaff(BasePermission): + message = "You do not have the permission to perform this action." + + def has_permission(self, request, view): + return request.user.is_authenticated and ( + request.user.is_co() or request.user.is_tpo() + ) + + def has_object_permission(self, request, view, obj): + return True diff --git a/placementApp/serializers.py b/placementApp/serializers.py index 93fd775..84045cd 100644 --- a/placementApp/serializers.py +++ b/placementApp/serializers.py @@ -42,7 +42,6 @@ class Meta: ) - class CoordinatorSignupSerializer(serializers.ModelSerializer): password = serializers.CharField( write_only=True, required=True, style={"input_type": "password"}, @@ -61,19 +60,24 @@ class Meta: "password2", ) + class CompanySerializer(serializers.ModelSerializer): class Meta: model = Company fields = "__all__" + class PositionReadSerializer(serializers.ModelSerializer): company = CompanySerializer() + class Meta: model = Position fields = "__all__" + class PositionWriteSerializer(serializers.ModelSerializer): company = serializers.PrimaryKeyRelatedField(queryset=Company.objects.all()) + class Meta: model = Position fields = "__all__" diff --git a/placementApp/urls.py b/placementApp/urls.py index 3c1ed2b..1e6db84 100644 --- a/placementApp/urls.py +++ b/placementApp/urls.py @@ -3,7 +3,7 @@ from . import views router = routers.DefaultRouter() -router.register("students", views.StudentViewSet) +router.register("students", views.StudentViewSet, basename="Students") router.register("applications", views.ApplicationViewSet) router.register("positions", views.PositionViewSet) router.register("company", views.CompanyViewSet) diff --git a/placementApp/views.py b/placementApp/views.py index 5a90caa..bb75dec 100644 --- a/placementApp/views.py +++ b/placementApp/views.py @@ -1,12 +1,20 @@ -from django.shortcuts import HttpResponse from .models import Student, Position, Company, Application -from .serializers import StudentSerializer, PositionReadSerializer, PositionWriteSerializer, CompanySerializer +from .serializers import ( + StudentSerializer, + PositionReadSerializer, + PositionWriteSerializer, + CompanySerializer, +) from .serializers import * +from .utils import generate_xls, get_curent_year +from .permissions import IsTPOOrOwner, IsTPOOrReadOnly, IsStaff from django.contrib.auth import get_user_model from django.contrib.auth.hashers import make_password +from django.http import JsonResponse +from django.shortcuts import HttpResponse +from rest_framework.decorators import api_view, permission_classes from rest_framework import viewsets, permissions, status, mixins, generics from rest_framework.response import Response -from .utils import generate_xls, get_curent_year class StudentSignUpView(generics.CreateAPIView): @@ -31,15 +39,15 @@ def create(self, request, *args, **kwargs): {"error": "Could not create Student"}, status=status.HTTP_400_BAD_REQUEST ) + class StudentViewSet( mixins.RetrieveModelMixin, mixins.ListModelMixin, viewsets.GenericViewSet, ): - permission_classes = (permissions.IsAuthenticatedOrReadOnly,) + permission_classes = (IsTPOOrOwner,) queryset = Student.objects.all() serializer_class = StudentSerializer - class UpdateStudentViewSet(generics.RetrieveUpdateDestroyAPIView): lookup_field = "id" permission_classes = ( @@ -50,6 +58,7 @@ class UpdateStudentViewSet(generics.RetrieveUpdateDestroyAPIView): ) # Requires current user instance for further progress serializer_class = StudentSerializer + class CoordinatorSignUpView(generics.CreateAPIView): permission_classes = (permissions.AllowAny,) queryset = Coordinator.objects.all() @@ -73,6 +82,7 @@ def create(self, request, *args, **kwargs): status=status.HTTP_400_BAD_REQUEST, ) + class ApplicationViewSet( mixins.CreateModelMixin, mixins.RetrieveModelMixin, @@ -88,22 +98,25 @@ def perform_create(self, serializer): class PositionViewSet(viewsets.ModelViewSet): - permission_classes = (permissions.IsAuthenticatedOrReadOnly,) + permission_classes = (IsTPOOrReadOnly,) queryset = Position.objects.all() + def get_serializer_class(self): - if self.action in ['list', 'retrieve']: + if self.action in ["list", "retrieve"]: return PositionReadSerializer - print("here") return PositionWriteSerializer + class CompanyViewSet(viewsets.ModelViewSet): - permission_classes = (permissions.IsAuthenticatedOrReadOnly,) + permission_classes = (IsTPOOrReadOnly,) queryset = Company.objects.all() serializer_class = CompanySerializer - - +@api_view( + ["GET",] +) +@permission_classes((IsStaff,)) def get_xls(request, company_id): company = Company.objects.get(id=company_id) @@ -115,5 +128,4 @@ def get_xls(request, company_id): wb = generate_xls(company) wb.save(response) - return response