From eb7f687ec7684b3f4ed87456fa2178c67ae8fe91 Mon Sep 17 00:00:00 2001
From: Flavio Tarsetti <flavio.tarsetti@idiap.ch>
Date: Wed, 14 Jun 2017 14:16:42 +0200
Subject: [PATCH] [accounts] added api/serializers/permission for godfather
list view (GET list)
---
beat/web/accounts/api.py | 98 ++++++++++++++++++++++++++++
beat/web/accounts/api_urls.py | 37 +++++++++++
beat/web/accounts/models.py | 1 +
beat/web/accounts/permissions.py | 41 ++++++++++++
beat/web/accounts/serializers.py | 106 +++++++++++++++++++++++++++++++
beat/web/urls.py | 4 ++
6 files changed, 287 insertions(+)
create mode 100644 beat/web/accounts/api.py
create mode 100644 beat/web/accounts/api_urls.py
create mode 100644 beat/web/accounts/permissions.py
create mode 100644 beat/web/accounts/serializers.py
diff --git a/beat/web/accounts/api.py b/beat/web/accounts/api.py
new file mode 100644
index 000000000..155cf704e
--- /dev/null
+++ b/beat/web/accounts/api.py
@@ -0,0 +1,98 @@
+#!/usr/bin/env python
+# vim: set fileencoding=utf-8 :
+
+###############################################################################
+# #
+# Copyright (c) 2016 Idiap Research Institute, http://www.idiap.ch/ #
+# Contact: beat.support@idiap.ch #
+# #
+# This file is part of the beat.web module of the BEAT platform. #
+# #
+# Commercial License Usage #
+# Licensees holding valid commercial BEAT licenses may use this file in #
+# accordance with the terms contained in a written agreement between you #
+# and Idiap. For further information contact tto@idiap.ch #
+# #
+# Alternatively, this file may be used under the terms of the GNU Affero #
+# Public License version 3 as published by the Free Software and appearing #
+# in the file LICENSE.AGPL included in the packaging of this file. #
+# The BEAT platform is distributed in the hope that it will be useful, but #
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY #
+# or FITNESS FOR A PARTICULAR PURPOSE. #
+# #
+# You should have received a copy of the GNU Affero Public License along #
+# with the BEAT platform. If not, see http://www.gnu.org/licenses/. #
+# #
+###############################################################################
+
+from django.conf import settings
+from django.contrib.auth.models import User
+from django.shortcuts import get_object_or_404
+from django.http import Http404
+from django.db import models
+from django.db.models import Q
+from django.core.urlresolvers import reverse
+
+from rest_framework import generics
+from rest_framework import views
+from rest_framework import permissions
+from rest_framework.response import Response
+from rest_framework import status
+
+from .serializers import FullSupervisionTrackSerializer
+
+from ..common.utils import validate_restructuredtext
+from ..ui.templatetags.markup import restructuredtext
+
+from .responses import ReadOnlyResponse
+
+from .models import SupervisionTrack, Profile
+from ..common.models import Shareable
+from ..common.exceptions import ShareError
+from ..common.mixins import CommonContextMixin
+
+from itertools import chain
+from datetime import datetime, timedelta
+
+
+from .permissions import IsGodfatherAndAuthor
+
+from ..common.responses import BadRequestResponse, ForbiddenResponse
+
+import re
+
+import simplejson as json
+
+
+#----------------------------------------------------------
+
+
+class GodfatherListView(generics.ListAPIView):
+ model = SupervisionTrack
+ serializer_class = FullSupervisionTrackSerializer
+
+ def get_permissions(self):
+ permission_classes = [permissions.IsAuthenticated, IsGodfatherAndAuthor]
+
+ self.permission_classes = permission_classes
+
+ return super(GodfatherListView, self).get_permissions()
+
+
+ def get_serializer(self, *args, **kwargs):
+
+ return super(GodfatherListView, self).get_serializer(*args, **kwargs)
+
+
+ def list(self, request):
+ #A godfather can validate an account of:
+ #1) a new user requesting validation
+ #2) an existing validated user rejected by a previous supervisor
+ #On both cases check the current key in supervisee profile match the supervisiontrack key as this is the current supervision request/track from the supervisee
+ queryset = SupervisionTrack.objects.filter(godfather=request.user).filter(Q(supervisee__profile__status=Profile.WAITINGVALIDATION)|Q(supervisee__profile__status=Profile.REJECTED)).filter(Q(supervisee__profile__supervision_key=models.F('supervision_key')))
+ serializer = FullSupervisionTrackSerializer(queryset, many=True, context ={'request': request})
+
+ return Response(serializer.data)
+
+
+#----------------------------------------------------------
diff --git a/beat/web/accounts/api_urls.py b/beat/web/accounts/api_urls.py
new file mode 100644
index 000000000..554de2e85
--- /dev/null
+++ b/beat/web/accounts/api_urls.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+# vim: set fileencoding=utf-8 :
+
+###############################################################################
+# #
+# Copyright (c) 2016 Idiap Research Institute, http://www.idiap.ch/ #
+# Contact: beat.support@idiap.ch #
+# #
+# This file is part of the beat.web module of the BEAT platform. #
+# #
+# Commercial License Usage #
+# Licensees holding valid commercial BEAT licenses may use this file in #
+# accordance with the terms contained in a written agreement between you #
+# and Idiap. For further information contact tto@idiap.ch #
+# #
+# Alternatively, this file may be used under the terms of the GNU Affero #
+# Public License version 3 as published by the Free Software and appearing #
+# in the file LICENSE.AGPL included in the packaging of this file. #
+# The BEAT platform is distributed in the hope that it will be useful, but #
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY #
+# or FITNESS FOR A PARTICULAR PURPOSE. #
+# #
+# You should have received a copy of the GNU Affero Public License along #
+# with the BEAT platform. If not, see http://www.gnu.org/licenses/. #
+# #
+###############################################################################
+
+from django.conf.urls import *
+from . import api
+
+urlpatterns = [
+ url(
+ r'^$',
+ api.GodfatherListView.as_view(),
+ name='list_supervisee'
+ ),
+]
diff --git a/beat/web/accounts/models.py b/beat/web/accounts/models.py
index 88cf26c31..8a3ddf0a5 100644
--- a/beat/web/accounts/models.py
+++ b/beat/web/accounts/models.py
@@ -45,6 +45,7 @@ class AccountSettings(models.Model):
database_notifications_enabled = models.BooleanField(default=True)
environment_notifications_enabled = models.BooleanField(default=True)
+
class SupervisionTrack(models.Model):
#_____ Fields __________
diff --git a/beat/web/accounts/permissions.py b/beat/web/accounts/permissions.py
new file mode 100644
index 000000000..146b16f1d
--- /dev/null
+++ b/beat/web/accounts/permissions.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+# vim: set fileencoding=utf-8 :
+
+###############################################################################
+# #
+# Copyright (c) 2016 Idiap Research Institute, http://www.idiap.ch/ #
+# Contact: beat.support@idiap.ch #
+# #
+# This file is part of the beat.web module of the BEAT platform. #
+# #
+# Commercial License Usage #
+# Licensees holding valid commercial BEAT licenses may use this file in #
+# accordance with the terms contained in a written agreement between you #
+# and Idiap. For further information contact tto@idiap.ch #
+# #
+# Alternatively, this file may be used under the terms of the GNU Affero #
+# Public License version 3 as published by the Free Software and appearing #
+# in the file LICENSE.AGPL included in the packaging of this file. #
+# The BEAT platform is distributed in the hope that it will be useful, but #
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY #
+# or FITNESS FOR A PARTICULAR PURPOSE. #
+# #
+# You should have received a copy of the GNU Affero Public License along #
+# with the BEAT platform. If not, see http://www.gnu.org/licenses/. #
+# #
+###############################################################################
+
+from rest_framework import permissions
+
+
+#----------------------------------------------------------
+
+
+class IsGodfatherAndAuthor(permissions.BasePermission):
+ """
+ The logged in user should also be the author
+ """
+ message = 'Not a supervisor account'
+
+ def has_permission(self, request, view):
+ return request.user.profile.is_godfather
diff --git a/beat/web/accounts/serializers.py b/beat/web/accounts/serializers.py
new file mode 100644
index 000000000..f871480a3
--- /dev/null
+++ b/beat/web/accounts/serializers.py
@@ -0,0 +1,106 @@
+#!/usr/bin/env python
+# vim: set fileencoding=utf-8 :
+
+###############################################################################
+# #
+# Copyright (c) 2016 Idiap Research Institute, http://www.idiap.ch/ #
+# Contact: beat.support@idiap.ch #
+# #
+# This file is part of the beat.web module of the BEAT platform. #
+# #
+# Commercial License Usage #
+# Licensees holding valid commercial BEAT licenses may use this file in #
+# accordance with the terms contained in a written agreement between you #
+# and Idiap. For further information contact tto@idiap.ch #
+# #
+# Alternatively, this file may be used under the terms of the GNU Affero #
+# Public License version 3 as published by the Free Software and appearing #
+# in the file LICENSE.AGPL included in the packaging of this file. #
+# The BEAT platform is distributed in the hope that it will be useful, but #
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY #
+# or FITNESS FOR A PARTICULAR PURPOSE. #
+# #
+# You should have received a copy of the GNU Affero Public License along #
+# with the BEAT platform. If not, see http://www.gnu.org/licenses/. #
+# #
+###############################################################################
+
+from django.contrib.auth.models import User, AnonymousUser
+
+from rest_framework import serializers
+
+from .models import Profile, SupervisionTrack
+from ..common.models import Contribution
+from ..common.fields import JSONSerializerField
+from ..ui.templatetags.markup import restructuredtext
+from ..common.utils import validate_restructuredtext
+
+import simplejson as json
+
+
+#----------------------------------------------------------
+
+
+class UserSerializer(serializers.ModelSerializer):
+ username = serializers.SerializerMethodField()
+ email = serializers.SerializerMethodField()
+
+ class Meta:
+ model = User
+ fields = ['username', 'email']
+
+ def get_username(self, obj):
+ return obj.username
+
+ def get_email(self, obj):
+ return obj.email
+
+
+#----------------------------------------------------------
+
+
+class BasicSupervisionTrackSerializer(serializers.ModelSerializer):
+ supervisee = UserSerializer()
+ godfather = UserSerializer()
+ is_valid = serializers.SerializerMethodField()
+ start_date = serializers.SerializerMethodField()
+ expiration_date = serializers.SerializerMethodField()
+ last_validation_date = serializers.SerializerMethodField()
+ supervision_key = serializers.SerializerMethodField()
+
+ class Meta:
+ model = SupervisionTrack
+ fields = ['status', 'is_valid']
+
+ #def get_supervisee(self, obj):
+ # return obj.supervisee
+
+ #def get_godfather(self, obj):
+ # return obj.godfather
+
+ def get_is_valid(self, obj):
+ return obj.is_valid
+
+ def get_start_date(self, obj):
+ return obj.expiration_date
+
+ def get_expiration_date(self, obj):
+ return obj.expiration_date
+
+ def get_last_validation_date(self, obj):
+ return obj.last_validation_date
+
+ def get_supervision_key(self, obj):
+ return obj.supervision_key
+
+
+#----------------------------------------------------------
+
+
+class FullSupervisionTrackSerializer(BasicSupervisionTrackSerializer):
+
+ class Meta(BasicSupervisionTrackSerializer.Meta):
+ fields = ['supervisee', 'godfather', 'is_valid', 'start_date', 'expiration_date','last_validation_date', 'supervision_key']
+
+
+#----------------------------------------------------------
diff --git a/beat/web/urls.py b/beat/web/urls.py
index b0b91118c..081492e4b 100644
--- a/beat/web/urls.py
+++ b/beat/web/urls.py
@@ -164,6 +164,10 @@ unprefixed_patterns += [
include('beat.web.reports.api_urls', namespace='api_reports'),
),
+ url(r'^api/v1/accounts/',
+ include('beat.web.accounts.api_urls', namespace='api_accounts'),
+ ),
+
]
--
GitLab