class InvitationList(generics.ListCreateAPIView):
queryset = Invitation.objects.all()
serializer_class = InvitationSerializer
permission_classes = (Or(permissions.IsAdminUser,
And(IsHostOfPartyWithParam, Not(IsGetRequest))), )
# this is a hook, called when creating an instance
# we need to override this method as we are writing to a ReadOnlyField
# this is easier than overriding the entire post method
def perform_create(self, serializer):
invitee_facebook_id = self.request.data.get('invitee_facebook_id')
if invitee_facebook_id is None:
raise ValidationError("'invitee_facebook_id' was not provided.")
invitee = lookup_user_with_facebook_id(invitee_facebook_id)
party_id = self.request.data.get('party_id')
party = Party.objects.get(pk=party_id)
"""
Not the best solution... but to avoid internal server error when unique_together on Invitation model fails
"""
potential_conflict = Invitation.objects.filter(invitee=invitee,
party=party)
if len(potential_conflict) > 0:
raise ValidationError("The invitee, party pair exists already.")
serializer.save(invitee=invitee, party=party)
class GrantRequestToJoinParty(generics.CreateAPIView):
queryset = Invitation.objects.all()
serializer_class = InvitationSerializer
permission_classes = (Or(permissions.IsAdminUser,
IsHostOfPartyWithParam), )
def perform_create(self, serializer):
invitee_facebook_id = self.request.data.get('invitee_facebook_id')
if invitee_facebook_id is None:
raise ValidationError("'invitee_facebook_id' was not provided.")
invitee = lookup_user_with_facebook_id(invitee_facebook_id)
party_id = self.request.data.get('party_id')
party = Party.objects.get(pk=party_id)
"""
Not the best solution... but to avoid internal server error when unique_together on Invitation model fails
"""
potential_conflict = Invitation.objects.filter(invitee=invitee,
party=party)
if len(potential_conflict) > 0:
raise ValidationError("The invitee, party pair exists already.")
if invitee not in party.requesters.all():
raise ValidationError("There was no request by this user.")
party.requesters.remove(invitee)
serializer.save(invitee=invitee, party=party)
class AddBouncer(generics.UpdateAPIView):
queryset = Party.objects.all()
serializer_class = PartyManagerSerializer
permission_classes = (Or(IsAdmin, IsHostOfPartyObject), )
def put(self, request, *args, **kwargs):
try:
party = Party.objects.get(pk=kwargs['pk'])
except Party.DoesNotExist:
raise ValidationError("The party does not exist.")
self.check_object_permissions(request, party)
bouncer_facebook_id = request.data.get('bouncer_facebook_id')
if bouncer_facebook_id is None:
raise ValidationError("'bouncer_facebook_id' was not provided.")
bouncer = lookup_user_with_facebook_id(bouncer_facebook_id)
if bouncer not in party.invitees.all():
raise ValidationError(
"You must invite this user first before adding them as a bouncer."
)
invitation = Invitation.objects.get(party=party, invitee=bouncer)
if not invitation.has_rsvped:
raise ValidationError("This invitee has not RSVPed yet.")
invitation.delete()
party.bouncers.add(bouncer) # no need to call save
serializer = PartyManagerSerializer(
party) # this is serialization, NOT deserialization
return Response(serializer.data, status=status.HTTP_200_OK)
class ProjectProfileViewSet(BaseProjectApiViewSet):
serializer_class = ProjectProfileSerializer
queryset = ProjectProfile.objects.all()
permission_classes = [
Or(ProjectDataReadOnlyPermission,
ProjectProfileCollectorPermission,
ProjectDataAdminPermission)
]
filter_class = ProjectProfileFilterSet
def is_last_admin(self):
obj = self.get_object()
existing_project = obj.project
admin_profiles = ProjectProfile.objects.filter(project=existing_project,
role=ProjectProfile.ADMIN)
return admin_profiles.count() < 2 and obj.pk == admin_profiles[0].pk
def perform_update(self, serializer):
if self.is_last_admin():
raise ValidationError('You are the last admin of this project! Create another admin before you relinquish.')
serializer.save()
def perform_destroy(self, instance):
if self.is_last_admin():
raise ValidationError('You are the last admin of this project! Create another admin before you relinquish.')
instance.delete()
class ReviewViewSet(viewsets.ModelViewSet):
queryset = Review.objects.all()
serializer_class = ReviewSerializer
permission_classes = [
Or(AllUserRead, AdminUserWrite, OwnerUpdateReply, UserCreate)
]
def get_queryset(self):
owner_id = self.request.query_params.get('owner_id')
is_pending = self.request.query_params.get('is_pending')
reviews = self.queryset
if owner_id is not None:
res_list = owner_restaurants = Restaurant.objects.filter(
owner_id=owner_id).values_list('id')
reviews = reviews.filter(restaurant_id__in=res_list)
if is_pending:
reviews = reviews.filter(reply__exact='')
return reviews
@action(detail=True, methods=['put'])
def reply(self, request, pk):
review = self.get_object()
reply = self.request.data.get('reply')
review.reply = reply
review.save()
return Response("Success")
class AlbumDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Album.objects.all()
serializer_class = AlbumSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
class InvitationToPartyList(generics.ListAPIView):
serializer_class = InvitationSerializer
permission_classes = (Or(permissions.IsAdminUser, IsHostOrBouncer), )
def get_queryset(self):
party_id = self.kwargs['party_id']
return Invitation.objects.filter(party=party_id)
class AlbumList(generics.ListCreateAPIView):
queryset = Album.objects.all()
serializer_class = AlbumSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_class = AlbumFilter
class sequencesViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows to be view or edit sequences of panorama images.
get:
List sequences matching url parameters.
post:
Create a new sequence instance.
patch:
edit and update an existing sequence.
delete:
permanently delete an existing sequence.
"""
queryset = sequences.objects.all()
serializer_class = sequences_serializer
permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess), )
pagination_class = basePagination
filter_backends = (DjangoFilterBackend, )
filterset_fields = ('creator_key', )
def initial(self, request, *args, **kwargs):
if request.method == 'GET':
self.permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess),
) #Or(baseAPIPermission, HasAPIAccess),
else:
self.permission_classes = (IsAuthenticated, )
super(sequencesViewSet, self).initial(request, *args, **kwargs)
class MeetingViewSet(viewsets.ModelViewSet):
serializer_class = MeetingSerializer
queryset = Meeting.objects.all()
permission_classes = [
Or(
And(
IsSafeMethod,
IsPublic,
),
And(
IsSafeMethod,
Not(IsPrivate),
IsMeetingClient,
),
IsMeetingHost,
IsAdminUser,
)
]
def get_queryset(self):
user = self.request.user
if IsClient:
return Meeting.objects.filter(Q(private=False),
Q(public=True) | Q(clients=user.id))
elif IsHost:
return Meeting.objects.filter(Q(hosts=user.id) | Q(public=True))
elif IsSuperUser:
return Meeting.objects.all()
else:
return Meeting.objects.filter(public=True)
class image_object_typesViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows to be view or edit image objects.
get:
List image objects matching url parameters.
post:
Create a new image object instance.
patch:
edit and update an existing image object.
delete:
permanently delete an existing image object.
"""
queryset = image_object_types.objects.all()
serializer_class = image_object_types_serializer
permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess), )
def initial(self, request, *args, **kwargs):
if request.method == 'GET':
self.permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess),
) #Or(baseAPIPermission, HasAPIAccess),
else:
self.permission_classes = (IsAuthenticated, )
super(image_object_typesViewSet, self).initial(request, *args,
**kwargs)
class GroupMembers(generics.ListCreateAPIView):
serializer_class = MembershipSerializer
permission_classes = (Or(IsGroupMemberPermission,
IsGroupAdminPermission), )
def get_queryset(self):
group_id = self.kwargs['pk']
return Membership.objects.filter(group__id=group_id)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user_name = serializer.validated_data['person']
try:
serializer = self.perform_create(serializer)
except IntegrityError:
return Response(
{
"detail":
"User {} is already part of the group".format(user_name)
},
status=status.HTTP_204_NO_CONTENT)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def perform_create(self, serializer):
membership = Membership(**serializer.validated_data)
group_id = self.kwargs['pk']
membership.group = Group.objects.get(pk=group_id)
membership.save()
return MembershipSerializer(membership)
class BlogViewSet(viewsets.ModelViewSet):
""" ViewSet for viewing and editing Blog objects """
queryset = Blog.objects.all().order_by("-uploaded_time")
serializer_class = BlogSerializer
permission_classes = (Or(And(ApiTokenPermissions, IsListOrRetrieve),
IsAuthenticated), )
filter_backends = (filters.SearchFilter, )
search_fields = ('category', )
def initial(self, request, *args, **kwargs):
if request.method == 'GET':
self.permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess),
) #Or(baseAPIPermission, HasAPIAccess),
else:
self.permission_classes = (IsAuthenticated, )
super(sequencesViewSet, self).initial(request, *args, **kwargs)
class GroupViewSet(AutocompleteMixin,
AtomicMixin,
InstanceBasedMixin,
viewsets.ModelViewSet):
model = Group
queryset = Group.objects.all()
serializer_class = GroupSerializer
autocomplete_field = 'label'
permission_classes = (
Or(
AdminHasPermissions,
And(
IsApiKeyAccess,
Or(ApiKeyHasPermissions, HasCreateGroupPermission))
),
OwnerInGoodStanding,
)
class Withdraw(views.APIView):
permission_classes = [Or(IsAdmitted, IsConfirmed)]
def post(self, request):
hacker = request.user.profile.hacker
hacker.withdraw_from_event()
return views.Response({'message': 'Desistência completa', 'state': hacker.profile.state})
class HostedPartyList(generics.ListAPIView):
serializer_class = PartySummarySerializer
permission_classes = (Or(permissions.IsAdminUser,
IsSameUserWithURLParam), )
def get_queryset(self):
host_id = self.kwargs['user_id']
return Party.objects.filter(host=host_id)
class LoanDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Loan.objects.all()
serializer_class = LoanSerializer
authentication_classes = [SessionAuthentication]
permission_classes = [Or(IsAuthenticated, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
class UserList(generics.ListCreateAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
authentication_classes = [SessionAuthentication]
permission_classes = [Or(IsAuthenticated, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
class MusicList(generics.ListCreateAPIView):
queryset = Music.objects.all()
serializer_class = MusicSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
#Precisa dessa virgula e espaço
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
class UserViewSet(viewsets.ModelViewSet):
serializer_class = UserSerializer
queryset = BasicUser.objects.all()
permission_classes = [Or(
IsSafeMethod,
IsPOST,
IsAdminUser,
)]
class ClientProfileViewSet(viewsets.ModelViewSet):
serializer_class = ClientProfileSerializer
queryset = ClientProfile.objects.all()
permission_classes = [Or(
IsSafeMethod,
IsPOST,
IsAdminUser,
)]
class EventList(generics.ListCreateAPIView):
queryset = Event.objects.all()
serializer_class = EventSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend,)
filter_fields = ('event_type', 'level', 'quantity', 'colected_by', 'detail')
class MusicList(generics.ListCreateAPIView):
queryset = Music.objects.all()
serializer_class = MusicSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAuthenticated, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__' #indica quais campos podem ser passados como filtro
class CourseViewSet(viewsets.ModelViewSet):
queryset = Course.objects.all()
serializer_class = CourseSerializer
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (Or(permissions.IsAdminUser, WriteTokenOnly),)
parser_classes = (MultiPartParser, FormParser,)
filter_backends = (DjangoFilterBackend, SearchFilter)
filter_fields = ('name', 'teachers', )
class GroupsEndpointListView(ListAPIView):
permission_classes = [
Or(build_permission_class('dms.can_manage_users'), IsGetRequest)
]
def list(self, request, *args, **kwargs):
queryset = Group.objects()
data = [GroupSerializer(query).data for query in queryset]
return Response(data)
class ClockList(generics.ListAPIView):
queryset = Clock.objects.all()
serializer_class = ClockSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, OwnerFilterBackend,
DeletedFilterBackend)
filter_fields = '__all__'
class HelperView(
PermissionClassesMixin,
SidebarContextMixin,
HelperContextMixin,
UserContextMixin,
TemplateView):
template_name = 'helper/helper.html'
active_tab = 'helper'
permission_classes = [Or(IsMentor, CanSubmitTickets)]
class AppointmentRatingViewSet(GenericViewSet, mixins.ListModelMixin):
"""
List ratings for clinic admin and super admins
"""
queryset = AppointmentRating.objects.all().order_by('-id')
serializer_class = AppointmentRatingSerializer
permission_classes = (Or(IsSuperAdmin, IsClinicsAdmin), )
filter_backends = (AppointmentRatingUserFilter, )
pagination_class = ViewPagination
class BaseProjectApiViewSet(BaseApiViewSet):
project_lookup = None
permission_classes = [
Or(
ProjectDataReadOnlyPermission,
ProjectDataCollectorPermission,
ProjectDataAdminPermission,
)
]
def perform_update(self, serializer):
requested_project = uuid.UUID(check_uuid(self.request.data.get("project")))
existing_project = self.get_object().project.pk
if requested_project != existing_project:
raise ValidationError(
"Reassigning project data to another project not currently supported."
)
serializer.save()
def limit_to_project(self, request, *args, **kwargs):
model = self.get_queryset().model
if hasattr(model, "project_lookup") and model.project_lookup is not None:
project_filter = {model.project_lookup: check_uuid(kwargs["project_pk"])}
self.queryset = self.get_queryset().filter(**project_filter)
return self.queryset
def list(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).list(request, *args, **kwargs)
def retrieve(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).retrieve(request, *args, **kwargs)
def create(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).create(request, *args, **kwargs)
def update(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).update(request, *args, **kwargs)
def partial_update(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).partial_update(
request, *args, **kwargs
)
def destroy(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).destroy(request, *args, **kwargs)
@action(detail=False, methods=["POST"])
def missing(self, request, *args, **kwargs):
self.limit_to_project(request, *args, **kwargs)
return super(BaseProjectApiViewSet, self).missing(request, *args, **kwargs)