コード例 #1
0
    def Club_Setting(self, request):
        """ change club info if the token is valid and user is the admin"""
        param_to_change = request.data.get('Param_to_change', {})
        new_value = request.data.get('New_value', {})
        user = User.objects.get(pk=request.data.get('User_ID', {}))
        bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {}))

        if CheckPermissions(user).hasPerm('Set Club', bookclub):
            if param_to_change == 'Name':
                setattr(bookclub, "Name", new_value)

            elif param_to_change == 'Logo':
                setattr(bookclub, "Profile_Pic", new_value)

            elif param_to_change == 'Open':
                setattr(bookclub, "Open", new_value)

            else:
                return Response(status=status.HTTP_400_BAD_REQUEST)

            bookclub.save()
            serializer = BookClubSearchSerializer(bookclub)
            return Response(serializer.data, status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #2
0
    def User_Setting(self, request):
        """ change user info if the token is valid and user provide matches the token """
        param_to_change = request.data.get('Param_to_change', {})
        new_value = request.data.get('New_value', {})
        user = User.objects.get(pk=request.data.get('User_ID'))

        token = request.headers.get('Authorization').split()[1]
        token_user = User.objects.get(pk=jwt.decode(
            token, settings.SECRET_KEY, algorithms='HS256')['id'])

        if CheckPermissions(user).hasPerm('Set User', token_user):
            if param_to_change == 'Profile_pic':
                setattr(user, "profile_pic", new_value)

            elif param_to_change == 'Username':
                setattr(user, "username", new_value)

            elif param_to_change == 'Email':
                setattr(user, 'email', new_value)

            elif param_to_change == 'Password':
                new_value = decrypt_request_pwd(new_value)
                user.set_password(new_value)

            else:
                return Response(status=status.HTTP_400_BAD_REQUEST)

            user.save()
            serializer = UserSerializer(user)
            return Response(serializer.data, status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #3
0
    def create_meeting(self, request):
        """ create meeting if the token is valid and user has admin permission"""
        bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Create', bookclub):
            time = datetime.strptime(request.data.get('Time', {}),
                                     '%d-%m-%Y %H:%M')
            location = request.data.get('Location', {})
            # book = Book.objects.get(pk=request.data.get('Book_ID', {}))
            title = request.data.get('Title', {})

            new_meeting = Meeting(Location=location,
                                  Title=title,
                                  Time=time,
                                  BookClub_ID=bookclub)
            new_meeting.save()
            new_meeting = Meeting.objects.filter(pk=new_meeting.pk) \
                .annotate(user_attendance=Count(
                Subquery(
                    Attendance.objects.filter(
                        User_ID=user, Meeting_ID=OuterRef('Meeting_ID')).only('Attendance_ID'))))

            serializer = MeetingSerializer(new_meeting.first())
            return Response(serializer.data, status=status.HTTP_201_CREATED)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #4
0
    def delete_meeting(self, request):
        """ delete a meeting if the token is valid and the user is admin of the club"""
        meeting = Meeting.objects.get(pk=request.data.get('Meeting_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Admin Delete', meeting):
            meeting.delete()
            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #5
0
    def delete_thread(self, request):
        """delete the reply if the token is valid and user is the author of the thread or an admin """
        thread = Thread.objects.get(pk=request.data.get('Thread_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Thread Delete', thread):
            deleted = thread.delete()
            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #6
0
    def delete_poll(self, request):
        """ delete a poll if the token is valid and user is an admin"""
        poll = Poll.objects.get(pk=request.data.get('Poll_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Admin Delete', poll):
            poll.delete()
            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #7
0
    def delete_bookclub(self, request):
        """ delete book club if the token is valid and user is admin"""
        bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Club Delete', bookclub):
            deleted = bookclub.delete()
            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #8
0
    def delete_discussion(self, request):
        """delete the discussion if the token is valid and user is the author of the discussion or an admin """
        discussion = Discussion.objects.get(
            pk=request.data.get('Discussion_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Discussion Delete', discussion):
            deleted = discussion.delete()
            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #9
0
    def edit_thread(self, request):
        """edit the thread if the token is valid and user is the author of the thread or an admin """
        thread = Thread.objects.get(pk=request.data.get('Thread_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))
        new_content = request.data.get('Content')

        if CheckPermissions(user).hasPerm('Thread Delete', thread):
            setattr(thread, "Content", new_content)
            thread.save()
            serializer = ThreadSerializer(thread)
            return Response(serializer.data, status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #10
0
    def leave_bookclub(self, request):
        """ leave the book club if the token is valid"""
        bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        token = request.headers.get('Authorization').split()[1]
        token_user = User.objects.get(pk=jwt.decode(
            token, settings.SECRET_KEY, algorithms='HS256')['id'])

        if CheckPermissions(user).hasPerm('Set User', token_user):
            if Administrator.objects.filter(BookClub=bookclub,
                                            User=user).count() < 1:
                return Response(status=status.HTTP_400_BAD_REQUEST)
            to_delete = Administrator.objects.get(BookClub=bookclub, User=user)
            to_delete.delete()
            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #11
0
    def delete_attendance(self, request):
        """ cancel attendence if the token is valid and user provided matches the token"""
        user = User.objects.get(pk=request.data.get('User_ID', {}))
        meeting = Meeting.objects.get(pk=request.data.get('Meeting_ID', {}))

        if meeting.Time < timezone.now():
            return Response(status=status.HTTP_400_BAD_REQUEST)

        token = request.headers.get('Authorization').split()[1]
        token_user = User.objects.get(pk=jwt.decode(
            token, settings.SECRET_KEY, algorithms='HS256')['id'])

        if CheckPermissions(user).hasPerm('Set User', token_user):
            if Attendance.objects.filter(Meeting_ID=meeting,
                                         User_ID=user).count() == 1:
                to_delete = Attendance.objects.get(Meeting_ID=meeting,
                                                   User_ID=user)
                to_delete.delete()
                return Response(status=status.HTTP_200_OK)

            return Response(status=status.HTTP_400_BAD_REQUEST)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #12
0
    def delete_vote(self, request):
        """ cancel all of a user's votes for the given poll if the token is valid and user id sent matches the token"""
        poll = Poll.objects.get(pk=request.data.get('Poll_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if poll.End_Time < datetime.date(datetime.now()):
            return Response(status=status.HTTP_400_BAD_REQUEST)

        token = request.headers.get('Authorization').split()[1]
        token_user = User.objects.get(pk=jwt.decode(
            token, settings.SECRET_KEY, algorithms='HS256')['id'])

        if CheckPermissions(user).hasPerm('Set User', token_user):
            choices = Choice.objects.filter(Poll_ID=poll)
            for choice in choices:
                if Vote.objects.filter(Choice_ID=choice,
                                       User_ID=user).count() == 1:
                    to_delete = Vote.objects.get(Choice_ID=choice,
                                                 User_ID=user)
                    to_delete.delete()

            return Response(status=status.HTTP_200_OK)

        return Response(status=status.HTTP_401_UNAUTHORIZED)
コード例 #13
0
    def create_poll(self, request):
        """create a poll if the token is valid and user is an admin"""
        bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {}))
        user = User.objects.get(pk=request.data.get('User_ID', {}))

        if CheckPermissions(user).hasPerm('Create', bookclub):
            time = datetime.strptime(request.data.get('Time', {}),
                                     "%d-%m-%Y %H:%M:%S")
            title = request.data.get('Title', {})
            choices = request.data.get('Choices', {})

            new_poll = Poll(End_Time=time, Title=title, BookClub_ID=bookclub)
            new_poll.save()
            new_poll = Poll.objects.get(pk=new_poll.Poll_ID)

            for choice in choices:
                new_choice = Choice(Description=choice, Poll_ID=new_poll)
                new_choice.save()

            serializer = PollSerializer(new_poll)
            return Response(serializer.data, status=status.HTTP_201_CREATED)

        else:
            return Response(status=status.HTTP_401_UNAUTHORIZED)