def Club_Setting(self, request): """ change club info if the token is valid and user is the admin""" param_to_change = request.data.get('Param_to_change', {}) new_value = request.data.get('New_value', {}) user = User.objects.get(pk=request.data.get('User_ID', {})) bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {})) if CheckPermissions(user).hasPerm('Set Club', bookclub): if param_to_change == 'Name': setattr(bookclub, "Name", new_value) elif param_to_change == 'Logo': setattr(bookclub, "Profile_Pic", new_value) elif param_to_change == 'Open': setattr(bookclub, "Open", new_value) else: return Response(status=status.HTTP_400_BAD_REQUEST) bookclub.save() serializer = BookClubSearchSerializer(bookclub) return Response(serializer.data, status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def User_Setting(self, request): """ change user info if the token is valid and user provide matches the token """ param_to_change = request.data.get('Param_to_change', {}) new_value = request.data.get('New_value', {}) user = User.objects.get(pk=request.data.get('User_ID')) token = request.headers.get('Authorization').split()[1] token_user = User.objects.get(pk=jwt.decode( token, settings.SECRET_KEY, algorithms='HS256')['id']) if CheckPermissions(user).hasPerm('Set User', token_user): if param_to_change == 'Profile_pic': setattr(user, "profile_pic", new_value) elif param_to_change == 'Username': setattr(user, "username", new_value) elif param_to_change == 'Email': setattr(user, 'email', new_value) elif param_to_change == 'Password': new_value = decrypt_request_pwd(new_value) user.set_password(new_value) else: return Response(status=status.HTTP_400_BAD_REQUEST) user.save() serializer = UserSerializer(user) return Response(serializer.data, status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def create_meeting(self, request): """ create meeting if the token is valid and user has admin permission""" bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Create', bookclub): time = datetime.strptime(request.data.get('Time', {}), '%d-%m-%Y %H:%M') location = request.data.get('Location', {}) # book = Book.objects.get(pk=request.data.get('Book_ID', {})) title = request.data.get('Title', {}) new_meeting = Meeting(Location=location, Title=title, Time=time, BookClub_ID=bookclub) new_meeting.save() new_meeting = Meeting.objects.filter(pk=new_meeting.pk) \ .annotate(user_attendance=Count( Subquery( Attendance.objects.filter( User_ID=user, Meeting_ID=OuterRef('Meeting_ID')).only('Attendance_ID')))) serializer = MeetingSerializer(new_meeting.first()) return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_meeting(self, request): """ delete a meeting if the token is valid and the user is admin of the club""" meeting = Meeting.objects.get(pk=request.data.get('Meeting_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Admin Delete', meeting): meeting.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_thread(self, request): """delete the reply if the token is valid and user is the author of the thread or an admin """ thread = Thread.objects.get(pk=request.data.get('Thread_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Thread Delete', thread): deleted = thread.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_poll(self, request): """ delete a poll if the token is valid and user is an admin""" poll = Poll.objects.get(pk=request.data.get('Poll_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Admin Delete', poll): poll.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_bookclub(self, request): """ delete book club if the token is valid and user is admin""" bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Club Delete', bookclub): deleted = bookclub.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_discussion(self, request): """delete the discussion if the token is valid and user is the author of the discussion or an admin """ discussion = Discussion.objects.get( pk=request.data.get('Discussion_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Discussion Delete', discussion): deleted = discussion.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def edit_thread(self, request): """edit the thread if the token is valid and user is the author of the thread or an admin """ thread = Thread.objects.get(pk=request.data.get('Thread_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) new_content = request.data.get('Content') if CheckPermissions(user).hasPerm('Thread Delete', thread): setattr(thread, "Content", new_content) thread.save() serializer = ThreadSerializer(thread) return Response(serializer.data, status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def leave_bookclub(self, request): """ leave the book club if the token is valid""" bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) token = request.headers.get('Authorization').split()[1] token_user = User.objects.get(pk=jwt.decode( token, settings.SECRET_KEY, algorithms='HS256')['id']) if CheckPermissions(user).hasPerm('Set User', token_user): if Administrator.objects.filter(BookClub=bookclub, User=user).count() < 1: return Response(status=status.HTTP_400_BAD_REQUEST) to_delete = Administrator.objects.get(BookClub=bookclub, User=user) to_delete.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_attendance(self, request): """ cancel attendence if the token is valid and user provided matches the token""" user = User.objects.get(pk=request.data.get('User_ID', {})) meeting = Meeting.objects.get(pk=request.data.get('Meeting_ID', {})) if meeting.Time < timezone.now(): return Response(status=status.HTTP_400_BAD_REQUEST) token = request.headers.get('Authorization').split()[1] token_user = User.objects.get(pk=jwt.decode( token, settings.SECRET_KEY, algorithms='HS256')['id']) if CheckPermissions(user).hasPerm('Set User', token_user): if Attendance.objects.filter(Meeting_ID=meeting, User_ID=user).count() == 1: to_delete = Attendance.objects.get(Meeting_ID=meeting, User_ID=user) to_delete.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_401_UNAUTHORIZED)
def delete_vote(self, request): """ cancel all of a user's votes for the given poll if the token is valid and user id sent matches the token""" poll = Poll.objects.get(pk=request.data.get('Poll_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if poll.End_Time < datetime.date(datetime.now()): return Response(status=status.HTTP_400_BAD_REQUEST) token = request.headers.get('Authorization').split()[1] token_user = User.objects.get(pk=jwt.decode( token, settings.SECRET_KEY, algorithms='HS256')['id']) if CheckPermissions(user).hasPerm('Set User', token_user): choices = Choice.objects.filter(Poll_ID=poll) for choice in choices: if Vote.objects.filter(Choice_ID=choice, User_ID=user).count() == 1: to_delete = Vote.objects.get(Choice_ID=choice, User_ID=user) to_delete.delete() return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def create_poll(self, request): """create a poll if the token is valid and user is an admin""" bookclub = BookClub.objects.get(pk=request.data.get('BookClub_ID', {})) user = User.objects.get(pk=request.data.get('User_ID', {})) if CheckPermissions(user).hasPerm('Create', bookclub): time = datetime.strptime(request.data.get('Time', {}), "%d-%m-%Y %H:%M:%S") title = request.data.get('Title', {}) choices = request.data.get('Choices', {}) new_poll = Poll(End_Time=time, Title=title, BookClub_ID=bookclub) new_poll.save() new_poll = Poll.objects.get(pk=new_poll.Poll_ID) for choice in choices: new_choice = Choice(Description=choice, Poll_ID=new_poll) new_choice.save() serializer = PollSerializer(new_poll) return Response(serializer.data, status=status.HTTP_201_CREATED) else: return Response(status=status.HTTP_401_UNAUTHORIZED)