def destroy(self, request, *args, **kwargs): if not isInstitutionAdmin(request, self.get_object().institution): raise PermissionDenied(detail='User is not an admin_user', code=None) if request.user.id == self.get_object().user.id: raise PermissionDenied(detail='Admin cannot delete oneself', code=None) return super(AdministratorViewSet, self).destroy(request, *args, **kwargs)
def list(self, request, *args, **kwargs): if not isInstitutionAdmin(request, getUserInstitution(request)): raise PermissionDenied(detail='User is not an admin_user', code=None) if request.user.is_superuser: self.queryset = Administrator.objects.all() else: self.queryset = Administrator.objects.filter( institution=getUserInstitution(request)) return super(AdministratorViewSet, self).list(request, *args, **kwargs)
def list(self, request, *args, **kwargs): self.serializer_class = AdministratorListSerializer if not isInstitutionAdmin(request, getUserInstitution(request)): raise PermissionDenied(detail='User is not an admin_user', code=None) if request.user.is_superuser: self.queryset = applyUserFilters(request, Administrator) else: self.queryset = applyUserFilters( request, Administrator, institution=getUserInstitution(request)) response = super(AdministratorViewSet, self).list(request, *args, **kwargs) response = generateKeys(response, self.serializer_class) return response
def destroy(self, request, *args, **kwargs): if not isInstitutionAdmin(request, self.get_object().institution): raise PermissionDenied(detail='User is not an admin_user', code=None) return super(TeacherViewSet, self).destroy(request, *args, **kwargs)
def create(self, request, *args, **kwargs): if not isInstitutionAdmin(request, getUserInstitution(request)): raise PermissionDenied(detail='User is not an admin_user', code=None) return super(TeacherViewSet, self).create(request, *args, **kwargs)
def update(self, request, *args, **kwargs): if not isInstitutionAdmin(request, self.get_object()): raise PermissionDenied(detail='User is not an admin_user', code=None) return super(InstitutionViewSet, self).retrieve(request, *args, **kwargs)