def is_teacher_or_superuser(class_id, request):
the_class = get_object(ClassRoom, pk=class_id)
if request.user.is_superuser:
return True
return the_class.teacher == request.user.user_profile
def has_permission(self, request, view):
quiz_answer = get_object(QuizAnswer,
pk=view.kwargs.get('quiz_answer_id'))
user_profile = request.user.user_profile
class_id = quiz_answer.quiz.class_room.id
if IsTeacherOrSuperuser.is_teacher_or_superuser(class_id, request):
return True
return quiz_answer.user_profile == user_profile
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
from core.views import AddQuizQuestion, QuizUpdateView
from core.views import RUDQuestion
if type(view) in [AddQuizQuestion, QuizUpdateView]:
quiz = get_object(Quiz, pk=view.kwargs.get('quiz_id'))
class_id = quiz.class_room.id
elif type(view) == RUDQuestion:
question = get_object(Question, pk=view.kwargs.get('question_id'))
quiz = question.quiz
class_id = quiz.class_room.id
else:
class_id = view.kwargs.get('class_id')
return self.is_teacher_or_superuser(class_id, request)
def has_permission(self, request, view):
quiz = get_object(Quiz, pk=view.kwargs.get('quiz_id'))
if IsTeacherOrSuperuser.is_teacher_or_superuser(
quiz.class_room.id, request):
return True
if not IsEnrolledInClass.is_enrolled_in_class(quiz.class_room.id,
request):
return False
return timezone.now() > quiz.start_datetime
def delete(request, *args, **kwargs):
try:
user_profile = UserProfile.objects.get(
user__username=kwargs.get('user_username'))
except UserProfile.DoesNotExist:
return Response({'username': [
"User name does not exist",
]},
status=404)
class_room = get_object(ClassRoom, pk=kwargs.get('class_id'))
class_room.students.remove(user_profile)
return Response({}, status=204)
def post(request, *args, **kwargs):
try:
user_profile = UserProfile.objects.get(
user__username=kwargs.get('user_username'))
except UserProfile.DoesNotExist:
return Response({'username': [
"User name does not exist",
]},
status=404)
class_room = get_object(ClassRoom, pk=kwargs.get('class_id'))
class_room.students.add(user_profile)
return Response(UserProfileSerializer(instance=user_profile).data,
status=200)
def has_permission(self, request, view):
from core.views import QuizQuestionsList, StartQuiz, ClassRoomRetrieveView
if type(view) in [QuizQuestionsList, StartQuiz]:
quiz = get_object(Quiz, pk=view.kwargs.get('quiz_id'))
class_id = quiz.class_room.id
elif type(view) in [
ClassRoomRetrieveView,
]:
class_id = view.kwargs.get('class_id')
else:
raise APIException("Invalid Permission Usage")
return self.is_enrolled_in_class(class_id, request)
def perform_create(self, serializer):
_class = get_object(ClassRoom, pk=self.kwargs.get('class_id'))
serializer.save(class_room=_class)
def delete(request, *args, **kwargs):
user_profile = request.user.user_profile
_class = get_object(ClassRoom, pk=kwargs.get('class_id'))
_class.students.remove(user_profile)
return Response({}, status=204)
def perform_create(self, serializer):
quiz = get_object(Quiz, pk=self.kwargs.get('quiz_id'))
serializer.save(quiz=quiz)
def get_queryset(self):
quiz = get_object(Quiz, pk=self.kwargs.get('quiz_id'))
return quiz.questions.all()
def get_queryset(self):
the_quiz = get_object(Quiz, pk=self.kwargs.get('quiz_id'))
return the_quiz.answers.all()
def has_permission(self, request, view):
quiz = get_object(Quiz, pk=view.kwargs.get('quiz_id'))
return quiz.is_active
def is_enrolled_in_class(class_id, request):
the_class = get_object(ClassRoom, pk=class_id)
return request.user.user_profile in the_class.students.all()