def get(self, request, access_level, format=None): user = FilterSecurity(request) if access_level == user.get_my_access(): queryset = user.get_my_programs() elif access_level == user.get_all_access(): queryset = user.get_accessible_programs() serializer = ProgramSerializer(queryset, many=True) return Response(serializer.data)
def get(self, request, pk, access_level, format=None): user = FilterSecurity(request) if access_level == user.get_my_access(): queryset = user.get_my_programs().filter(pk=pk) elif access_level == user.get_all_access(): queryset = user.get_accessible_programs().filter(pk=pk) serializer = ProgramDetailSerializer(queryset, many=True, context={"access": access_level}) return Response(serializer.data)
def post_note(request, Model, pk, access_level): """ This method allows notes to be posted to any object referenced in this function's dictionary: access_dict. It should only be called in the POST methods of views displaying these models. The body of the post request this method handles should be in JSON format: {"text": "note text here"} """ user = FilterSecurity(request) access_dict = { "Program": user.get_accessible_programs(), "District": user.get_accessible_districts(), "School": user.get_accessible_schools(), "Course": user.get_accessible_courses(), "Student": user.get_accessible_students(), "Referral": Referral.objects.filter(user_id=user.get_user()), "Calendar": Calendar.objects.filter( Q(pk__in=Grade.objects.filter( student_id__in=user.get_accessible_students().values( "id")).values("calendar")) | Q(pk__in=Attendance.objects.filter( student_id__in=user.get_accessible_students().values( "id")).values("calendar")) | Q(pk__in=Behavior.objects.filter( student_id__in=user.get_accessible_students().values( "id")).values("calendar"))), "Behavior": Behavior.objects.filter( student_id__in=user.get_accessible_students().values("id")), "Grade": Grade.objects.filter( student_id__in=user.get_accessible_students().values("id")), "Attendance": Attendance.objects.filter( student_id__in=user.get_accessible_students().values("id")), "Bookmark": Bookmark.objects.filter(user_id=user.get_user()), } ModelInstance = Model.objects.get(pk=pk) model_name = ModelInstance.__class__.__name__ accessible_instances = access_dict[model_name] if ModelInstance not in accessible_instances: return Response( {"Sorry": "this user does not have access to do that."}) else: note_text = request.data["text"] note_data = { "user": user.get_user().id, "created": timezone.now(), "text": note_text, "content_type": ContentType.objects.get(model=model_name.lower()).id, "object_id": pk } serializer = NoteSerializer(data=note_data) if serializer.is_valid(): serializer.save() if Model in [Program, District, School, Course, Student]: return HttpResponseRedirect( f"/gsndb/{access_level}/{model_name.lower()}/{pk}/") else: return HttpResponseRedirect( f"/gsndb/{access_level}/note/{model_name.lower()}/{pk}/") else: return Response({ "Sorry": "The serializer denied saving this note.", "The serializer raised the following errors": serializer.errors })