class ListViewSet(viewsets.ModelViewSet): queryset = List.objects.all() serializer_class = ListSerializer permission_classes = (APIPermissionClassFactory( name='ListPermission', permission_configuration={ 'base': { 'create': lambda user, req: user.is_authenticated, 'list': False, }, 'instance': { 'retrieve': 'lists.view_list', 'destroy': 'lists.delete_list', 'update': 'lists.change_list', } }), ) #Cunando se crea la lista asignar permiso de eliminar, ver y editar def perform_create(self, serializer): selfList = serializer.save() user = self.request.user assign_perm('lists.view_list', user, selfList) assign_perm('lists.delete_list', user, selfList) assign_perm('lists.change_list', user, selfList) return Response(serializer.data)
class EventAssignViewSet(viewsets.ModelViewSet): queryset = EventAssign.objects.all() serializer_class = EventAssignSerializer permission_classes = (APIPermissionClassFactory( name='EventAssignPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': True, 'destroy': 'event_assigns.delete_event_assign', 'update': 'event_assigns.change_event_assign', 'partial_update': 'event_assigns.change_event_assign', 'eventUsers': True } }), ) @action(detail=False, url_path='eventusers', methods=['post']) def eventUsers(self, request): try: response = [] eventData = request.data['event'] eventAssigns = EventAssign.objects.filter(event=eventData) print("Este es el event Data : " + eventData) for user in eventAssigns: response.append(UserSerializer(event.user).data) return Response(response) except: return Response({'detail': 'id is not valid'})
class AnnouncementViewSet(viewsets.ModelViewSet): queryset = Announcement.objects.all() serializer_class = AnnouncementSerializer permission_classes = ( APIPermissionClassFactory( name='AnnouncementPermission', permission_configuration={ 'base': { 'create': False, # Can only create announcements through courses. # 'list': True, }, 'instance': { 'retrieve': 'announcements.view_announcement', 'destroy': 'announcements.delete_announcement', 'update': 'announcements.change_announcement', 'partial_update': 'announcements.change_announcement', } }), ) def perform_create(self, serializer): announcement = serializer.save() user = self.request.user return Response(serializer.data)
class UserViewSet(viewsets.ModelViewSet): queryset = User.objects.all() serializer_class = UserSerializer permission_classes = (APIPermissionClassFactory(name='ReaderPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': False, 'destroy': False, 'update': False, 'get_info': True, } }), ) def perform_create(self, serializer): user = self.request.user user = serializer.save() return Response(serializer.data) @action(detail=True, methods=['POST'], url_path='info') def get_info(self, request, pk=None): user = self.get_object() info = get_object_or_404(User, email=user) serialized = UserSerializer(info).data return Response(serialized)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventsSerializer permission_classes = ( APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': check_parent_baby, 'list': False, }, 'instance': { 'retrieve': 'events.view_event', 'destroy': 'events.delete_event', 'update': 'events.change_event', 'partial_update': 'events.change_event', } } ), ) #Dar permisos al usuario al crear sobre sus eventos def perform_create(self, serializer): event = serializer.save() user = self.request.user assign_perm('events.view_event', user, event) assign_perm('events.change_event', user, event) assign_perm('events.delete_event', user, event) return Response(serializer.data)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = (APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': 'events.view_event', 'destroy': True, 'update': True, 'partial_update': True, } }), ) def perform_create(self, serializer): parent = name = serializer.validated_data['baby'].parent.username user = self.request.user print(str(user)) print(str(parent)) if (str(user) != str(parent)): print("No está autorizado") return Response("No esta autorizado") elif (str(user) == str(parent)): event = serializer.save() print("Se creó correctamente") assign_perm('events.view_event', user, event) return Response(serializer.data)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer # permisos permission_classes = (APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': 'events.view_event', 'destroy': evaluate, 'update': evaluate, 'partial_update': 'events.change_event', } }), ) def perform_create(self, serializer): parent_baby = serializer.validated_data["baby"] user = self.request.user actual_user = str(user.username) parent = str(parent_baby) if (actual_user != parent): print("No tiene autorización") elif (actual_user == parent): event = serializer.save() assign_perm('events.change_event', user, event) assign_perm('events.view_event', user, event) print("Evento registrado con exito!") return Response(serializer.data)
class MessageViewSet(viewsets.ModelViewSet): queryset = Message.objects.all() serializer_class = MessageSerializer permission_classes = ( APIPermissionClassFactory( name='MessagePermission', permission_configuration={ 'base': { 'create': check_chatUser, 'list': False, }, 'instance': { 'retrieve': False, 'destroy': 'messages.delete_message', 'update': False, } } ), ) #Cunando se crea el mensaje asignar permiso de eliminar def perform_create(self, serializer): message = serializer.save() user = self.request.user assign_perm('messages.delete_message', user, message) return Response(serializer.data)
class ChatUserViewSet(viewsets.ModelViewSet): queryset = ChatUser.objects.all() serializer_class = ChatUserSerializer permission_classes = ( APIPermissionClassFactory( name='ChatUserPermission', permission_configuration={ 'base': { 'create': lambda user, req: user.is_authenticated, 'list': False, }, 'instance': { 'retrieve': False, 'destroy': 'ChatUsers.delete_chatuser', 'update': False, } } ), ) #Cuando se crea la relacion del chat con el usuario asignar permiso de eliminar esa relacion def perform_create(self, serializer): chatUser = serializer.save() user = self.request.user assign_perm('ChatUsers.delete_chatuser', user, chatUser) return Response(serializer.data)
class UserViewSet(viewsets.ModelViewSet): queryset = User.objects.all() serializer_class = UserSerializer permission_classes = (APIPermissionClassFactory( name='UserPermission', permission_configuration={ 'base': { 'create': 'users.add_user', 'list': True, }, 'instance': { 'retrieve': True, 'destroy': 'users.delete_user', 'update': 'users.change_user', 'partial_update': 'users.change_user', 'isStudent': True, } }), ) @action(detail=True, url_path='isstudent', methods=['get']) def isStudent(self, request, pk=None): response = [] user = self.get_object() userGroups = user.groups.all() print(userGroups) group = Group.objects.get(name='student') bool = group in userGroups response.append(bool) return Response(response)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = (APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': evaluate_permission, 'destroy': evaluate_permission, 'update': evaluate_permission, 'partial_update': evaluate_permission, 'perform_create': evaluate_permission, } }), ) def perform_create(self, serializer): user = self.request.user baby = Baby.objects.get(pk=self.request.data['baby']) print(baby.parent.username) print(user.username) if (baby.parent.username == user.username): event = serializer.save() assign_perm('events.view_event', user, event) assign_perm('events.change_event', user, event) return Response(serializer.data) else: raise PermissionDenied()
class EstablishmentViewSet(viewsets.ModelViewSet): queryset = Establishment.objects.all() serializer_class = EstablishmentSerializer permission_classes = ( APIPermissionClassFactory( name='EstablishmentPermission', permission_configuration={ 'base': { 'create': True, # TODO: Debería ser solo superuser. 'list': True, }, 'instance': { 'retrieve': True, # TODO: Solo si está relacionado. 'destroy': False, 'update': 'establishments.change_establishment', 'partial_update': 'establishments.change_establishment', } } ), ) def perform_create(self, serializer): establishment = serializer.save() user = self.request.user assign_perm('establishments.change_establishment', user, establishment) return Response(serializer.data)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = (APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': evaluateParent, 'list': False, }, 'instance': { 'retrieve': 'events.view_event', 'destroy': 'events.delete_event', 'update': 'events.change_event', 'partial_update': 'event.change_event', } }), ) def perform_create(self, serializer): event = serializer.save() parent.self.request.parent assign_perm('events.view_event', parent, event) assign_perm('events.delete_event', parent, event) assign_perm('events.change_event', parent, event) return Response(serializer.data)
class BabyViewSet(viewsets.ModelViewSet): queryset = Baby.objects.all() serializer_class = BabySerializer permission_classes = ( APIPermissionClassFactory( name='BabyPermission', permission_configuration={ 'base': { 'create': True, 'list': False, }, 'instance': { 'retrieve': is_parent, 'destroy': is_parent, 'update': is_parent, 'partial_update': is_parent, 'events': is_parent, # 'update_permissions': 'users.add_permissions' # 'archive_all_students': phase_user_belongs_to_school, # 'add_clients': True, } }), ) def perform_create(self, serializer): baby = serializer.save() user = self.request.user assign_perm('babies.change_baby', user, baby) assign_perm('babies.view_baby', user, baby) return Response(serializer.data) @action(detail=True, url_path='events', methods=['get']) def events(self, request, pk=None): allEvents = Event.objects.all().filter(baby=pk) serialized = EventSerializer(allEvents, many=True) return Response(serialized.data)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = (APIPermissionClassFactory(name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': False, }, 'instance': { 'retrieve': check_baby_parent, 'update': False, 'partial_update': False, 'destroy': check_baby_parent, } }), ) def perform_create(self, serializer): parent = self.request.user baby = serializer.validated_data['baby'] if baby.parent.id == parent.id: event = serializer.save() return Response(serializer.data) # Retornar error return Response(serializer.data)
class ActorViewSet(viewsets.ModelViewSet): queryset = Actor.objects.all() serializer_class = ActorSerializer permission_classes = ( APIPermissionClassFactory( name='ActorPermission', permission_configuration={ 'base': { 'create': lambda user, requ : user.is_staff, 'list': lambda user, req: user.is_authenticated, }, 'instance': { 'retrieve': True, 'update': lambda user, req, third: user.is_authenticated, 'partial_update': True, 'destroy': lambda user, req, third: user.is_authenticated, 'actorAwards': lambda user, req, third: user.is_authenticated, } } ), ) @action(detail = True, url_path = 'awards',methods = ['get']) def actorAwards(self, request, pk = None): awards = self.get_object().awards.all() return Response( AwardSerializer(award).data for award in awards )
class PostViewSet(viewsets.ModelViewSet): queryset = Post.objects.all() serializer_class = PostSerializer permission_classes = (APIPermissionClassFactory(name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': True, 'destroy': evaluate, 'update': evaluate, 'partial_update': evaluate, } }), ) def perform_create(self, serializer): post = serializer.save() post.order = len(Post.objects.filter(topic=post.topic)) post.save() return Response(serializer.data)
class ParentViewSet(viewsets.ModelViewSet): queryset = Parent.objects.all() serializer_class = ParentSerializer permission_classes = (APIPermissionClassFactory(name='BabyPermission', permission_configuration={ 'base': { 'create': False, 'list': False, }, 'instance': { 'retrieve': False, 'destroy': False, 'update': False, 'partial_update': False, 'babies': True } }), ) @action(detail=True, methods=['get']) def babies(self, request, pk=None): parent = self.get_object().user parentBabies = [] for baby in Baby.objects.filter(parent=parent): parentBabies.append(BabySerializer(baby).data) return Response(parentBabies)
class ParentViewSet(viewsets.ModelViewSet): queryset = Parent.objects.all() serializer_class = ParentSerializer permission_classes = ( APIPermissionClassFactory( name='ParentPermission', permission_configuration={ 'base': { #'create': True, #'list': False, }, 'instance': { 'retrieve': evaluar, #'destroy': False, #'update': True, #'partial_update': 'babies.change_baby', 'babies': evaluar, # 'update_permissions': 'users.add_permissions' # 'archive_all_students': phase_user_belongs_to_school, # 'add_clients': True, } }), ) @action(detail=True, methods=['get']) def babies(self, request, pk=None): parent = self.get_object() return Response([ BabySerializer(baby).data for baby in Baby.objects.filter(parent=parent) ])
class BabyViewSet(viewsets.ModelViewSet): queryset = Baby.objects.all() serializer_class = BabySerializer permission_classes = (APIPermissionClassFactory( name='BabyPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': evaluate_user_permission, 'destroy': evaluate_user_permission, 'update': evaluate_user_permission, 'partial_update': evaluate_user_permission, 'events': evaluate_user_permission } }), ) # create a baby and give the user in the request permission to change and view the # created baby, via assign_perm def perform_create(self, serializer): baby = serializer.save() user = self.request.user assign_perm('baby.change_baby', user, baby) assign_perm('baby.view_baby', user, baby) return Response(serializer.data) @action(detail=True, url_path='events', methods=['get']) def events(self, request, pk=None): baby = self.get_object() events = Event.objects.filter(baby=baby) data = EventSerializer(events, many=True).data return Response(data)
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = ( APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': False, }, 'instance': { 'retrieve': 'events.view_event', 'destroy': False, 'update': False, 'partial_update': 'events.change_event', #'notify': evaluar_notify, # 'update_permissions': 'users.add_permissions' # 'archive_all_students': phase_user_belongs_to_school, # 'add_clients': True, } }), ) def perform_create(self, serializer): babyId = serializer.validated_data["babyId"] user = self.request.user userId = str(user.id) babyId = str(babyId) if babyId == userId: event = serializer.save() assign_perm('events.change_event', user, event) assign_perm('events.view_event', user, event) return Response(serializer.data) else: return Response({'ERROR': 'Usted no es el padre de ese bebe'})
class EventViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = ( APIPermissionClassFactory( name='EventPermissions', permission_configuration={ 'base': { 'create': True, 'list': False, }, 'instance': { 'retrieve': 'event.view_event', 'destroy': 'event.delete_event', 'update': True, 'partial_update': False, # 'update_permissions': 'users.add_permissions' # 'archive_all_students': phase_user_belongs_to_school, # 'add_clients': True, } }), ) def perform_create(self, serializer): event = serializer.save() user = self.request.user assign_perm('event.view_event', user, event) assign_perm('event.delete_event', user, event) return Response(serializer.data)
class TutorViewSet(viewsets.ModelViewSet): queryset = Tutor.objects.all() serializer_class = TutorSerializer permission_classes = (APIPermissionClassFactory( name='TutorPermission', permission_configuration={ 'base': { 'create': 'tutors.add_tutor', 'list': True, }, 'instance': { 'retrieve': True, 'destroy': 'tutors.delete_tutor', 'update': 'tutors.change_tutor', 'partial_update': 'tutors.change_tutor', 'courseTutors': True } }), ) @action(detail=False, url_path='coursetutors', methods=['post']) def courseTutors(self, request): try: response = [] print(request) courseData = request.data['course_id'] print('course Data antes de tutors' + courseData) tutors = Tutor.objects.filter(course=courseData) print("Este es el course Data : " + courseData) for tutor in tutors: response.append(UserSerializer(tutor.user_id).data) return Response(response) except: return Response({'detail': 'id is not valid'})
class BabyViewSet(viewsets.ModelViewSet): queryset = Baby.objects.all() serializer_class = BabySerializer permission_classes = (APIPermissionClassFactory( name='BabyPermission', permission_configuration={ 'base': { 'create': True, }, 'instance': { 'retrieve': 'babies.view_baby', 'destroy': False, 'update': 'babies.change_baby', 'partial_update': 'babies.change_baby', 'events': True } }), ) def perform_create(self, serializer): baby = serializer.save() user = self.request.user assign_perm('babies.change_baby', user, baby) assign_perm('babies.view_baby', user, baby) return Response(serializer.data) @action(detail=True, methods=['get']) def events(self, request, pk=None): baby = self.get_object() queryset = baby.event_set.all() events = EventSerializer(queryset, many=True).data return Response(events)
class ParentViewSet(viewsets.ModelViewSet): queryset = Parent.objects.all() serializer_class = ParentSerializer permission_classes = (APIPermissionClassFactory( name='ParentPermission', permission_configuration={ 'base': { 'create': True, 'list': False, }, 'instance': { 'retrieve': 'babyevents.view_parent', 'destroy': False, 'update': True, 'partial_update': 'babyevents.change_parent', 'events': 'babyevents.view_parent', 'babies': 'babyevents.view_parent' } }), ) @action(detail=True, methods=['get']) def babies(self, request, pk=None): parent = self.get_object() babies = Baby.objects.filter(pid=parent) return Response({'status': 'ok', 'Babies': (x.name for x in babies)})
class EventsViewSet(viewsets.ModelViewSet): queryset = Event.objects.all() serializer_class = EventSerializer permission_classes = (APIPermissionClassFactory( name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': False, }, 'instance': { 'retrieve': 'babyevents.view_event', 'destroy': False, 'update': True, 'partial_update': 'babyevents.change_event', 'events': evaluate } }), ) def perform_create(self, serializer): parent = self.request.user baby = Baby.objects.filter( name=serializer.validated_data['bid'])[0].pid.name print(' \n\n\n', parent) if (str(parent) == str(baby)): event = serializer.save() return Response(serializer.data) print('\n\n\nYa salimos\n\n\n') return Response({'status': 'Not authorized'})
class StoryViewSet(viewsets.ModelViewSet): queryset = Story.objects.all() serializer_class = StorySerializer permission_classes = (APIPermissionClassFactory(name='EventPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'destroy': evaluate, 'partial_update': False, 'retrieve': True, 'update': False, 'views': evaluate } }), ) @action(detail=True, methods=['get']) def views(self, request, pk=None): story = self.get_object() response = [] for view in ViewedStorySerializer.objects.filter(story=story): response.append(ViewedStorySerializer(view).data) return Response(response)
class SemesterViewSet(viewsets.ModelViewSet): queryset = Semester.objects.all() serializer_class = SemesterSerializer permission_classes = (APIPermissionClassFactory( name='SemesterPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': 'semester.view_semester', 'destroy': evaluate, 'update': evaluate, 'partial_update': 'semester.change_semester', 'courses': evaluate, 'update_beginning': evaluate, 'update_end': evaluate } }), ) def perform_create(self, serializer): semester = serializer.save() user = self.request.user assign_perm('semester.view_semester', user, semester) assign_perm('semester.change_semester', user, semester) return Response(serializer.data) @action(detail=True, methods=['get']) def courses(self, request, pk=None): semester = self.get_object() courses_semester = [] for course in Course.objects.filter(semester=semester): courses_semester.append(CourseSerializer(course).data) return Response(courses_semester) @action(detail=True, url_path='update-beginning', methods=['patch']) def update_beginning(self, request, pk=None): semester = self.get_object() new_beginning = request.data.get('new_beginning') new_beginning = datetime.datetime.strptime(new_beginning, '%Y-%m-%d').date() semester.beginning = new_beginning semester.save() return Response(SemesterSerializer(semester).data) @action(detail=True, url_path='update-end', methods=['patch']) def update_end(self, request, pk=None): semester = self.get_object() new_end = request.data.get('new_end') new_end = datetime.datetime.strptime(new_end, '%Y-%m-%d').date() semester.end = new_end semester.save() return Response(SemesterSerializer(semester).data)
class BookViewSet(viewsets.ModelViewSet): queryset = Book.objects.all() serializer_class = BookSerializer permission_classes = (APIPermissionClassFactory( name='BookPermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': 'book.view_book', 'destroy': evaluate, 'update': evaluate, 'partial_update': 'book.change_book', 'update_title': evaluate, 'update_description': evaluate, 'update_date': evaluate, } }), ) def perform_create(self, serializer): book = serializer.save() user = self.request.user assign_perm('book.view_book', user, book) assign_perm('book.change_book', user, book) return Response(serializer.data) @action(detail=True, url_path='update-title', methods=['patch']) def update_title(self, request, pk=None): book = self.get_object() new_title = request.data.get('new_title') book.title = new_title book.save() return Response(BookSerializer(book).data) @action(detail=True, url_path='update-description', methods=['patch']) def update_description(self, request, pk=None): book = self.get_object() new_description = request.data.get('new_description') book.description = new_description book.save() return Response(BookSerializer(book).data) @action(detail=True, url_path='update-date', methods=['patch']) def update_date(self, request, pk=None): book = self.get_object() new_date = request.data.get('new_date') new_date = datetime.datetime.strptime(new_date, '%Y-%m-%d').date() book.date = new_date book.save() return Response(BookSerializer(book).data)
class CourseViewSet(viewsets.ModelViewSet): queryset = Course.objects.all() serializer_class = CourseSerializer permission_classes = ( APIPermissionClassFactory( name='CoursePermission', permission_configuration={ 'base': { 'create': True, 'list': True, }, 'instance': { 'retrieve': 'course.view_course', 'destroy': evaluate, 'update': evaluate, 'partial_update': 'course.change_course', 'exams':evaluate, 'assignments':evaluate, 'update_name': evaluate } } ), ) def perform_create(self, serializer): course = serializer.save() user = self.request.user assign_perm('course.view_course', user, course) assign_perm('course.change_course', user, course) return Response(serializer.data) @action(detail=True, methods=['get']) def exams(self, request, pk=None): course = self.get_object() exams_course=[] for exam in Exam.objects.filter(course=course): exams_course.append(ExamSerializer(exam).data) return Response(exams_course) @action(detail=True, methods=['get']) def assignments(self, request, pk=None): course = self.get_object() assignments_course=[] for assign in Assignment.objects.filter(course=course): assignments_course.append(AssignmentSerializer(assign).data) return Response(assignments_course) @action(detail=True, url_path='update-name', methods=['patch']) def update_name(self, request, pk=None): course = self.get_object() new_name = request.data.get('new_name') course.name = new_name course.save() return Response(CourseSerializer(course).data)