class AthleteLimitedSerializer(AthleteSerializer):
"""
Serializer for athletes to users without staff permissions
"""
organization_info = OrganizationSerializer(read_only=True,
source='organization')
organization = serializers.PrimaryKeyRelatedField(
queryset=Organization.objects.all())
class Meta:
model = Athlete
fields = ('id', 'first_name', 'last_name', 'sport_id', 'organization',
'organization_info', 'additional_organizations')
class AthleteSerializer(serializers.ModelSerializer):
"""
Serializer for athletes.
"""
organization_info = OrganizationSerializer(read_only=True,
source='organization')
organization = serializers.PrimaryKeyRelatedField(
queryset=Organization.objects.all())
info = AthleteInformationSerializer(many=True, read_only=True)
permissions = DRYPermissionsField()
class Meta:
model = Athlete
fields = ('id', 'first_name', 'last_name', 'sport_id', 'organization',
'organization_info', 'additional_organizations',
'date_of_birth', 'gender', 'info', 'permissions')
def to_representation(self, instance):
"""
Hide gender and date_of_birth unless POST or user is in UNMASKED_ATHLETE_USERS settings list.
"""
data = super().to_representation(instance)
if 'request' in self.context and self.context[
'request'].method != 'POST' and (
self.context['request'].user.username not in getattr(
settings, 'UNMASKED_ATHLETE_USERS', [])):
if 'date_of_birth' in data:
data['date_of_birth'] = '*'
if 'gender' in data:
data['gender'] = '*'
return data
def validate(self, data):
"""
Check permissions to create an athlete.
External organization athletes may be created by any logged in user.
"""
user = self.context['request'].user
if not user.is_authenticated:
raise serializers.ValidationError(_('User not authenticated'), 403)
if user.is_superuser or user.is_staff:
return data
if 'organization' not in data or not data['organization'].external:
raise serializers.ValidationError(
_('No permission to create non external athlete'), 403)
return data
class EventSerializer(serializers.ModelSerializer, EagerLoadingMixin):
"""
Serializer for events
"""
organization_info = OrganizationSerializer(read_only=True, source='organization')
organization = serializers.PrimaryKeyRelatedField(
queryset=Organization.objects.all())
competitions = CompetitionInfoSerializer(many=True, read_only=True)
permissions = DRYPermissionsField()
_PREFETCH_RELATED_FIELDS = ['organization',
'organization__areas',
'competitions',
'competitions__level',
'competitions__type']
class Meta:
model = Event
fields = (
'id', 'name', 'description', 'date_start', 'date_end', 'location', 'organization', 'organization_info',
'public', 'competitions', 'locked', 'permissions')
def validate(self, data):
"""
Checks permissions to create or modify events.
Users may create and modify events organized by the clubs they
represent, unless the event is locked by the staff.
"""
user = self.context['request'].user
if not user.is_authenticated:
raise serializers.ValidationError(_('User not authenticated'), 403)
if 'date_end' in data and 'date_start' in data and data['date_end'] < data['date_start']:
raise serializers.ValidationError(_('Start date may not be later than End date.'))
if user.is_superuser or user.is_staff:
return data
if (not (self.instance and self.instance.organization.group in user.groups.all()) and
('organization' not in data or data['organization'].group not in user.groups.all())):
raise serializers.ValidationError(_('No permission to alter or create an event.'), 403)
if ((self.instance and self.instance.locked) or
('locked' in data and data['locked'])):
raise serializers.ValidationError(_('No permission to alter or create a locked event.'), 403)
return data
class EventSerializer(serializers.ModelSerializer, EagerLoadingMixin):
"""
Serializer for events
"""
organization_info = OrganizationSerializer(read_only=True, source='organization')
organization = serializers.PrimaryKeyRelatedField(
queryset=Organization.objects.all())
competitions = CompetitionInfoSerializer(many=True, read_only=True)
permissions = DRYPermissionsField()
_PREFETCH_RELATED_FIELDS = ['organization',
'organization__areas',
'competitions',
'competitions__level',
'competitions__type']
class Meta:
model = Event
fields = (
'id', 'name', 'description', 'date_start', 'date_end', 'location', 'organization', 'organization_info',
'public', 'competitions', 'locked', 'approved', 'permissions', 'categories', 'optional_dates',
'web_page', 'invitation', 'notes', 'international', 'safety_plan', 'toc_agreement')
def to_representation(self, instance):
"""
Hide some fields if user is not organizers representative, staff or superuser
"""
data = super().to_representation(instance)
user = self.context['request'].user
if not user.is_superuser and not user.is_staff and instance.organization not in user.groups.all():
for field in ['locked', 'optional_dates', 'notes', 'safety_plan', 'international', 'toc_agreement']:
data.pop(field, None)
return data
@staticmethod
def validate_toc_agreement(value):
if not value:
raise serializers.ValidationError(_('Must agree to the terms and conditions.'), 403)
return value
def validate(self, data):
"""
Checks permissions to create or modify events.
Users may create and modify events organized by the clubs they
represent, unless the event is locked by the staff.
"""
user = self.context['request'].user
if not user.is_authenticated:
raise serializers.ValidationError(_('User not authenticated'), 403)
if 'date_end' in data and 'date_start' in data and data['date_end'] < data['date_start']:
raise serializers.ValidationError(_('Start date may not be later than End date.'))
if user.is_superuser or user.is_staff:
return data
if (not (self.instance and self.instance.organization.group in user.groups.all()) and
('organization' not in data or data['organization'].group not in user.groups.all())):
raise serializers.ValidationError(_('No permission to alter or create an event.'), 403)
if ((self.instance and self.instance.locked) or
('locked' in data and data['locked'])):
raise serializers.ValidationError(_('No permission to alter or create a locked event.'), 403)
if settings.EVENT_PUBLISH_REQUIRES_STAFF and ((not self.instance or not self.instance.public) and
'public' in data and data['public']):
raise CustomValidation(_('No permission to publish event.'), 'publish', status.HTTP_403_FORBIDDEN)
if (not self.instance or not self.instance.approved) and 'approved' in data and data['approved']:
raise CustomValidation(_('No permission to approve event.'), 'approved', status.HTTP_403_FORBIDDEN)
return data
class CompetitionSerializer(serializers.ModelSerializer, EagerLoadingMixin):
"""
Serializer for competitions
"""
type_info = CompetitionTypeSerializer(read_only=True, source='type')
type = serializers.PrimaryKeyRelatedField(
queryset=CompetitionType.objects.all())
level_info = CompetitionLevelSerializer(read_only=True, source='level')
level = serializers.PrimaryKeyRelatedField(
queryset=CompetitionLevel.objects.all())
organization_info = OrganizationSerializer(read_only=True,
source='organization')
organization = serializers.PrimaryKeyRelatedField(
queryset=Organization.objects.all())
event_info = EventLimitedSerializer(read_only=True, source='event')
event = serializers.PrimaryKeyRelatedField(queryset=Event.objects.all())
permissions = DRYPermissionsField()
_PREFETCH_RELATED_FIELDS = [
'type', 'level', 'event', 'event__organization__areas', 'organization',
'organization__areas'
]
class Meta:
model = Competition
fields = ('id', 'name', 'description', 'date_start', 'date_end',
'location', 'organization', 'organization_info', 'event',
'event_info', 'type', 'type_info', 'level', 'level_info',
'layout', 'locked', 'public', 'trial', 'permissions')
def validate(self, data):
"""
Checks permissions to create or modify competitions.
Users may create and modify competitions organized by the clubs they
represent, unless the competition is locked by the staff.
"""
user = self.context['request'].user
if not user.is_authenticated:
raise serializers.ValidationError(_('User not authenticated'), 403)
if 'date_end' in data and 'date_start' in data and data[
'date_end'] < data['date_start']:
raise serializers.ValidationError(
_('Start date may not be later than End date.'))
if user.is_superuser or user.is_staff:
return data
if (not (self.instance
and self.instance.organization.group in user.groups.all())
and ('organization' not in data
or data['organization'].group not in user.groups.all())):
raise serializers.ValidationError(
_('No permission to alter or create an competition.'), 403)
if (self.instance and
(self.instance.locked or self.instance.event.locked)
or ('locked' in data and data['locked'])
or (not self.instance and data['event'].locked)):
raise serializers.ValidationError(
_('No permission to alter or create a locked competition.'),
403)
return data