def get(self, request, access_level, format=None): user = FilterSecurity(request) if access_level == user.get_my_access(): queryset = user.get_my_schools() elif access_level == user.get_all_access(): queryset = user.get_accessible_schools() serializer = SchoolSerializer(queryset, many=True) return Response(serializer.data)
def get(self, request, pk, access_level, format=None): user = FilterSecurity(request) if access_level == user.get_my_access(): queryset = user.get_my_schools().filter(pk=pk) elif access_level == user.get_all_access(): queryset = user.get_accessible_schools().filter(pk=pk) serializer = SchoolDetailSerializer(queryset, many=True, context={"access": access_level}) return Response(serializer.data)
def to_representation(self, district_obj): user = FilterSecurity(self.context.get('request')) current_user = user.get_user() accessible_schools = user.get_accessible_schools() my_schools = user.get_my_schools() accessible_students = user.get_accessible_students() my_students = user.get_my_students() access_level = self.context.get("access", False) representation = super().to_representation(district_obj) representation["districtId"] = representation.pop("id") representation["districtName"] = district_obj.name representation["state"] = district_obj.state representation["city"] = district_obj.city representation["code"] = district_obj.code representation["noteSet"] = NoteSerializer( district_obj.notes.filter(user=current_user), many=True).data if access_level == user.get_all_access(): representation["schoolSet"] = SchoolSerializer( accessible_schools.filter(district=district_obj.id), many=True, read_only=True).data representation["studentSet"] = StudentSerializer( accessible_students.filter( current_school__district_id=district_obj.id), many=True, read_only=True).data representation["gradeSet"] = GradeSerializer(Grade.objects.filter( student_id__in=accessible_students.values('id'), course__school__district_id=district_obj.id), many=True, read_only=True).data representation["attendanceSet"] = AttendanceSerializer( Attendance.objects.filter( student_id__in=accessible_students.values('id'), school__district_id=district_obj.id), many=True, read_only=True).data representation["behaviorSet"] = BehaviorSerializer( Behavior.objects.filter(student_id__in=accessible_students, school__district_id=district_obj.id), many=True, read_only=True).data elif access_level == user.get_my_access(): representation["schoolSet"] = SchoolSerializer( my_schools.filter(district=district_obj.id), many=True, read_only=True).data representation["studentSet"] = StudentSerializer( my_students.filter( current_school__district_id=district_obj.id), many=True, read_only=True).data representation["gradeSet"] = GradeSerializer(Grade.objects.filter( student_id__in=my_students.values('id'), course__school__district_id=district_obj.id), many=True, read_only=True).data representation["attendanceSet"] = AttendanceSerializer( Attendance.objects.filter( student_id__in=my_students.values('id'), school__district_id=district_obj.id), many=True, read_only=True).data representation["behaviorSet"] = BehaviorSerializer( Behavior.objects.filter(student_id__in=my_students, school__district_id=district_obj.id), many=True, read_only=True).data return representation
def post_note(request, Model, pk, access_level): """ This method allows notes to be posted to any object referenced in this function's dictionary: access_dict. It should only be called in the POST methods of views displaying these models. The body of the post request this method handles should be in JSON format: {"text": "note text here"} """ user = FilterSecurity(request) access_dict = { "Program": user.get_accessible_programs(), "District": user.get_accessible_districts(), "School": user.get_accessible_schools(), "Course": user.get_accessible_courses(), "Student": user.get_accessible_students(), "Referral": Referral.objects.filter(user_id=user.get_user()), "Calendar": Calendar.objects.filter( Q(pk__in=Grade.objects.filter( student_id__in=user.get_accessible_students().values( "id")).values("calendar")) | Q(pk__in=Attendance.objects.filter( student_id__in=user.get_accessible_students().values( "id")).values("calendar")) | Q(pk__in=Behavior.objects.filter( student_id__in=user.get_accessible_students().values( "id")).values("calendar"))), "Behavior": Behavior.objects.filter( student_id__in=user.get_accessible_students().values("id")), "Grade": Grade.objects.filter( student_id__in=user.get_accessible_students().values("id")), "Attendance": Attendance.objects.filter( student_id__in=user.get_accessible_students().values("id")), "Bookmark": Bookmark.objects.filter(user_id=user.get_user()), } ModelInstance = Model.objects.get(pk=pk) model_name = ModelInstance.__class__.__name__ accessible_instances = access_dict[model_name] if ModelInstance not in accessible_instances: return Response( {"Sorry": "this user does not have access to do that."}) else: note_text = request.data["text"] note_data = { "user": user.get_user().id, "created": timezone.now(), "text": note_text, "content_type": ContentType.objects.get(model=model_name.lower()).id, "object_id": pk } serializer = NoteSerializer(data=note_data) if serializer.is_valid(): serializer.save() if Model in [Program, District, School, Course, Student]: return HttpResponseRedirect( f"/gsndb/{access_level}/{model_name.lower()}/{pk}/") else: return HttpResponseRedirect( f"/gsndb/{access_level}/note/{model_name.lower()}/{pk}/") else: return Response({ "Sorry": "The serializer denied saving this note.", "The serializer raised the following errors": serializer.errors })