class AthleteLimitedSerializer(AthleteSerializer): """ Serializer for athletes to users without staff permissions """ organization_info = OrganizationSerializer(read_only=True, source='organization') organization = serializers.PrimaryKeyRelatedField( queryset=Organization.objects.all()) class Meta: model = Athlete fields = ('id', 'first_name', 'last_name', 'sport_id', 'organization', 'organization_info', 'additional_organizations')
class AthleteSerializer(serializers.ModelSerializer): """ Serializer for athletes. """ organization_info = OrganizationSerializer(read_only=True, source='organization') organization = serializers.PrimaryKeyRelatedField( queryset=Organization.objects.all()) info = AthleteInformationSerializer(many=True, read_only=True) permissions = DRYPermissionsField() class Meta: model = Athlete fields = ('id', 'first_name', 'last_name', 'sport_id', 'organization', 'organization_info', 'additional_organizations', 'date_of_birth', 'gender', 'info', 'permissions') def to_representation(self, instance): """ Hide gender and date_of_birth unless POST or user is in UNMASKED_ATHLETE_USERS settings list. """ data = super().to_representation(instance) if 'request' in self.context and self.context[ 'request'].method != 'POST' and ( self.context['request'].user.username not in getattr( settings, 'UNMASKED_ATHLETE_USERS', [])): if 'date_of_birth' in data: data['date_of_birth'] = '*' if 'gender' in data: data['gender'] = '*' return data def validate(self, data): """ Check permissions to create an athlete. External organization athletes may be created by any logged in user. """ user = self.context['request'].user if not user.is_authenticated: raise serializers.ValidationError(_('User not authenticated'), 403) if user.is_superuser or user.is_staff: return data if 'organization' not in data or not data['organization'].external: raise serializers.ValidationError( _('No permission to create non external athlete'), 403) return data
class EventSerializer(serializers.ModelSerializer, EagerLoadingMixin): """ Serializer for events """ organization_info = OrganizationSerializer(read_only=True, source='organization') organization = serializers.PrimaryKeyRelatedField( queryset=Organization.objects.all()) competitions = CompetitionInfoSerializer(many=True, read_only=True) permissions = DRYPermissionsField() _PREFETCH_RELATED_FIELDS = ['organization', 'organization__areas', 'competitions', 'competitions__level', 'competitions__type'] class Meta: model = Event fields = ( 'id', 'name', 'description', 'date_start', 'date_end', 'location', 'organization', 'organization_info', 'public', 'competitions', 'locked', 'permissions') def validate(self, data): """ Checks permissions to create or modify events. Users may create and modify events organized by the clubs they represent, unless the event is locked by the staff. """ user = self.context['request'].user if not user.is_authenticated: raise serializers.ValidationError(_('User not authenticated'), 403) if 'date_end' in data and 'date_start' in data and data['date_end'] < data['date_start']: raise serializers.ValidationError(_('Start date may not be later than End date.')) if user.is_superuser or user.is_staff: return data if (not (self.instance and self.instance.organization.group in user.groups.all()) and ('organization' not in data or data['organization'].group not in user.groups.all())): raise serializers.ValidationError(_('No permission to alter or create an event.'), 403) if ((self.instance and self.instance.locked) or ('locked' in data and data['locked'])): raise serializers.ValidationError(_('No permission to alter or create a locked event.'), 403) return data
class EventSerializer(serializers.ModelSerializer, EagerLoadingMixin): """ Serializer for events """ organization_info = OrganizationSerializer(read_only=True, source='organization') organization = serializers.PrimaryKeyRelatedField( queryset=Organization.objects.all()) competitions = CompetitionInfoSerializer(many=True, read_only=True) permissions = DRYPermissionsField() _PREFETCH_RELATED_FIELDS = ['organization', 'organization__areas', 'competitions', 'competitions__level', 'competitions__type'] class Meta: model = Event fields = ( 'id', 'name', 'description', 'date_start', 'date_end', 'location', 'organization', 'organization_info', 'public', 'competitions', 'locked', 'approved', 'permissions', 'categories', 'optional_dates', 'web_page', 'invitation', 'notes', 'international', 'safety_plan', 'toc_agreement') def to_representation(self, instance): """ Hide some fields if user is not organizers representative, staff or superuser """ data = super().to_representation(instance) user = self.context['request'].user if not user.is_superuser and not user.is_staff and instance.organization not in user.groups.all(): for field in ['locked', 'optional_dates', 'notes', 'safety_plan', 'international', 'toc_agreement']: data.pop(field, None) return data @staticmethod def validate_toc_agreement(value): if not value: raise serializers.ValidationError(_('Must agree to the terms and conditions.'), 403) return value def validate(self, data): """ Checks permissions to create or modify events. Users may create and modify events organized by the clubs they represent, unless the event is locked by the staff. """ user = self.context['request'].user if not user.is_authenticated: raise serializers.ValidationError(_('User not authenticated'), 403) if 'date_end' in data and 'date_start' in data and data['date_end'] < data['date_start']: raise serializers.ValidationError(_('Start date may not be later than End date.')) if user.is_superuser or user.is_staff: return data if (not (self.instance and self.instance.organization.group in user.groups.all()) and ('organization' not in data or data['organization'].group not in user.groups.all())): raise serializers.ValidationError(_('No permission to alter or create an event.'), 403) if ((self.instance and self.instance.locked) or ('locked' in data and data['locked'])): raise serializers.ValidationError(_('No permission to alter or create a locked event.'), 403) if settings.EVENT_PUBLISH_REQUIRES_STAFF and ((not self.instance or not self.instance.public) and 'public' in data and data['public']): raise CustomValidation(_('No permission to publish event.'), 'publish', status.HTTP_403_FORBIDDEN) if (not self.instance or not self.instance.approved) and 'approved' in data and data['approved']: raise CustomValidation(_('No permission to approve event.'), 'approved', status.HTTP_403_FORBIDDEN) return data
class CompetitionSerializer(serializers.ModelSerializer, EagerLoadingMixin): """ Serializer for competitions """ type_info = CompetitionTypeSerializer(read_only=True, source='type') type = serializers.PrimaryKeyRelatedField( queryset=CompetitionType.objects.all()) level_info = CompetitionLevelSerializer(read_only=True, source='level') level = serializers.PrimaryKeyRelatedField( queryset=CompetitionLevel.objects.all()) organization_info = OrganizationSerializer(read_only=True, source='organization') organization = serializers.PrimaryKeyRelatedField( queryset=Organization.objects.all()) event_info = EventLimitedSerializer(read_only=True, source='event') event = serializers.PrimaryKeyRelatedField(queryset=Event.objects.all()) permissions = DRYPermissionsField() _PREFETCH_RELATED_FIELDS = [ 'type', 'level', 'event', 'event__organization__areas', 'organization', 'organization__areas' ] class Meta: model = Competition fields = ('id', 'name', 'description', 'date_start', 'date_end', 'location', 'organization', 'organization_info', 'event', 'event_info', 'type', 'type_info', 'level', 'level_info', 'layout', 'locked', 'public', 'trial', 'permissions') def validate(self, data): """ Checks permissions to create or modify competitions. Users may create and modify competitions organized by the clubs they represent, unless the competition is locked by the staff. """ user = self.context['request'].user if not user.is_authenticated: raise serializers.ValidationError(_('User not authenticated'), 403) if 'date_end' in data and 'date_start' in data and data[ 'date_end'] < data['date_start']: raise serializers.ValidationError( _('Start date may not be later than End date.')) if user.is_superuser or user.is_staff: return data if (not (self.instance and self.instance.organization.group in user.groups.all()) and ('organization' not in data or data['organization'].group not in user.groups.all())): raise serializers.ValidationError( _('No permission to alter or create an competition.'), 403) if (self.instance and (self.instance.locked or self.instance.event.locked) or ('locked' in data and data['locked']) or (not self.instance and data['event'].locked)): raise serializers.ValidationError( _('No permission to alter or create a locked competition.'), 403) return data