def get(self, request, access_level, format=None):
user = FilterSecurity(request)
if access_level == user.get_my_access():
queryset = user.get_my_courses()
elif access_level == user.get_all_access():
queryset = user.get_accessible_courses()
serializer = CourseSerializer(queryset, many=True)
return Response(serializer.data)
def get(self, request, pk, access_level, format=None):
user = FilterSecurity(request)
if access_level == user.get_my_access():
queryset = user.get_my_courses().filter(pk=pk)
elif access_level == user.get_all_access():
queryset = user.get_accessible_courses().filter(pk=pk)
serializer = CourseDetailSerializer(queryset,
many=True,
context={"access": access_level})
return Response(serializer.data)
def to_representation(self, school_obj):
user = FilterSecurity(self.context.get('request'))
current_user = user.get_user()
accessible_students = user.get_accessible_students()
my_students = user.get_my_students()
accessible_courses = user.get_accessible_courses()
my_courses = user.get_my_courses()
access_level = self.context.get("access", False)
representation = super().to_representation(school_obj)
representation["schoolId"] = representation.pop("id")
representation["schoolName"] = school_obj.name
representation["districtId"] = school_obj.district.id
representation["districtName"] = school_obj.district.name
representation["noteSet"] = NoteSerializer(
school_obj.notes.filter(user=current_user), many=True).data
if access_level == user.get_all_access():
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=accessible_students.values("id"),
course__school_id=school_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
school_obj.attendance_set.filter(
student_id__in=accessible_students.values("id")),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
school_obj.behavior_set.filter(
student_id__in=accessible_students.values("id")),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
accessible_students.filter(current_school_id=school_obj.id),
many=True,
read_only=True).data
representation["courseSet"] = CourseSerializer(
accessible_courses.filter(school_id=school_obj.id),
many=True,
read_only=True).data
elif access_level == user.get_my_access():
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=my_students.values("id"),
course__school_id=school_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
school_obj.attendance_set.filter(
student_id__in=my_students.values("id")),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
school_obj.behavior_set.filter(
student_id__in=my_students.values("id")),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
my_students.filter(current_school_id=school_obj.id),
many=True,
read_only=True).data
representation["courseSet"] = CourseSerializer(
my_courses.filter(school_id=school_obj.id),
many=True,
read_only=True).data
return representation
def post_note(request, Model, pk, access_level):
"""
This method allows notes to be posted to any object referenced in this
function's dictionary: access_dict. It should only be called in the POST
methods of views displaying these models.
The body of the post request this method handles should be in JSON format:
{"text": "note text here"}
"""
user = FilterSecurity(request)
access_dict = {
"Program":
user.get_accessible_programs(),
"District":
user.get_accessible_districts(),
"School":
user.get_accessible_schools(),
"Course":
user.get_accessible_courses(),
"Student":
user.get_accessible_students(),
"Referral":
Referral.objects.filter(user_id=user.get_user()),
"Calendar":
Calendar.objects.filter(
Q(pk__in=Grade.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))
| Q(pk__in=Attendance.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))
| Q(pk__in=Behavior.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))),
"Behavior":
Behavior.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Grade":
Grade.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Attendance":
Attendance.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Bookmark":
Bookmark.objects.filter(user_id=user.get_user()),
}
ModelInstance = Model.objects.get(pk=pk)
model_name = ModelInstance.__class__.__name__
accessible_instances = access_dict[model_name]
if ModelInstance not in accessible_instances:
return Response(
{"Sorry": "this user does not have access to do that."})
else:
note_text = request.data["text"]
note_data = {
"user": user.get_user().id,
"created": timezone.now(),
"text": note_text,
"content_type":
ContentType.objects.get(model=model_name.lower()).id,
"object_id": pk
}
serializer = NoteSerializer(data=note_data)
if serializer.is_valid():
serializer.save()
if Model in [Program, District, School, Course, Student]:
return HttpResponseRedirect(
f"/gsndb/{access_level}/{model_name.lower()}/{pk}/")
else:
return HttpResponseRedirect(
f"/gsndb/{access_level}/note/{model_name.lower()}/{pk}/")
else:
return Response({
"Sorry":
"The serializer denied saving this note.",
"The serializer raised the following errors":
serializer.errors
})
