def get(self, request, access_level, format=None):
user = FilterSecurity(request)
if access_level == user.get_my_access():
queryset = user.get_my_schools()
elif access_level == user.get_all_access():
queryset = user.get_accessible_schools()
serializer = SchoolSerializer(queryset, many=True)
return Response(serializer.data)
def get(self, request, pk, access_level, format=None):
user = FilterSecurity(request)
if access_level == user.get_my_access():
queryset = user.get_my_schools().filter(pk=pk)
elif access_level == user.get_all_access():
queryset = user.get_accessible_schools().filter(pk=pk)
serializer = SchoolDetailSerializer(queryset,
many=True,
context={"access": access_level})
return Response(serializer.data)
def to_representation(self, district_obj):
user = FilterSecurity(self.context.get('request'))
current_user = user.get_user()
accessible_schools = user.get_accessible_schools()
my_schools = user.get_my_schools()
accessible_students = user.get_accessible_students()
my_students = user.get_my_students()
access_level = self.context.get("access", False)
representation = super().to_representation(district_obj)
representation["districtId"] = representation.pop("id")
representation["districtName"] = district_obj.name
representation["state"] = district_obj.state
representation["city"] = district_obj.city
representation["code"] = district_obj.code
representation["noteSet"] = NoteSerializer(
district_obj.notes.filter(user=current_user), many=True).data
if access_level == user.get_all_access():
representation["schoolSet"] = SchoolSerializer(
accessible_schools.filter(district=district_obj.id),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
accessible_students.filter(
current_school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=accessible_students.values('id'),
course__school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
Attendance.objects.filter(
student_id__in=accessible_students.values('id'),
school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
Behavior.objects.filter(student_id__in=accessible_students,
school__district_id=district_obj.id),
many=True,
read_only=True).data
elif access_level == user.get_my_access():
representation["schoolSet"] = SchoolSerializer(
my_schools.filter(district=district_obj.id),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
my_students.filter(
current_school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=my_students.values('id'),
course__school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
Attendance.objects.filter(
student_id__in=my_students.values('id'),
school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
Behavior.objects.filter(student_id__in=my_students,
school__district_id=district_obj.id),
many=True,
read_only=True).data
return representation
def post_note(request, Model, pk, access_level):
"""
This method allows notes to be posted to any object referenced in this
function's dictionary: access_dict. It should only be called in the POST
methods of views displaying these models.
The body of the post request this method handles should be in JSON format:
{"text": "note text here"}
"""
user = FilterSecurity(request)
access_dict = {
"Program":
user.get_accessible_programs(),
"District":
user.get_accessible_districts(),
"School":
user.get_accessible_schools(),
"Course":
user.get_accessible_courses(),
"Student":
user.get_accessible_students(),
"Referral":
Referral.objects.filter(user_id=user.get_user()),
"Calendar":
Calendar.objects.filter(
Q(pk__in=Grade.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))
| Q(pk__in=Attendance.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))
| Q(pk__in=Behavior.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))),
"Behavior":
Behavior.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Grade":
Grade.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Attendance":
Attendance.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Bookmark":
Bookmark.objects.filter(user_id=user.get_user()),
}
ModelInstance = Model.objects.get(pk=pk)
model_name = ModelInstance.__class__.__name__
accessible_instances = access_dict[model_name]
if ModelInstance not in accessible_instances:
return Response(
{"Sorry": "this user does not have access to do that."})
else:
note_text = request.data["text"]
note_data = {
"user": user.get_user().id,
"created": timezone.now(),
"text": note_text,
"content_type":
ContentType.objects.get(model=model_name.lower()).id,
"object_id": pk
}
serializer = NoteSerializer(data=note_data)
if serializer.is_valid():
serializer.save()
if Model in [Program, District, School, Course, Student]:
return HttpResponseRedirect(
f"/gsndb/{access_level}/{model_name.lower()}/{pk}/")
else:
return HttpResponseRedirect(
f"/gsndb/{access_level}/note/{model_name.lower()}/{pk}/")
else:
return Response({
"Sorry":
"The serializer denied saving this note.",
"The serializer raised the following errors":
serializer.errors
})
