def get(self, request, pk, access_level, format=None):
user = FilterSecurity(request)
if access_level == user.get_my_access():
queryset = user.get_my_students().filter(pk=pk)
elif access_level == user.get_all_access():
queryset = user.get_accessible_students().filter(pk=pk)
serializer = StudentDetailSerializer(queryset, many=True)
return Response(serializer.data)
def to_representation(self, program_obj):
user = FilterSecurity(self.context.get('request'))
current_user = user.get_user()
accessible_students = user.get_accessible_students()
my_students = user.get_my_students()
access_level = self.context.get("access", False)
representation = super().to_representation(program_obj)
representation["programId"] = representation.pop("id")
representation["programName"] = program_obj.name
representation["noteSet"] = NoteSerializer(
program_obj.notes.filter(user=current_user), many=True).data
if access_level == user.get_all_access():
representation["gradeSet"] = GradeSerializer(
program_obj.grade_set.filter(student__in=accessible_students),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
program_obj.attendance_set.filter(
student__in=accessible_students),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
program_obj.behavior_set.filter(
student__in=accessible_students),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
program_obj.student_set.filter(pk__in=accessible_students),
many=True,
read_only=True).data
if access_level == user.get_my_access():
representation["gradeSet"] = GradeSerializer(
program_obj.grade_set.filter(student__in=my_students),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
program_obj.attendance_set.filter(student__in=my_students),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
program_obj.behavior_set.filter(student__in=my_students),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
program_obj.student_set.filter(pk__in=my_students),
many=True,
read_only=True).data
return representation
def to_representation(self, course_obj):
user = FilterSecurity(self.context.get('request'))
current_user = user.get_user()
accessible_students = user.get_accessible_students()
my_students = user.get_my_students()
access_level = self.context.get("access", False)
representation = super().to_representation(course_obj)
representation["courseId"] = representation.pop("id")
representation["courseName"] = course_obj.name
representation["schoolId"] = course_obj.school.id
representation["schoolName"] = course_obj.school.name
representation["courseSubject"] = course_obj.subject
representation["courseCode"] = course_obj.code
representation["noteSet"] = NoteSerializer(
course_obj.notes.filter(user=current_user), many=True).data
if access_level == user.get_all_access():
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=accessible_students.values("id"),
course_id=course_obj.id),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
Behavior.objects.filter(
student_id__in=accessible_students.values("id"),
course_id=course_obj.id),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
accessible_students.filter(pk__in=Grade.objects.filter(
course_id=course_obj.id).values("student")),
many=True,
read_only=True).data
elif access_level == user.get_my_access():
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=my_students.values("id"),
course_id=course_obj.id),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
Behavior.objects.filter(
student_id__in=my_students.values("id"),
course_id=course_obj.id),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
my_students.filter(pk__in=Grade.objects.filter(
course_id=course_obj.id).values("student")),
many=True,
read_only=True).data
return representation
def post(self, request, access_level, format=None):
"""
This method allows new referrals to be posted to the database. It
redirects to the selfsame ReferralList view, allowing the user to
see the new referral they created among their list of referrals.
The body of the post request this method handles should be in JSON format:
{"student": "student id here",
"program": "program pk",
"type": "list of types that can be found in referral model",
"date_given": "YYYY-MM-DD",
"reference_name": "the name of the person who referred whatever",
"reference_phone": integer goes here,
"reference_address": "an address goes here",
"reason": "reason..."
}
"""
user = FilterSecurity(request)
json = request.data
student = Student.objects.get(pk=json["student"])
if student not in user.get_accessible_students():
return Response({
"Sorry":
"this user does not have access to add a referral for this student."
})
else:
referral_data = {
"user": user.get_user().id,
"student": json["student"],
"program": json["program"],
"type": json["type"],
"date_given": json["date_given"],
"reference_name": json["reference_name"],
"reference_phone": json["reference_phone"],
"reference_address": json["reference_address"],
"reason": json["reason"],
}
serializer = ReferralSerializer(data=referral_data)
if serializer.is_valid():
serializer.save()
return HttpResponseRedirect(
f"/gsndb/{access_level}/student/{serializer.data['student']}/"
)
else:
return Response({
"Sorry":
"The serializer denied saving this referral.",
"The serializer raised the following errors":
serializer.errors
})
def put(self, request, pk, access_level, format=None):
user = FilterSecurity(request)
"""
This method allows a user to update an existing referral via a PUT request.
"""
referral_obj = Referral.objects.get(pk=pk)
json = request.data
student = Student.objects.get(pk=json["student"])
if student not in user.get_accessible_students():
return Response({
"Sorry":
"this user does not have access to edit this referral for this student."
})
else:
referral_data = {
"user": user.get_user().id,
"student": json["student"],
"program": json["program"],
"type": json["type"],
"date_given": json["date_given"],
"reference_name": json["reference_name"],
"reference_phone": json["reference_phone"],
"reference_address": json["reference_address"],
"reason": json["reason"],
}
serializer = ReferralSerializer(referral_obj, data=referral_data)
if serializer.is_valid():
serializer.save()
return HttpResponseRedirect(
f"/gsndb/{access_level}/referral/{serializer.data['referralId']}/"
)
else:
return Response({
"Sorry":
"The serializer denied saving this note.",
"The serializer raised the following errors":
serializer.errors
})
def to_representation(self, school_obj):
user = FilterSecurity(self.context.get('request'))
current_user = user.get_user()
accessible_students = user.get_accessible_students()
my_students = user.get_my_students()
accessible_courses = user.get_accessible_courses()
my_courses = user.get_my_courses()
access_level = self.context.get("access", False)
representation = super().to_representation(school_obj)
representation["schoolId"] = representation.pop("id")
representation["schoolName"] = school_obj.name
representation["districtId"] = school_obj.district.id
representation["districtName"] = school_obj.district.name
representation["noteSet"] = NoteSerializer(
school_obj.notes.filter(user=current_user), many=True).data
if access_level == user.get_all_access():
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=accessible_students.values("id"),
course__school_id=school_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
school_obj.attendance_set.filter(
student_id__in=accessible_students.values("id")),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
school_obj.behavior_set.filter(
student_id__in=accessible_students.values("id")),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
accessible_students.filter(current_school_id=school_obj.id),
many=True,
read_only=True).data
representation["courseSet"] = CourseSerializer(
accessible_courses.filter(school_id=school_obj.id),
many=True,
read_only=True).data
elif access_level == user.get_my_access():
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=my_students.values("id"),
course__school_id=school_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
school_obj.attendance_set.filter(
student_id__in=my_students.values("id")),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
school_obj.behavior_set.filter(
student_id__in=my_students.values("id")),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
my_students.filter(current_school_id=school_obj.id),
many=True,
read_only=True).data
representation["courseSet"] = CourseSerializer(
my_courses.filter(school_id=school_obj.id),
many=True,
read_only=True).data
return representation
def to_representation(self, district_obj):
user = FilterSecurity(self.context.get('request'))
current_user = user.get_user()
accessible_schools = user.get_accessible_schools()
my_schools = user.get_my_schools()
accessible_students = user.get_accessible_students()
my_students = user.get_my_students()
access_level = self.context.get("access", False)
representation = super().to_representation(district_obj)
representation["districtId"] = representation.pop("id")
representation["districtName"] = district_obj.name
representation["state"] = district_obj.state
representation["city"] = district_obj.city
representation["code"] = district_obj.code
representation["noteSet"] = NoteSerializer(
district_obj.notes.filter(user=current_user), many=True).data
if access_level == user.get_all_access():
representation["schoolSet"] = SchoolSerializer(
accessible_schools.filter(district=district_obj.id),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
accessible_students.filter(
current_school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=accessible_students.values('id'),
course__school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
Attendance.objects.filter(
student_id__in=accessible_students.values('id'),
school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
Behavior.objects.filter(student_id__in=accessible_students,
school__district_id=district_obj.id),
many=True,
read_only=True).data
elif access_level == user.get_my_access():
representation["schoolSet"] = SchoolSerializer(
my_schools.filter(district=district_obj.id),
many=True,
read_only=True).data
representation["studentSet"] = StudentSerializer(
my_students.filter(
current_school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["gradeSet"] = GradeSerializer(Grade.objects.filter(
student_id__in=my_students.values('id'),
course__school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["attendanceSet"] = AttendanceSerializer(
Attendance.objects.filter(
student_id__in=my_students.values('id'),
school__district_id=district_obj.id),
many=True,
read_only=True).data
representation["behaviorSet"] = BehaviorSerializer(
Behavior.objects.filter(student_id__in=my_students,
school__district_id=district_obj.id),
many=True,
read_only=True).data
return representation
def post_note(request, Model, pk, access_level):
"""
This method allows notes to be posted to any object referenced in this
function's dictionary: access_dict. It should only be called in the POST
methods of views displaying these models.
The body of the post request this method handles should be in JSON format:
{"text": "note text here"}
"""
user = FilterSecurity(request)
access_dict = {
"Program":
user.get_accessible_programs(),
"District":
user.get_accessible_districts(),
"School":
user.get_accessible_schools(),
"Course":
user.get_accessible_courses(),
"Student":
user.get_accessible_students(),
"Referral":
Referral.objects.filter(user_id=user.get_user()),
"Calendar":
Calendar.objects.filter(
Q(pk__in=Grade.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))
| Q(pk__in=Attendance.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))
| Q(pk__in=Behavior.objects.filter(
student_id__in=user.get_accessible_students().values(
"id")).values("calendar"))),
"Behavior":
Behavior.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Grade":
Grade.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Attendance":
Attendance.objects.filter(
student_id__in=user.get_accessible_students().values("id")),
"Bookmark":
Bookmark.objects.filter(user_id=user.get_user()),
}
ModelInstance = Model.objects.get(pk=pk)
model_name = ModelInstance.__class__.__name__
accessible_instances = access_dict[model_name]
if ModelInstance not in accessible_instances:
return Response(
{"Sorry": "this user does not have access to do that."})
else:
note_text = request.data["text"]
note_data = {
"user": user.get_user().id,
"created": timezone.now(),
"text": note_text,
"content_type":
ContentType.objects.get(model=model_name.lower()).id,
"object_id": pk
}
serializer = NoteSerializer(data=note_data)
if serializer.is_valid():
serializer.save()
if Model in [Program, District, School, Course, Student]:
return HttpResponseRedirect(
f"/gsndb/{access_level}/{model_name.lower()}/{pk}/")
else:
return HttpResponseRedirect(
f"/gsndb/{access_level}/note/{model_name.lower()}/{pk}/")
else:
return Response({
"Sorry":
"The serializer denied saving this note.",
"The serializer raised the following errors":
serializer.errors
})
