class SalaDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Sala.objects.all()
serializer_class = SalaSerializer
authentication_classes = [
oauth2_provider.contrib.rest_framework.OAuth2Authentication,
SessionAuthentication
]
permission_classes = [
Or(IsAdminUser,
oauth2_provider.contrib.rest_framework.TokenHasReadWriteScope)
]
filter_backends = (filters.DjangoFilterBackend, )
filter_class = SalaFilter
class SalaList(generics.ListCreateAPIView):
queryset = Sala.objects.all()
serializer_class = SalaSerializer
authentication_classes = [
oauth2_provider.contrib.rest_framework.OAuth2Authentication,
SessionAuthentication
]
permission_classes = [
Or(IsAdminUser,
oauth2_provider.contrib.rest_framework.TokenHasReadWriteScope)
]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
class TicketViewset(PrefetchQuerysetModelMixin, viewsets.ModelViewSet):
ownership_field = "creator"
user_relation = "user.profile"
permission_classes = [
Or(
And(IsPostRequest, CanSubmitTickets), # Creating new tickets
And(
IsDeleteRequest,
Or(
IsAdmin, # Admin deleting ticket
And(CanSubmitTickets, OwnsObject), # Deleting own ticket
)),
And(IsGetRequest,
CanSubmitTickets), # Geting last ticket, or list of tickets
And(
IsPutPatchRequest,
Or(
IsMentor, # Mentors manipulating tickets
And(CanSubmitTickets, OwnsObject) # Submitting feedback
)))
]
queryset = Ticket.objects.all()
serializer_class = TicketSerializer
@action(methods=['get'], detail=False)
def last_ticket(self, request):
self.update
ticket = Ticket.objects.filter(creator=request.user.profile).last()
if ticket is not None:
self.queryset = Ticket.objects.filter(id=ticket.id)
queryset = self.get_queryset()
else:
queryset = Ticket.objects.none()
serializer = self.get_serializer_class()(queryset, many=True)
data = serializer.data[0] if len(serializer.data) > 0 else {}
return Response(data)
class ResponseMessageListCreateView(ListCreateAPIView):
model = ResponseMessage
serializer_class = ResponseMessageSerializer
queryset = ResponseMessage.objects()
permission_classes = [Or(build_permission_class('dms.can_manage_messages'), IsGetRequest)]
def pre_save(self, obj):
in_response_to = self.request.DATA.get('text', '')
obj.text = settings.AUTO_RESPONSE_MESSAGE
obj.response_to = in_response_to
def post_save(self, obj, created=True):
auto_response_enabled = AdminSetting.objects(**dict(name='enable_automatic_response', yes_no=True)).first()
if auto_response_enabled:
send_one_sms.delay(obj)
class InvitationCheckin(generics.UpdateAPIView):
queryset = Invitation.objects.all()
serializer_class = InvitationSerializer
permission_classes = (Or(
IsAdmin, Or(IsHostOfInvitationObject, IsBouncerOfInvitationObject)), )
def put(self, request, *args, **kwargs):
try:
invitation = Invitation.objects.get(pk=kwargs['pk'])
except Invitation.DoesNotExist:
raise ValidationError("The invitation does not exist.")
self.check_object_permissions(request, invitation)
if not invitation.has_rsvped:
raise ValidationError("The user has not RSVPed yet.")
if invitation.has_checkedin:
raise ValidationError("The user has already checked in.")
invitation.has_checkedin = True
invitation.save() # need to explicitly call save here
serializer = InvitationSerializer(invitation)
return Response(serializer.data, status=status.HTTP_200_OK)
class BaseAttributeApiViewSet(BaseApiViewSet):
permission_classes = [
Or(UnauthenticatedReadOnlyPermission,
AttributeAuthenticatedUserPermission)
]
method_authentication_classes = {"GET": []}
def perform_create(self, serializer):
# Here is where we could set status based on user role
# for now, make it always lowest when set by API, though this is also model default
serializer.save(status=APPROVAL_STATUSES[-1][0])
def perform_update(self, serializer):
serializer.save(status=APPROVAL_STATUSES[-1][0])
class GroupMembersDetail(generics.RetrieveUpdateDestroyAPIView):
serializer_class = MemberSerializer
lookup_url_kwarg = "membership_id"
permission_classes = (Or(IsGroupAdminPermission,
IsGroupMemberPermission), )
def get_queryset(self):
membership_id = self.kwargs['membership_id']
group_id = self.kwargs['pk']
try:
return Membership.objects.filter(pk=membership_id,
group__id=group_id)
except ObjectDoesNotExist:
return []
class AdminViewSet(AtomicMixin, InstanceBasedMixin, mixins.RetrieveModelMixin,
mixins.UpdateModelMixin, mixins.DestroyModelMixin,
mixins.ListModelMixin, GenericViewSet):
"""API endpoint for admins added to given instance"""
model = AdminInstanceRole
queryset = AdminInstanceRole.objects
lookup_field = 'admin_id'
serializer_class = AdminInstanceRoleSerializer
permission_classes = (Or(AdminHasPermissions, AllowSelfRoleDeletion),
ProtectOwnerAccess, OwnerInGoodStanding)
def get_queryset(self):
qs = super().get_queryset()
return qs.select_related(
'role', 'admin').filter(instance=self.request.instance)
class TeamFileUploadListCreateView(generics.ListCreateAPIView):
serializer_class = serializers.TeamFileUploadSerializer
queryset = TeamFileUpload.objects.all()
pagination_class = TeamFileLimitOffsetPagination
# TODO: UPDATE PERMISSIONS
permission_classes = [And(Or(IsGet, IsPost), permissions.IsAuthenticated)]
def get_queryset(self):
return self.queryset.filter(user=self.request.user)
def perform_create(self, serializer):
obj = serializer.save(user=self.request.user)
task = create_teams.delay(obj.id)
# Set the task id
obj.task_id = task.task_id
obj.save()
class CreateView(generics.ListCreateAPIView):
"""This class defines the create behavior of the rest api."""
serializer_class = ProductSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
def perform_create(self, serializer):
"""Save the post data when creating a new product."""
serializer.save(owner=self.request.user, quantity=0)
def get_queryset(self):
"""This view returns the products from the currently authenticated user"""
return Product.objects.filter(owner=self.request.user)
class EntradaView(APIView):
authentication_classes = [BasicAuthentication, TokenAuthentication]
permission_classes = [
IsAuthenticated,
Or(IsManagerGroup, IsAdminGroup, IsSnifforGroup, IsReportMakerGroup)
]
def get(self, request):
"""Devuelve las entradas"""
data = request.data
if 'ids' in data.keys():
ids = data['ids']
ent_list = EntradaService.get_by_ids(ids)
serializer = EntradaSerializer(ent_list, many=True)
else:
raise AttributeError("Falta el parámetro Ids o está vacio")
return Response(serializer.data)
def post(self, request):
"""Inserta entradas"""
data = request.data
entradas = []
for r in data:
if "type" in r.keys():
entidades = []
if 'entidades' in r.keys():
entidades = r['entidades']
if r["type"] == "portal":
entradas.append(
PortalEntrada(content=r["content"],
fecha=datetime.datetime.strptime(
r["fecha"], "%d/%m/%Y"),
etiquetas=r["etiquetas"],
fuente=r["fuente_id"],
entidades=entidades))
entradas = PreprocessorService.preprocess(entradas)
entradas_saved = EntradaService.save_opinions(entradas)
ent_ids = [str(ent.id) for ent in entradas_saved]
content = {"ids": ent_ids}
return Response(content)
class MusicDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Music.objects.all()
serializer_class = MusicSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
filter_backends = (filters.DjangoFilterBackend, )
filter_fields = '__all__'
class AlbumFilter(filters.FilterSet):
date_gte = filters.DateFilter(name="date", lookup_expr='gte')
date_lte = filters.DateFilter(name="date", lookup_expr='lte')
class Meta:
model = Album
fields = '__all__'
class GroupViewSet(EndpointAclMixin, v1_views.GroupViewSet):
serializer_class = GroupSerializer
permission_classes = (
Or(
# Check admin permissions
AdminHasPermissions,
# Check API Key ACL
CheckAclPermission,
),
OwnerInGoodStanding,
)
endpoint_acl_object_field = 'groups_acl'
def get_queryset(self):
base_query = super().get_queryset()
return base_query.filter_acl(self.request)
class CountryReportViewSet(viewsets.ModelViewSet):
permission_classes = (Or(IsAuthenticated,
get_guest_permissions_class(['list',
'retrieve'])), )
serializer_class = CountryReportSerializer
queryset = CountryReport.objects.all()
def list(self, request, *args, **kwargs):
queryset = CountryReport.objects.all()
serializer = CountryReportSerializer(queryset, many=True)
return Response(serializer.data)
def retrieve(self, request, pk=None, *args, **kwargs):
queryset = CountryReport.objects.all()
countryreport = get_object_or_404(queryset, pk=pk)
serializer = CountryReportRetrieveSerializer(countryreport)
return Response(serializer.data)
class PublishedArtifactGroupView(MajoraUUID4orDiceNameLookupMixin,
RequiredParamRetrieveMixin,
MajoraCeleryListingMixin,
mixins.RetrieveModelMixin,
viewsets.GenericViewSet):
serializer_class = serializers.RestyPublishedArtifactGroupSerializer
majora_alternative_field = "published_name"
queryset = models.PublishedArtifactGroup.objects.all()
celery_task = tasks.task_get_pag_by_qc_v3
permission_classes = (Or(permissions.IsAuthenticated, APIKeyPermission), )
majora_api_permission = "majora2.can_read_dataview_via_api"
majora_required_params = ["mdv"]
#renderer_classes = [JSONRenderer]
def get_serializer_context(self):
context = super().get_serializer_context()
mdv = self.request.query_params.get("mdv")
# I tried to raise http400 here but it didnt seem to work
context.update({"mdv": mdv})
return context
def get_queryset(self):
queryset = self.queryset
service = self.request.query_params.get('service', None)
public = self.request.query_params.get('public', None)
private = self.request.query_params.get('private', None)
if public and private:
# Ignore
pass
elif public:
if service:
queryset = queryset.filter(accessions__service=service)
else:
queryset = queryset.filter(is_public=True)
elif private:
if service:
queryset = queryset.filter(~Q(accessions__service=service))
else:
queryset = queryset.filter(is_public=False)
return queryset
class PartyDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Party.objects.all()
permission_classes = (Or(IsAdmin, And(IsAuth,
IsHostOfPartyObjectOrReadOnly)), )
def get_serializer_class(self):
if self.request.method == 'GET':
party_id = self.kwargs['pk']
party = Party.objects.get(pk=party_id)
user = self.request.user
if user.is_staff or user == party.host:
return PartyManagerSerializer
elif user in party.bouncers.all() or user in party.invitees.all():
return PartySerializer
else:
return PartySummarySerializer
else:
return PartyManagerSerializer
class ProfileImageView(MongoAPIView):
permission_classes = [
Or(build_permission_class('dms.can_manage_users'),
IsCurrentUsersProfile),
]
DEFAULT_IMAGE_PATH = settings.STATICFILES_DIRS[
0] + "/img/default_profile.jpg"
def get(self, request, *args, **kwargs):
try:
profile = UserProfile.objects.get(id=kwargs['id'])
if profile and hasattr(profile, 'photo'):
photo = profile.photo.read()
return HttpResponse(photo,
content_type=profile.photo.content_type)
except:
return HttpResponse(open(self.DEFAULT_IMAGE_PATH),
content_type='image/jpeg')
class AppointmentScheduleViewSet(GenericViewSet, mixins.ListModelMixin):
"""
List appointment schedules with doctors
For filtering by date, use
GET /api/v1/appointments/schedules?
appointment_starts=2017-1-1&appointment_ends=2017-12-31
"""
queryset = AppointmentSchedule.objects.all().order_by('-id')
serializer_class = AppointmentScheduleSerializer
permission_classes = (Or(IsSuperAdmin, IsClinicsAdmin, IsDoctor), )
filter_backends = (
AppointmentScheduleFilter,
DjangoFilterBackend,
)
filter_class = AppointmentScheduleDateTimeFilter
pagination_class = ViewPagination
class UserSelfDetailsOrCreate(generics.ListCreateAPIView):
permission_classes = [
Or(
# Only GET and POST allowed, all other are Not Allowed.
And(IsReadyOnlyRequest, permissions.IsAuthenticated
), # Any authenticated user can get its details.
IsPostRequest, # Anyone should be allowed to POST, i.e. to create new user.
)
]
def get_serializer_class(self):
if self.request.method in permissions.SAFE_METHODS:
return UserSerializerReadSerializer
else:
return UserSerializerWriteSerializer
def get_queryset(self):
return models.User.objects.filter(pk=self.request.user.pk)
class DataObjectHighLevelApiViewSet(GenericEndpointViewSetMixin, v1_views.DataObjectHighLevelApiViewSetBase):
serializer_class = DataObjectHighLevelApiSerializer
serializer_detail_class = DataObjectHighLevelApiDetailSerializer
permission_classes = (
Or(AdminHasPermissions, ApiKeyHasPermissions, AllowEndpointAction),
OwnerInGoodStanding,
)
def endpoint_get(self, request, *args, **kwargs):
return self.run_view(request, *args, **kwargs)
@force_atomic(False)
def endpoint_post(self, request, *args, **kwargs):
queryset = self.filter_queryset(self.get_queryset())
lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field
filter_kwargs = {self.lookup_field: self.kwargs[lookup_url_kwarg]}
self.object = get_object_or_404(queryset, **filter_kwargs)
return self.run_data_api_view(request)
class userkeysViewSet(viewsets.ReadOnlyModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
queryset = userkeys.objects.all()
serializer_class = userkeys_serializer
permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess), )
pagination_class = basePagination
filter_backends = (DjangoFilterBackend, )
filterset_fields = ('user', )
def get_queryset(self):
username = self.request.query_params.get('username', None)
print("USERNAME QUERYSET: ", username, file=sys.stderr)
if username:
user_selected = User.objects.get(username=username)
self.queryset = self.queryset.filter(user=user_selected)
return self.queryset
class StudentAttendance(APIView):
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (Or(permissions.IsAdminUser, WriteTokenOnly),)
def get(self, request, format = None):
course_id = request.GET.get('course_id')
date = request.GET.get('date')
lectures = Lecture.objects.filter(course = course_id, begin__date = date)
response = []
for lecture in lectures:
student_att = StudentsAttendLectures.objects.filter(lecture = lecture)
att_list = {att.student.student.user.email: [att.present, att.id] for att in student_att}
att_list['time'] = lecture.begin.time()
response.append(att_list)
return Response(response)
class TotalStudentAttendance(APIView):
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (Or(permissions.IsAdminUser, WriteTokenOnly),)
def get(self, request, format = None):
course_id = request.GET.get('course_id')
students = [sac.student for sac in StudentAttendCourses.objects.filter(course = course_id)]
lectures = Lecture.objects.filter(course = course_id)
response = {}
for student in students:
att = 0
for lecture in lectures:
student_att = StudentsAttendLectures.objects.get(lecture = lecture, student = student)
att += int(student_att.present)
response[student.student.user.email] = att*1.0/len(lectures) if len(lectures) > 0 else 0
return Response(response)
class UpdateDestroyUser(
mixins.UpdateModelMixin,
mixins.DestroyModelMixin,
generics.GenericAPIView):
queryset = MyUser.objects.all()
serializer_class = UpdateUserSerializer
permission_classes = [Or(IsSameUser,IsSuperAdmin)]
def put(self, request, *args, **kwargs):
return self.update(request, *args, **kwargs)
def delete(self, request, *args, **kwargs):
return self.destroy(request, *args, **kwargs)
def getPk(self):
return self.kwargs['pk']
class image_objectsViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows to be view or edit image objects.
get:
List image objects matching url parameters.
post:
Create a new image object instance.
patch:
edit and update an existing image object.
delete:
permanently delete an existing image object.
"""
queryset = image_objects.objects.all()
serializer_class = image_objects_serializer
permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess), )
pagination_class = basePagination
distance_filter_field = 'geom'
bbox_filter_field = 'geom'
filter_backends = (DjangoFilterBackend, DistanceToPointFilter,
InBBoxFilter)
filterset_fields = ('panorama', 'type')
def get_queryset(self):
as_geojson = self.request.query_params.get('as_geojson', None)
if as_geojson:
self.serializer_class = image_objects_geo_serializer
self.pagination_class = GeoJsonPagination
return self.queryset
def initial(self, request, *args, **kwargs):
if request.method == 'GET':
self.permission_classes = (Or(baseAPIPermission, IsAuthenticated,
HasAPIAccess),
) #Or(baseAPIPermission, HasAPIAccess),
else:
self.permission_classes = (IsAuthenticated, )
super(image_objectsViewSet, self).initial(request, *args, **kwargs)
class CreditCardDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = CreditCard.objects.all()
serializer_class = CreditCardSerializer
authentication_classes = [OAuth2Authentication, SessionAuthentication]
permission_classes = [Or(IsAdminUser, TokenHasReadWriteScope)]
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
if Wallet.objects.filter(cards=instance.pk):
return Response(
status=status.HTTP_400_BAD_REQUEST,
data={
"non_field_errors":
["To delete a card, please remove it from the wallet!"]
})
self.perform_destroy(instance)
return Response(status=status.HTTP_204_NO_CONTENT)
def perform_destroy(self, instance):
instance.delete()
class BaseLineUpload(generics.ListCreateAPIView):
serializer_class = serializers.FileUploadSerializer
queryset = FileUpload.objects.all()
pagination_class = FileUploadLimitOffsetPagination
# TODO: UPDATE PERMISSIONS
permission_classes = [
Or(
And(IsGet, permissions.IsAuthenticated),
And(IsPost, permissions.IsAuthenticated, IsAllowedToUpload),
)
]
def get_queryset(self):
return self.queryset.filter(user=self.request.user)
def perform_create(self, serializer):
obj = serializer.save(user=self.request.user)
task = import_to_db.delay(obj.id)
# Set the task id
obj.task_id = task.task_id
obj.save()
class GroupMembershipViewSet(v1_views.GroupMembershipViewSet):
"""
Groups of a User ViewSet
"""
serializer_class = GroupMembershipSerializer
permission_classes = (
Or(
# Check admin permissions
AdminHasPermissions,
# Check API Key ACL
CheckGroupMembershipAclPermission,
),
OwnerInGoodStanding,
)
def get_queryset(self):
base_query = super(v1_views.GroupMembershipViewSet,
self).get_queryset()
return base_query.select_related('user').prefetch_related(
'user__groups')
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
queryset = User.objects.all().order_by('-date_joined')
def get_queryset(self):
"""
This view should return a list of all the purchases
for the currently authenticated user.
"""
user = self.request.user
return User.objects.filter(
cliente=user.cliente).order_by('-date_joined')
serializer_class = UserSerializer
permission_classes = [
permissions.IsAuthenticated,
Or(IsAdminGroup, IsSuperAdminGroup)
]
class BatchView(InstanceBasedMixin, generics.GenericAPIView):
permission_classes = (OwnerInGoodStanding,
Or(permissions.IsAuthenticated, IsApiKeyAccess))
serializer_class = BatchSerializer
def get_queryset(self):
# Workaround so that browsable API does not complain.
return
def create_headers(self, request):
return {'X_BATCHING': '1'}
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
if serializer.is_valid():
batch_limit = settings.BATCH_MAX_SIZE
requests_data = serializer.data['requests']
if len(requests_data) > batch_limit:
raise BatchLimitExceeded(batch_limit)
headers = self.create_headers(request)
max_response_size = settings.MAX_RESPONSE_SIZE
responses = []
for data in requests_data:
wsgi_request = get_wsgi_request_object(request._request,
method=data['method'],
url=data['path'],
headers=headers,
body=data['body'])
response, response_len = get_response(
wsgi_request, instance=request.instance)
if 'content' in response:
max_response_size -= response_len
max_response_size = max(max_response_size, 0)
responses.append(response)
return Response(responses, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
