Commit 3958eae3 authored by Bruno Martin's avatar Bruno Martin
Browse files

add suport to classroom messages

parent 6b9d0780
...@@ -64,6 +64,5 @@ class ClassroomSerializer(serializers.ModelSerializer): ...@@ -64,6 +64,5 @@ class ClassroomSerializer(serializers.ModelSerializer):
def get_can_edit(self, obj): def get_can_edit(self, obj):
request = self.context.get("request", None) request = self.context.get("request", None)
if request and hasattr(request, "user"): if request and hasattr(request, "user"):
return request.user in obj.assistants.all() \ return obj.is_assistant_or_coordinator(request.user) \
or request.user in obj.coordinators.all() \
or request.user.is_superuser or request.user.is_superuser
...@@ -40,17 +40,26 @@ class IsAdmin(permissions.BasePermission): ...@@ -40,17 +40,26 @@ class IsAdmin(permissions.BasePermission):
elif request.user and request.user.is_superuser: elif request.user and request.user.is_superuser:
return True return True
class IsAssistantOrCoordinatorOrReadOnly(permissions.BasePermission):
class IsAssistantOrCoordinatorOrAdminOrRecipient(permissions.BasePermission):
""" """
Check if a user can send messages to students enrolled in a course Check if a user can send or read messages.
""" """
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request, if request.user and request.user.is_superuser:
# so we'll always allow GET, HEAD or OPTIONS requests. return True
if request.method in permissions.SAFE_METHODS: elif (request.method in permissions.SAFE_METHODS and
(request.user in obj.users.all() or
request.user.groups.all().intersection(obj.groups.all()).exists())):
return True return True
else: elif obj.course:
return obj.course.is_assistant_or_coordinator(request.user) return obj.course.is_assistant_or_coordinator(request.user)
elif obj.classrooms:
# The user must be assistant or coordinator of all classroom he want to send the message
for classroom in obj.classrooms.all():
if not classroom.is_assistant_or_coordinator(request.user):
return False
class IsAdminOrReadOnly(IsAdmin): class IsAdminOrReadOnly(IsAdmin):
""" """
......
...@@ -11,7 +11,11 @@ from .serializers import (CourseSerializer, BasicCourseProfessorSerializer, ...@@ -11,7 +11,11 @@ from .serializers import (CourseSerializer, BasicCourseProfessorSerializer,
ProfessorMessageSerializer, ProfessorMessageReadSerializer, ProfessorMessageSerializer, ProfessorMessageReadSerializer,
) )
from .permissions import (IsProfessorCoordinatorOrAdminPermissionOrReadOnly, IsAssistantOrCoordinatorOrReadOnly, IsAdminOrReadOnly) from .permissions import (
IsProfessorCoordinatorOrAdminPermissionOrReadOnly,
IsAssistantOrCoordinatorOrAdminOrRecipient,
IsAdminOrReadOnly,
)
class CourseViewSet(viewsets.ModelViewSet): class CourseViewSet(viewsets.ModelViewSet):
...@@ -89,14 +93,15 @@ class BaseCourseProfessorViewSet(viewsets.ModelViewSet): ...@@ -89,14 +93,15 @@ class BaseCourseProfessorViewSet(viewsets.ModelViewSet):
class ProfessorMessageViewSet(viewsets.ModelViewSet): class ProfessorMessageViewSet(viewsets.ModelViewSet):
model = ProfessorMessage model = ProfessorMessage
lookup_field = 'id' queryset = ProfessorMessage.objects.all()
filter_fields = ('course',) filter_fields = ('course', 'classrooms')
serializer_class = ProfessorMessageSerializer serializer_class = ProfessorMessageSerializer
permission_classes = (IsAssistantOrCoordinatorOrReadOnly,) permission_classes = (IsAssistantOrCoordinatorOrAdminOrRecipient,)
def perform_create(self, serializer): def perform_create(self, serializer):
classes = serializer.context['request'].data.get('classes', None) classes = serializer.context['request'].data.get('classes', None)
recipients = serializer.context['request'].data.get('users', None) recipients = serializer.context['request'].data.get('users', None)
classrooms = serializer.context['request'].data.get('classroom', None)
users_to_be_added = [] users_to_be_added = []
User = get_user_model() User = get_user_model()
...@@ -110,13 +115,28 @@ class ProfessorMessageViewSet(viewsets.ModelViewSet): ...@@ -110,13 +115,28 @@ class ProfessorMessageViewSet(viewsets.ModelViewSet):
klass = Class.objects.get(id=class_id) klass = Class.objects.get(id=class_id)
for user in klass.students.all(): for user in klass.students.all():
users_to_be_added.append(user.id) users_to_be_added.append(user.id)
elif classrooms:
for classrooms_id in classrooms:
classrooms = Classrooms.objects.get(id=classrooms_id)
users_to_be_added = classrooms.group.user_set.all()
obj = serializer.save(professor=self.request.user, users=users_to_be_added) obj = serializer.save(professor=self.request.user, users=users_to_be_added)
if obj: if obj:
obj.send() obj.send()
def get_queryset(self): def get_queryset(self):
queryset = ProfessorMessage.objects.filter(users__in=[self.request.user]).order_by('-id') queryset = super().get_queryset()
query = Q(
Q(users=self.request.user)
| Q(groups__in=self.request.user.groups.all())
| Q(professor=self.request.user)
)
queryset = queryset.filter(query).order_by('-id').distinct()
classroom = self.request.query_params.get('classroom', None)
if classroom:
queryset = queryset.filter(classrooms=classroom)
unread = self.request.query_params.get('unread', None) unread = self.request.query_params.get('unread', None)
if unread: if unread:
...@@ -127,15 +147,14 @@ class ProfessorMessageViewSet(viewsets.ModelViewSet): ...@@ -127,15 +147,14 @@ class ProfessorMessageViewSet(viewsets.ModelViewSet):
if limit_to: if limit_to:
queryset = queryset[:int(limit_to)] queryset = queryset[:int(limit_to)]
return queryset return queryset.prefetch_related('classrooms', 'classes', 'users', 'groups',).select_related('course', 'professor')
# This view creates ProfessorMessages targeting specific users and with no ties to any course
# Only site admins can create messages using this endpoint
class ProfessorGlobalMessageViewSet(ProfessorMessageViewSet):
class ProfessorGlobalMessageViewSet(mixins.CreateModelMixin, """
mixins.ListModelMixin, This view creates ProfessorMessages targeting specific users and with no ties to any course
viewsets.GenericViewSet): Only site admins can create messages using this endpoint
"""
model = ProfessorMessage model = ProfessorMessage
serializer_class = ProfessorMessageSerializer serializer_class = ProfessorMessageSerializer
permission_classes = (IsAdminOrReadOnly,) permission_classes = (IsAdminOrReadOnly,)
...@@ -163,16 +182,6 @@ class ProfessorGlobalMessageViewSet(mixins.CreateModelMixin, ...@@ -163,16 +182,6 @@ class ProfessorGlobalMessageViewSet(mixins.CreateModelMixin,
if obj: if obj:
obj.send() obj.send()
def get_queryset(self):
# Get all admin messages sent using this view
queryset = ProfessorMessage.objects.filter(course=None).order_by('-id')
limit_to = self.request.query_params.get('limit_to', None)
if limit_to:
queryset = queryset[:int(limit_to)]
return queryset
class ProfessorMessageReadViewSet(viewsets.ModelViewSet): class ProfessorMessageReadViewSet(viewsets.ModelViewSet):
model = ProfessorMessageRead model = ProfessorMessageRead
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment