Fakultas Ilmu Komputer UI

accounts.py 7.8 KB
Newer Older
1
import requests
2
from django.contrib.auth import authenticate, login
3
from django.contrib.auth.models import User
4
from rest_framework import viewsets, status
5
from rest_framework.decorators import list_route
6
from rest_framework.parsers import FormParser,MultiPartParser
7
from rest_framework.permissions import AllowAny
8
from rest_framework.permissions import IsAdminUser, IsAuthenticated
9
from rest_framework.response import Response
10
from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_409_CONFLICT
11

12
13
from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor
from core.models.accounts import Student, Company, Supervisor
14
from core.serializers.accounts import UserSerializer, StudentSerializer, CompanySerializer, SupervisorSerializer, \
15
    LoginSerializer, RegisterSerializer
16

17

18
19
20
class UserViewSet(viewsets.ModelViewSet):
    queryset = User.objects.all()
    serializer_class = UserSerializer
21
    permission_classes = [IsAdminUser]
22

23
    @list_route(methods=['get'], permission_classes=[IsAuthenticated])
24
    def me(self, request):
25
26
27
        """
        Get current user's details
        """
28
29
30
31
        user = self.request.user
        serializer = UserSerializer(user, context={"request": request})
        return Response(serializer.data)

32
33
34
35
36
37
38
    def get_permissions(self):
        if self.action == "update":
            return [IsAdminOrSelfOrReadOnly(), IsAuthenticated()]
        if self.action == "create":
            return [AllowAny()]
        return super(UserViewSet, self).get_permissions()

39

40
41
42
class StudentViewSet(viewsets.ModelViewSet):
    queryset = Student.objects.all()
    serializer_class = StudentSerializer
43
44
45
46
47
48
    permission_classes = [IsAdminUser]

    def get_permissions(self):
        if self.action == "update":
            return [IsAdminOrSelfOrReadOnly(), IsAdminOrStudent()]
        return super(StudentViewSet, self).get_permissions()
49

50
51
52
53

class CompanyViewSet(viewsets.ModelViewSet):
    queryset = Company.objects.all()
    serializer_class = CompanySerializer
54
    permission_classes = [IsAdminOrSelfOrReadOnly, IsAdminOrCompany]
55
56
57
58
59


class SupervisorViewSet(viewsets.ModelViewSet):
    queryset = Supervisor.objects.all()
    serializer_class = SupervisorSerializer
60
    permission_classes = [IsAdminOrSelfOrReadOnly, IsAdminOrSupervisor]
61

62

63
64
class LoginViewSet(viewsets.GenericViewSet):
    permission_classes = (AllowAny, )
65
    serializer_class = LoginSerializer
66
67
68
69
    queryset = User.objects.all()

    def create(self, request):
        """
70
        Authentication for user by means of logging in
71
72
        ---
        parameters:
73
74
75
76
77
            - name: body
              description: JSON object containing three strings: username, password and login-type. login-type should be either 'sso-ui' or 'company'.
              required: true
              type: string
              paramType: body
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
        """
        username = request.data.get('username')
        password = request.data.get('password')
        login_type = request.data.get('login-type')
        if username is None or password is None or login_type is None:
            return Response(status=status.HTTP_400_BAD_REQUEST)
        if login_type == "sso-ui":
            r = requests.post('https://api.cs.ui.ac.id/authentication/ldap/v2/',
                              json={"username": username, "password": password})
            resp = r.json()
            if resp.get('state') != 0:
                # create user
                name = resp.get('nama').split(" ")
                first_name = name[0]
                name.pop(0)
                last_name = " ".join(name)
                user, created = User.objects.get_or_create(
                    username=username,
                    email=username + "@ui.ac.id",
                    first_name=first_name,
                    last_name=last_name
                )
                user.set_password(password)
                user.save()
                login(request, user)
                if created:
                    if resp.get('nama_role') == "mahasiswa":
                        student = Student.objects.create(
                            user=user,
                            npm=resp.get("kodeidentitas"),
                            resume=None,
                            phone_number=None
                        )
                        student.save()
                    else:
                        supervisor = Supervisor.objects.create(
                            user=user,
                            nip=resp.get("kodeidentitas")
                        )
                        supervisor.save()
118
119
120
121
                    serializer = LoginSerializer(user, context={'request': request})
                    return Response(serializer.data, status=status.HTTP_201_CREATED)
                serializer = LoginSerializer(user, context={'request': request})
                return Response(serializer.data, status=status.HTTP_200_OK)
122
123
            else:
                return Response(status=status.HTTP_401_UNAUTHORIZED)
124
        elif login_type == "company":
125
126
127
            user = authenticate(username = username, password = password)
            if user is not None:
                login(request, user)
128
129
                serializer = LoginSerializer(user, context={'request': request})
                return Response(serializer.data, status=status.HTTP_200_OK)
130
131
            else:
                return Response(status=status.HTTP_401_UNAUTHORIZED)
132
133
        else:
            return Response(status=status.HTTP_400_BAD_REQUEST)
134
135
136
137
138
139
140
141
142


class CompanyRegisterViewSet(viewsets.GenericViewSet):
    permission_classes = (AllowAny,)
    serializer_class = RegisterSerializer
    queryset = Company.objects.all()
    parser_classes = (MultiPartParser, FormParser,)

    def create(self, request):
143
144
145
146
147
148
149
150
151
        """
        Create a new company user
        ---
        parameters:
            - name: username
              description: username of the new account 
              required: true
              type: string
            - name: password
Zamil Majdy's avatar
Zamil Majdy committed
152
              description: password of the new account
153
154
155
              required: true
              type: string
            - name: email
Zamil Majdy's avatar
Zamil Majdy committed
156
              description: email address of the new account
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
              required: true
              type: string
            - name: name
              description: the new company's name
              required: true
              type: string
            - name: description
              description: description of the new company
              required: true
              type: string
            - name: logo
              description: logo of the new company
              required: false
              type: image
            - name: address
Zamil Majdy's avatar
Zamil Majdy committed
172
              description: address of the new account
173
174
175
              required: false
              type: string
        """
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
        data = {}
        for attr in ['password', 'email', 'name', 'description', 'logo', 'address']:
            data[attr] = request.data.get(attr)
            if data[attr] is None:
                return Response({'error': attr+' is required'}, status=HTTP_400_BAD_REQUEST)

        user, created = User.objects.get_or_create(
            username=data['email'],
            email=data['email'],
            first_name=data['name'],
            last_name=""
        )
        if created:
            user.set_password(data['password'])
            company = Company.objects.create(
                user=user,
                description=data['description'],
                logo=data['logo'],
                address=data['address']
195
            )
196
197
198
            user.save()
            company.save()
            serializer = self.serializer_class(user, context={'request': request})
199
            login(request, user)
200
201
202
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        else:
            return Response({'error': 'Company with email '+data['email']+' already exist'}, status=HTTP_409_CONFLICT)