Refactor API endpoints

bf0eb3ae · Zamil Majdy · 2a9de52c · bf0eb3ae · bf0eb3ae · bf0eb3ae
Commit bf0eb3ae authored Jun 02, 2017 by Zamil Majdy
--- a/assets/js/ProfilePage.jsx
+++ b/assets/js/ProfilePage.jsx
@@ -239,7 +239,7 @@ export default class ProfilePage extends React.Component {

                <Container textAlign="center">
                  <div className="buttonProfile">
-                    <Button onClick={this.gotoStudentResume} primary size="small">Resume</Button>
+                    <Button onClick={this.gotoStudentResume} disabled={!this.state.resume} primary size="small">Resume</Button>
                  </div>
                  <br />
                  <div>

--- a/assets/js/SupervisorPage.jsx
+++ b/assets/js/SupervisorPage.jsx
@@ -25,7 +25,7 @@ export default class SupervisorPage extends React.Component {
  }

  UserList() {
-    Server.get('/student-applications/', false).then((data) => {
+    Server.get('/applications/', false).then((data) => {
      this.setState({ list: data.results });
    });
  }
@@ -44,7 +44,7 @@ export default class SupervisorPage extends React.Component {
        </Grid.Row>
        <Grid.Row>
          <div id="layout-content" className="layout-content-wrapper">
-            <Pagination url={'/student-applications/'} child={<ApplicationList cols={cols} />} />
+            <Pagination url={'/applications/'} child={<ApplicationList cols={cols} />} />
          </div>
        </Grid.Row>
      </Grid>

--- a/assets/js/TranscriptPage.jsx
+++ b/assets/js/TranscriptPage.jsx
@@ -10,8 +10,9 @@ export default class TranscriptPage extends React.Component {
  constructor(props) {
    super(props);
    /* istanbul ignore next */
+    console.log(this.props.params);
    this.state = {};
-    Server.get(`/applications/${this.props.params.id}/`).then(response => this.setState({ data: response }));
+    Server.get(`/applications/${this.props.params.id}/transcript/`).then(response => this.setState({ data: response }));
  }

  render() {

--- a/assets/js/components/ApproveModal.jsx
+++ b/assets/js/components/ApproveModal.jsx
@@ -115,7 +115,7 @@ export default class ApproveModal extends React.Component {
          <b>
            {this.props.data.student.resume ? <a onClick={this.gotoStudentResume} href="#" >CV Pelamar </a> : 'Pelamar tidak memiliki CV'}
            <br />
-            {this.props.data.student.show_transcript ? <a onClick={this.gotoStudentTranscript} href="#" >Transkrip Pelamar</a> : 'Pelamar tidak mengijinkan transktip dilihat'}
+            {this.props.data.student.show_transcript ? <a onClick={this.gotoStudentTranscript} href="#" >Transkrip Pelamar</a> : 'Pelamar tidak mengijinkan transkrip dilihat'}
            <br />
          </b>
        </div>

--- a/assets/js/components/CourseList.jsx
+++ b/assets/js/components/CourseList.jsx
@@ -26,18 +26,15 @@ export default class CourseList extends React.Component {
  render = () => (
    <Segment className="transkrip">
      <Grid>
-        <Grid.Row columns={2}>
-          <Grid.Column width={2} >
+        <Grid.Row>
+          <Segment basic >
            <Image src="/assets/img/UI.png" size="tiny" floated="right" />
-          </Grid.Column>
-          <Grid.Column width={4}>
-            <Segment basic >
-              <h3  style={{ lineHeight: '1%' }}>Universitas Indonesia </h3>
-              <h3  style={{ lineHeight: '1%' }}>Fakultas Ilmu Komputer </h3>
-              <h3  style={{ lineHeight: '1%' }}>Program Studi S1</h3>
-            </Segment>
-          </Grid.Column>
-
+          </Segment>
+          <Segment basic >
+            <h3 style={{ lineHeight: '1%' }}>Universitas Indonesia </h3>
+            <h3 style={{ lineHeight: '1%' }}>Fakultas Ilmu Komputer </h3>
+            <h3 style={{ lineHeight: '1%' }}>Program Studi S1</h3>
+          </Segment>
        </Grid.Row>
        <Container fluid>
          <hr />

--- a/core/lib/permissions.py
+++ b/core/lib/permissions.py
@@ -16,7 +16,7 @@ def is_admin_or_company(user):
    if user.is_superuser or user.is_staff:
        return True

-    if not hasattr(user, "company") or user.company.status != Company.VERIFIED :
+    if not hasattr(user, "company") or user.company.status != Company.VERIFIED:
        raise PermissionDenied("This account is not valid company account or has not been verified")

    return True
@@ -147,10 +147,12 @@ class IsAdminOrVacancyOwner(permissions.BasePermission):
                "Checking owner permission on non-application object"
            )

+
 class AsAdminOrSupervisor(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)

+
 class VacancyApprovalPermission(permissions.BasePermission):
    def has_permission(self, request, view):
        return is_admin_or_supervisor(request.user)

--- a/core/tests/test_accounts.py
+++ b/core/tests/test_accounts.py
@@ -128,22 +128,22 @@ class ProfileUpdateTests(APITestCase):
                                    format='json')
        student_id = response.data.get('student').get('id')

-        url = '/api/profiles/students/' + str(student_id) + "/"
+        url = '/api/students/' + str(student_id) + "/profile/"
        response = self.client.patch(url, {'phone_number': '08123123123'}, format='multipart')
        self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)
        self.assertEqual(response.data.get('phone_number'), '08123123123')

-        url = '/api/profiles/students/' + str(student_id) + "/"
+        url = '/api/students/' + str(student_id) + "/profile/"
        response = self.client.patch(url, {'email': 'saasdasd'}, format='multipart')
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

-        url = '/api/profiles/students/123123123/'
+        url = '/api/students/123123123/profile/'
        response = self.client.patch(url, {'phone_number': '08123123123'}, format='multipart')
        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)

        new_user = User.objects.create_user('dummy.student2', 'dummy.student@student.com', 'lalala123')
        new_student = Student.objects.create(user=new_user, npm="1212121212")

-        url = '/api/profiles/students/' + str(new_student.pk) + "/"
+        url = '/api/students/' + str(new_student.pk) + "/profile/"
        response = self.client.patch(url, {'phone_number': '08123123123'}, format='multipart')
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
--- a/core/tests/test_vacancies.py
+++ b/core/tests/test_vacancies.py
@@ -31,7 +31,8 @@ class ApplicationTests(APITestCase):

        url = '/api/login/'

-        response = self.client.post(url, {'username': 'dummy.mahasiswa', 'password': 'lalala', 'login-type': 'sso-ui'}, format='json')
+        response = self.client.post(url, {'username': 'dummy.mahasiswa', 'password': 'lalala', 'login-type': 'sso-ui'},
+                                    format='json')
        student_id = response.data.get('student').get('id')

        url = '/api/students/' + str(student_id) + '/applied-vacancies/'
@@ -65,11 +66,14 @@ class ApplicationTests(APITestCase):
        student_id = response.data.get('student').get('id')

        new_user = User.objects.create_user('dummy.company', 'dummy.company@company.com', 'lalala123')
-        new_company = Company.objects.create(user=new_user, description="lalala",status=Company.VERIFIED,logo=None,address=None)
-        new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), description="lalala", close_time=datetime.today())
+        new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None,
+                                             address=None)
+        new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0),
+                                             description="lalala", close_time=datetime.today())

        url = '/api/students/' + str(student_id) + '/applied-vacancies/'
-        response = self.client.post(url, {'vacancy_id' : new_vacancy.pk, 'cover_letter' : 'this is a cover letter.'}, format='json')
+        response = self.client.post(url, {'vacancy_id': new_vacancy.pk, 'cover_letter': 'this is a cover letter.'},
+                                    format='json')
        self.assertEqual(response.status_code, status.HTTP_200_OK)

        url = '/api/students/' + str(student_id) + '/applied-vacancies/' + str(new_vacancy.pk) + '/'
@@ -99,7 +103,8 @@ class BookmarkApplicationTests(APITestCase):

        url = '/api/login/'

-        response = self.client.post(url, {'username': 'dummy.mahasiswa', 'password': 'lalala', 'login-type': 'sso-ui'}, format='json')
+        response = self.client.post(url, {'username': 'dummy.mahasiswa', 'password': 'lalala', 'login-type': 'sso-ui'},
+                                    format='json')
        student_id = response.data.get('student').get('id')

        url = '/api/students/' + str(student_id) + '/bookmarked-vacancies/'
@@ -133,11 +138,13 @@ class BookmarkApplicationTests(APITestCase):
        student_id = response.data.get('student').get('id')

        new_user = User.objects.create_user('dummy.company2', 'dummy.compan2y@company.com', 'lalala123')
-        new_company = Company.objects.create(user=new_user, description="lalala",status=Company.VERIFIED,logo=None,address=None)
-        new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), description="lalala", close_time=datetime.today())
+        new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None,
+                                             address=None)
+        new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0),
+                                             description="lalala", close_time=datetime.today())

        url = '/api/students/' + str(student_id) + '/bookmarked-vacancies/'
-        response = self.client.post(url, {'vacancy_id' : new_vacancy.pk}, format='json')
+        response = self.client.post(url, {'vacancy_id': new_vacancy.pk}, format='json')
        self.assertEqual(response.status_code, status.HTTP_200_OK)

        url = '/api/students/' + str(student_id) + '/bookmarked-vacancies/' + str(new_vacancy.pk) + '/'
@@ -169,10 +176,10 @@ class VacancyTest(APITestCase):


 class CompanyListsTests(APITestCase):
-
    def test_company_vacancy_list(self):
        new_user = User.objects.create_user('dummy.company3', 'dummy.company3@company.com', 'lalala123')
-        new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None, address=None)
+        new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None,
+                                             address=None)

        self.client.force_authenticate(new_user)

@@ -182,11 +189,13 @@ class CompanyListsTests(APITestCase):

    def test_company_vacancy_list_unauthorized(self):
        new_user = User.objects.create_user('dummy.company3', 'dummy.company3@company.com', 'lalala123')
-        new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None, address=None)
+        new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None,
+                                             address=None)

        new_user2 = User.objects.create_user('dummy.companyzxc', 'dummy.companyzxc@company.com', 'lalala123')
-        new_company2 = Company.objects.create(user=new_user2, description="lalalaasdsad", status=Company.VERIFIED, logo=None,
-                                             address=None)
+        new_company2 = Company.objects.create(user=new_user2, description="lalalaasdsad", status=Company.VERIFIED,
+                                              logo=None,
+                                              address=None)

        self.client.force_authenticate(new_user2)

@@ -264,7 +273,7 @@ class CompanyListsTests(APITestCase):

        new_user3 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123')
        new_company3 = Company.objects.create(user=new_user3, description="lalala", status=Company.VERIFIED, logo=None,
-                                             address=None)
+                                              address=None)

        self.client.force_authenticate(new_user3)

@@ -326,7 +335,8 @@ class CompanyListsTests(APITestCase):

        self.client.force_authenticate(new_user)

-        url = '/api/companies/' + str(new_company.pk) + '/applications/' + str(new_vacancy.pk) + '/by_vacancy/?status=lalala'
+        url = '/api/companies/' + str(new_company.pk) + '/applications/' + str(
+            new_vacancy.pk) + '/by_vacancy/?status=lalala'
        response = self.client.get(url, format='json')
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

@@ -344,7 +354,8 @@ class CompanyListsTests(APITestCase):

        self.client.force_authenticate(new_user)

-        url = '/api/companies/' + str(new_company.pk) + '/applications/' + str(new_vacancy.pk) + '/by_vacancy/?status=-1'
+        url = '/api/companies/' + str(new_company.pk) + '/applications/' + str(
+            new_vacancy.pk) + '/by_vacancy/?status=-1'
        response = self.client.get(url, format='json')
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

@@ -366,14 +377,14 @@ class CompanyListsTests(APITestCase):
        response = self.client.get(url, format='json')
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

-class SupervisorStudentApplicationTests(APITestCase):

+class SupervisorStudentApplicationTests(APITestCase):
    def test_list_student_application(self):
        new_user = User.objects.create_user('dummy.supervisor', 'dummy.supervisor@asd.asd', 'lalala123')
        new_supervisor = Supervisor.objects.create(user=new_user, nip=1212121212)
        self.client.force_authenticate(user=new_user)

-        url = '/api/student-applications/'
+        url = '/api/applications/'
        response = self.client.get(url, format='json')
        self.assertEqual(response.status_code, status.HTTP_200_OK)

@@ -381,12 +392,12 @@ class SupervisorStudentApplicationTests(APITestCase):
        new_user = User.objects.create_user('dummy.supervisor', 'dummy.supervisor@asd.asd', 'lalala123')
        self.client.force_authenticate(user=new_user)

-        url = '/api/student-applications/'
+        url = '/api/applications/'
        response = self.client.get(url, format='json')
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

-class SupervisorApprovalTests(APITestCase):

+class SupervisorApprovalTests(APITestCase):
    def test_supervisor_approve_vacancy(self):
        new_user = User.objects.create_user('dummy.supervisor', 'dummy.supervisor@asd.asd', 'lalala123')
        new_supervisor = Supervisor.objects.create(user=new_user, nip=1212121212)
@@ -394,12 +405,12 @@ class SupervisorApprovalTests(APITestCase):

        new_user2 = User.objects.create_user('dummy.company2', 'dummy.compan2y@company.com', 'lalala123')
        new_company2 = Company.objects.create(user=new_user2, description="lalala", status=Company.VERIFIED, logo=None,
-                                             address=None)
+                                              address=None)
        new_vacancy2 = Vacancy.objects.create(company=new_company2, verified=False, open_time=datetime.fromtimestamp(0),
-                                             description="lalala", close_time=datetime.today())
+                                              description="lalala", close_time=datetime.today())

        url = '/api/vacancies/' + str(new_vacancy2.pk) + '/verify/'
-        response = self.client.patch(url, {'verified' : True}, format='json')
+        response = self.client.patch(url, {'verified': True}, format='json')
        self.assertEqual(response.status_code, status.HTTP_200_OK)

        retrieve_vacancy = Vacancy.objects.get(pk=new_vacancy2.pk)
@@ -412,10 +423,9 @@ class SupervisorApprovalTests(APITestCase):
        self.client.force_authenticate(user=new_user)

        new_vacancy = Vacancy.objects.create(company=new_company, verified=False, open_time=datetime.fromtimestamp(0),
-                                              description="lalala", close_time=datetime.today())
+                                             description="lalala", close_time=datetime.today())

        url = '/api/vacancies/' + str(new_vacancy.pk) + '/verify/'
        response = self.client.patch(url, format='json')
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
        self.assertEqual(new_vacancy.verified, False)
-
--- a/core/views/accounts.py
+++ b/core/views/accounts.py
@@ -30,7 +30,7 @@ class UserViewSet(viewsets.ModelViewSet):
        return Response(serializer.data)

    def get_permissions(self):
-        if self.action == "update":
+        if self.action == "update" or self.action == "partial_update":
            return [IsAdminOrSelfOrReadOnly(), IsAuthenticated()]
        if self.action == "create":
            return [AllowAny()]
@@ -43,7 +43,7 @@ class StudentViewSet(viewsets.ModelViewSet):
    permission_classes = [IsAdminUser]

    def get_permissions(self):
-        if self.action == "update":
+        if self.action == "update" or self.action == "partial_update":
            return [IsAdminOrSelfOrReadOnly(), IsAdminOrStudent()]
        if self.action == "list":
            return [IsAuthenticated(), IsAdminOrSupervisor()]

--- a/core/views/vacancies.py
+++ b/core/views/vacancies.py
@@ -4,15 +4,17 @@ from rest_framework import viewsets, status
 from rest_framework.decorators import detail_route
 from rest_framework.exceptions import ValidationError
 from rest_framework.generics import get_object_or_404
+from rest_framework.pagination import PageNumberPagination
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework.pagination import PageNumberPagination
+
 from core.lib.mixins import MultiSerializerViewSetMixin
-from core.lib.permissions import IsAdminOrStudent, IsAdminOrCompany, IsAdminOrVacancyOwner, AsAdminOrSupervisor, VacancyApprovalPermission
+from core.lib.permissions import IsAdminOrStudent, IsAdminOrCompany, IsAdminOrVacancyOwner, AsAdminOrSupervisor, \
+    VacancyApprovalPermission
 from core.models import Student, Company
 from core.models.vacancies import Vacancy, Application
 from core.serializers.vacancies import VacancySerializer, ApplicationSerializer, ApplicationStatusSerializer, \
-    VacancyApplicationSerializer, PostVacancySerializer, VacancyVerifiedSerializer, SupervisorStudentApplicationSerializer
+    PostVacancySerializer, VacancyVerifiedSerializer, SupervisorStudentApplicationSerializer


 class VacancyViewSet(MultiSerializerViewSetMixin, viewsets.ModelViewSet):
@@ -35,7 +37,7 @@ class VacancyViewSet(MultiSerializerViewSetMixin, viewsets.ModelViewSet):
        if verified.lower() in ("yes", "true", "t", "1"):
            vacancies = vacancies.filter(verified=True)
        if verified.lower() in {"no", "false", "f", "0"}:
-            vacancies = vacancies.filter(verified=False)    
+            vacancies = vacancies.filter(verified=False)
        page = self.paginate_queryset(vacancies)
        if page is not None:
            return self.get_paginated_response(VacancySerializer(page, many=True, context={'request': request}).data)
@@ -48,17 +50,76 @@ class VacancyViewSet(MultiSerializerViewSetMixin, viewsets.ModelViewSet):
        count_new = Application.objects.filter(vacancy=vacancy, status=Application.NEW).count()
        return Response({"count": count, "count_new": count_new}, status=status.HTTP_200_OK)

-    @detail_route(methods=['patch'], permission_classes=[VacancyApprovalPermission], serializer_class=VacancyVerifiedSerializer)
+    @detail_route(methods=['patch'], permission_classes=[VacancyApprovalPermission],
+                  serializer_class=VacancyVerifiedSerializer)
    def verify(self, request, pk=None):
        vacancy = self.get_object()
        serializer = self.get_serializer_class()(vacancy, data=request.data, partial=True)
        if serializer.is_valid():
            serializer.save()
            return Response(serializer.data, status=status.HTTP_200_OK)
-        return Response({"error" : "bad request"}, status=status.HTTP_400_BAD_REQUEST)
+        return Response({"error": "bad request"}, status=status.HTTP_400_BAD_REQUEST)


-class ApplicationViewSet(viewsets.GenericViewSet):
+class ApplicationViewSet(MultiSerializerViewSetMixin, viewsets.GenericViewSet):
+    queryset = Application.objects.all()
+    serializer_class = ApplicationSerializer
+    serializer_action_classes = {
+        'update': ApplicationStatusSerializer,
+        'partial_update': ApplicationStatusSerializer,
+        'list': SupervisorStudentApplicationSerializer
+    }
+    permission_classes = [IsAdminOrVacancyOwner]
+    pagination_class = PageNumberPagination
+
+    def list(self, request):
+        applications = Application.objects.order_by('student')
+        page = self.paginate_queryset(applications)
+        serializer = self.get_serializer_class()
+        if page is not None:
+            return self.get_paginated_response(
+                serializer(applications, many=True, context={'request': request}).data)
+        return Response(serializer(applications, many=True, context={'request': request}).data)
+
+    def partial_update(self, request, pk=None):
+        application = self.get_object()
+        print self.action
+        serializer = self.get_serializer_class()(application, data=request.data, partial=True)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_202_ACCEPTED)
+        else:
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    @detail_route(methods=['get'], permission_classes=[IsAdminOrVacancyOwner])
+    def transcript(self, request, pk):
+        """
+        Get student {student_id}'s academic transcript
+        ---
+        """
+        application = self.get_object()
+        student = application.student
+        if student.show_transcript:
+            s = requests.Session()
+            credentials = settings.API_CS_CREDENTIALS
+            s.get('https://api.cs.ui.ac.id/api-auth/login/')
+            csrf = s.cookies['csrftoken']
+            resp = s.post('https://api.cs.ui.ac.id/api-auth/login/',
+                          data={'username': credentials["user"], 'password': credentials["password"],
+                                'csrfmiddlewaretoken': csrf})
+            response = s.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/' + str(student.npm) + '/riwayat/')
+            return Response({'name': student.full_name, 'transcript': response.json()}, status=status.HTTP_200_OK)
+        else:
+            return Response({'name': student.full_name, 'error': 'student does not allow transcript to be shown'},
+                            status=status.HTTP_200_OK)
+
+    def get_permissions(self):
+        if self.action == "list":
+            return [AsAdminOrSupervisor()]
+        return super(ApplicationViewSet, self).get_permissions()
+
+
+class StudentApplicationViewSet(viewsets.GenericViewSet):
    serializer_class = ApplicationSerializer
    permission_classes = [IsAdminOrStudent]
    pagination_class = PageNumberPagination
@@ -127,11 +188,16 @@ class CompanyApplicationViewSet(viewsets.GenericViewSet):
            applications = applications.filter(status=request.query_params['status'])
        page = self.paginate_queryset(applications)
        if page is not None:
-            return self.get_paginated_response(ApplicationSerializer(page, many=True, context={'request': request}).data)
+            return self.get_paginated_response(
+                ApplicationSerializer(page, many=True, context={'request': request}).data)
        return Response(ApplicationSerializer(applications, many=True, context={'request': request}).data)

    @detail_route(methods=["get"])
    def by_vacancy(self, request, company_id, pk=None):
+        """
+        Get list of company {company_id}'s applications by vacancy {id}
+        ---
+        """
        if pk is None:
            return list(self, request, company_id)
        company = get_object_or_404(Company.objects.all().order_by('-updated'), pk=company_id)
@@ -159,35 +225,6 @@ class CompanyApplicationViewSet(viewsets.GenericViewSet):
        return Response(ApplicationSerializer(applications, many=True, context={'request': request}).data)


-class CompanyApplicationStatusViewSet(viewsets.GenericViewSet):
-    queryset = Application.objects.all()
-    serializer_class = ApplicationStatusSerializer
-    permission_classes = [IsAdminOrVacancyOwner]
-
-    def partial_update(self, request, pk=None):
-        application = self.get_object()
-        serializer = self.get_serializer_class()(application, data=request.data, partial=True)
-        if serializer.is_valid():
-            serializer.save()
-            return Response(serializer.data, status=status.HTTP_202_ACCEPTED)
-        else:
-            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
-
-    def retrieve(self, request, pk=None):
-        application = self.get_object()
-        student = application.student
-        if student.show_transcript:
-            s = requests.Session()
-            credentials = settings.API_CS_CREDENTIALS
-            s.get('https://api.cs.ui.ac.id/api-auth/login/')
-            csrf = s.cookies['csrftoken']
-            resp = s.post('https://api.cs.ui.ac.id/api-auth/login/', data={'username' : credentials["user"], 'password' : credentials["password"], 'csrfmiddlewaretoken' : csrf})
-            response = s.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/' + str(student.npm) + '/riwayat/')
-            return Response({'name' : student.full_name, 'transcript' : response.json()}, status=status.HTTP_200_OK)
-        else:
-            return Response({'name' : student.full_name, 'error' : 'student does not allow transcript to be shown'}, status=status.HTTP_200_OK)
-
-
 class CompanyVacanciesViewSet(viewsets.GenericViewSet):
    queryset = Vacancy.objects.all()
    pagination_class = PageNumberPagination
@@ -238,7 +275,8 @@ class BookmarkedVacancyByStudentViewSet(viewsets.GenericViewSet):
        vacancy = get_object_or_404(Vacancy.objects.all(), pk=request.data['vacancy_id'])
        student = get_object_or_404(Student.objects.all(), pk=student_id)
        student.bookmarked_vacancies.add(vacancy)
-        return Response(self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request}).data)
+        return Response(
+            self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request}).data)

    def destroy(self, request, student_id, pk):
        """
@@ -248,18 +286,5 @@ class BookmarkedVacancyByStudentViewSet(viewsets.GenericViewSet):
        vacancy = get_object_or_404(Vacancy.objects.all(), pk=pk)
        student = get_object_or_404(Student.objects.all(), pk=student_id)
        student.bookmarked_vacancies.remove(vacancy)
-        return Response(self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request}).data)
-
-
-class SupervisorStudentApplicationViewSet(viewsets.GenericViewSet):
-    queryset = Student.objects.all()
-    serializer_class = SupervisorStudentApplicationSerializer
-    pagination_class = PageNumberPagination
-    permission_classes = [AsAdminOrSupervisor]
-
-    def list(self, request):
-        applications = Application.objects.order_by('student')
-        page = self.paginate_queryset(applications)
-        if page is not None:
-            return self.get_paginated_response(self.serializer_class(applications, many=True, context={'request': request}).data)
-        return Response(self.serializer_class(applications, many=True, context={'request': request}).data)
+        return Response(
+            self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request}).data)
--- a/kape/urls.py
+++ b/kape/urls.py
@@ -24,9 +24,8 @@ from rest_framework_swagger.views import get_swagger_view
 from core import apps
 from core.views.accounts import StudentViewSet, CompanyViewSet, SupervisorViewSet, UserViewSet, LoginViewSet, \
    CompanyRegisterViewSet
-from core.views.vacancies import VacancyViewSet, BookmarkedVacancyByStudentViewSet, ApplicationViewSet, \
-    CompanyApplicationViewSet, CompanyVacanciesViewSet, CompanyApplicationStatusViewSet, \
-    SupervisorStudentApplicationViewSet
+from core.views.vacancies import VacancyViewSet, BookmarkedVacancyByStudentViewSet, StudentApplicationViewSet, \
+    CompanyApplicationViewSet, CompanyVacanciesViewSet, ApplicationViewSet

 schema_view = get_swagger_view()
 router = routers.DefaultRouter()
@@ -37,12 +36,11 @@ router.register(r'supervisors', SupervisorViewSet)
 router.register(r'login', LoginViewSet)
 router.register(r'register', CompanyRegisterViewSet)
 router.register(r'vacancies', VacancyViewSet)
-router.register(r'applications', CompanyApplicationStatusViewSet)
-router.register(r'student-applications', SupervisorStudentApplicationViewSet)
+router.register(r'applications', ApplicationViewSet)
 # router.register(r'students/(?P<student_id>\d+)/profile', StudentProfileViewSet)
 router.register(r'students/(?P<student_id>\d+)/bookmarked-vacancies', BookmarkedVacancyByStudentViewSet,
                base_name='bookmarked-vacancy-list')
-router.register(r'students/(?P<student_id>\d+)/applied-vacancies', ApplicationViewSet,
+router.register(r'students/(?P<student_id>\d+)/applied-vacancies', StudentApplicationViewSet,
                base_name='applications')
 router.register(r'companies/(?P<company_id>\d+)/applications', CompanyApplicationViewSet,
                base_name='company-applications')