From cd067ca1c1ff81d66d2ed72f1a7a28196b7cf6c8 Mon Sep 17 00:00:00 2001
From: Zamil Majdy <z.majdy1996@gmail.com>
Date: Tue, 28 Mar 2017 06:27:54 +0700
Subject: [PATCH] [#140382397] #11 Add bookmark vacancy API
---
core/lib/permissions.py | 9 ++++-----
core/views/accounts.py | 31 +++++++------------------------
core/views/vacancies.py | 29 +++++++++++++++++++++++++----
kape/urls.py | 6 +++---
4 files changed, 39 insertions(+), 36 deletions(-)
diff --git a/core/lib/permissions.py b/core/lib/permissions.py
index 662cbbbf..7dbf5205 100644
--- a/core/lib/permissions.py
+++ b/core/lib/permissions.py
@@ -45,8 +45,8 @@ class IsAdminOrStudent(permissions.BasePermission):
student = obj.student
else:
raise APIException(
- "Checking student permission on object {} not associated with carrier"
- .format(type(obj.__name__))
+ "Checking student permission on object {} not associated with Student"
+ .format(type(obj.__name__))
)
return hasattr(user, "student") and user.student == student
@@ -67,7 +67,7 @@ class IsAdminOrSupervisor(permissions.BasePermission):
supervisor = obj.supervisor
else:
raise APIException(
- "Checking supervisor permission on object {} not associated with carrier"
+ "Checking supervisor permission on object {} not associated with Supervisor"
.format(type(obj.__name__))
)
@@ -89,9 +89,8 @@ class IsAdminOrCompany(permissions.BasePermission):
company = obj.company
else:
raise APIException(
- "Checking company permission on object {} not associated with carrier"
+ "Checking company permission on object {} not associated with Company"
.format(type(obj.__name__))
)
return hasattr(user, "company") and user.company == company
-
diff --git a/core/views/accounts.py b/core/views/accounts.py
index de96c6dc..a77ad83b 100644
--- a/core/views/accounts.py
+++ b/core/views/accounts.py
@@ -1,19 +1,17 @@
from django.contrib.auth.models import User
-from django.shortcuts import get_object_or_404
-from rest_framework import status
from rest_framework import viewsets
-from rest_framework.decorators import list_route, detail_route
-from rest_framework.exceptions import ValidationError
+from rest_framework.decorators import list_route
from rest_framework.response import Response
-from core.models import Vacancy
-from core.models.accounts import Student, Company, Supervisor, get_display_name
+from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor
+from core.models.accounts import Student, Company, Supervisor
from core.serializers.accounts import UserSerializer, StudentSerializer, CompanySerializer, SupervisorSerializer
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
+ permission_classes = [IsAdminOrSelfOrReadOnly]
@list_route(methods=['get'])
def me(self, request):
@@ -25,34 +23,19 @@ class UserViewSet(viewsets.ModelViewSet):
class StudentViewSet(viewsets.ModelViewSet):
queryset = Student.objects.all()
serializer_class = StudentSerializer
-
- @detail_route(methods=['post'], url_path='bookmarked-vacancies')
- def bookmark_vacancies(self, request, pk):
- user = self.request.user
- vacancy = get_object_or_404(Vacancy.objects.all(), pk=request.data['vacancy_id'])
- student = get_object_or_404(Student.objects.all(), pk=pk)
- if student != user.student and not user.is_staff:
- raise ValidationError('You must be a student'
- )
- student.bookmarked_vacancies.add(vacancy)
- return Response(vacancy, status=status.HTTP_200_OK)
-
- @detail_route(methods=['delete'], url_path='bookmarked-vacancies')
- def unbookmark_vacancies(self, request, pk):
- vacancy = get_object_or_404(Vacancy.objects.all(), pk=request.data['vacancy_id'])
- student = self.request.user.student
- student.bookmarked_vacancies.remove(vacancy)
- return Response(vacancy, status=status.HTTP_200_OK)
+ permission_classes = [IsAdminOrStudent]
class CompanyViewSet(viewsets.ModelViewSet):
queryset = Company.objects.all()
serializer_class = CompanySerializer
+ permission_classes = [IsAdminOrCompany]
class SupervisorViewSet(viewsets.ModelViewSet):
queryset = Supervisor.objects.all()
serializer_class = SupervisorSerializer
+ permission_classes = [IsAdminOrSupervisor]
diff --git a/core/views/vacancies.py b/core/views/vacancies.py
index 6b6ba7e9..7ca742e9 100644
--- a/core/views/vacancies.py
+++ b/core/views/vacancies.py
@@ -1,5 +1,9 @@
from rest_framework import viewsets
+from rest_framework.generics import get_object_or_404
+from rest_framework.response import Response
+from core.lib.permissions import IsAdminOrStudent
+from core.models import Student
from core.models.vacancies import Vacancy, Application
from core.serializers.vacancies import VacancySerializer, ApplicationSerializer
@@ -14,7 +18,24 @@ class ApplicationViewSet(viewsets.ModelViewSet):
serializer_class = ApplicationSerializer
-
-
-
-
+class BookmarkedVacancyByStudentViewSet(viewsets.GenericViewSet):
+ serializer_class = VacancySerializer
+ permission_classes = [IsAdminOrStudent]
+
+ def list(self, request, student_id):
+ student = get_object_or_404(Student.objects.all(), pk=student_id)
+ vacancies = self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request})
+ return Response(vacancies.data)
+
+ def create(self, request, student_id):
+ print request.data
+ vacancy = get_object_or_404(Vacancy.objects.all(), pk=request.data['vacancy_id'])
+ student = get_object_or_404(Student.objects.all(), pk=student_id)
+ student.bookmarked_vacancies.add(vacancy)
+ return Response(self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request}).data)
+
+ def destroy(self, request, student_id, pk):
+ vacancy = get_object_or_404(Vacancy.objects.all(), pk=pk)
+ student = get_object_or_404(Student.objects.all(), pk=student_id)
+ student.bookmarked_vacancies.remove(vacancy)
+ return Response(self.serializer_class(student.bookmarked_vacancies, many=True, context={'request': request}).data)
diff --git a/kape/urls.py b/kape/urls.py
index 58a416e7..133d43c2 100755
--- a/kape/urls.py
+++ b/kape/urls.py
@@ -23,12 +23,14 @@ from rest_framework_swagger.views import get_swagger_view
from core import apps
from core.views.accounts import StudentViewSet, CompanyViewSet, SupervisorViewSet, UserViewSet
-from core.views.vacancies import VacancyViewSet, ApplicationViewSet
+from core.views.vacancies import VacancyViewSet, ApplicationViewSet, BookmarkedVacancyByStudentViewSet
schema_view = get_swagger_view()
router = routers.DefaultRouter()
router.register(r'users', UserViewSet)
router.register(r'students', StudentViewSet)
+router.register(r'students/(?P<student_id>\d+)/bookmarked-vacancies', BookmarkedVacancyByStudentViewSet,
+ base_name='bookmarked-vacancy-list')
router.register(r'companies', CompanyViewSet)
router.register(r'supervisors', SupervisorViewSet)
router.register(r'vacancies', VacancyViewSet)
@@ -43,5 +45,3 @@ urlpatterns += [
url(r'^admin/', admin.site.urls),
url(r'', apps.index, name="index"),
]
-
-
--
GitLab