Fakultas Ilmu Komputer UI

Commit f9e68f0d authored by Zamil Majdy's avatar Zamil Majdy
Browse files

[#140382397] #11 Set Bookmark permissions

parent cd067ca1
from django.contrib.auth.models import User
from rest_framework import viewsets
from rest_framework.decorators import list_route
from rest_framework.permissions import IsAdminUser, IsAuthenticated, AllowAny
from rest_framework.response import Response
from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor
......@@ -11,34 +12,51 @@ from core.serializers.accounts import UserSerializer, StudentSerializer, Company
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [IsAdminOrSelfOrReadOnly]
permission_classes = [IsAdminUser]
@list_route(methods=['get'])
@list_route(methods=['get'], permission_classes=[IsAuthenticated])
def me(self, request):
user = self.request.user
serializer = UserSerializer(user, context={"request": request})
return Response(serializer.data)
def get_permissions(self):
if self.action == "update":
return [IsAdminOrSelfOrReadOnly(), IsAuthenticated()]
if self.action == "create":
return [AllowAny()]
return super(UserViewSet, self).get_permissions()
class StudentViewSet(viewsets.ModelViewSet):
queryset = Student.objects.all()
serializer_class = StudentSerializer
permission_classes = [IsAdminOrStudent]
permission_classes = [IsAdminUser]
def get_permissions(self):
if self.action == "update":
return [IsAdminOrSelfOrReadOnly(), IsAdminOrStudent()]
return super(StudentViewSet, self).get_permissions()
class CompanyViewSet(viewsets.ModelViewSet):
queryset = Company.objects.all()
serializer_class = CompanySerializer
permission_classes = [IsAdminOrCompany]
permission_classes = [IsAdminUser]
def get_permissions(self):
if self.action == "update":
return [IsAdminOrSelfOrReadOnly(), IsAdminOrCompany()]
return super(CompanyViewSet, self).get_permissions()
class SupervisorViewSet(viewsets.ModelViewSet):
queryset = Supervisor.objects.all()
serializer_class = SupervisorSerializer
permission_classes = [IsAdminOrSupervisor]
permission_classes = [IsAdminUser]
def get_permissions(self):
if self.action == "update":
return [IsAdminOrSelfOrReadOnly(), IsAdminOrSupervisor()]
return super(SupervisorViewSet, self).get_permissions()
......@@ -2,7 +2,7 @@ from rest_framework import viewsets
from rest_framework.generics import get_object_or_404
from rest_framework.response import Response
from core.lib.permissions import IsAdminOrStudent
from core.lib.permissions import IsAdminOrStudent, IsAdminOrCompany
from core.models import Student
from core.models.vacancies import Vacancy, Application
from core.serializers.vacancies import VacancySerializer, ApplicationSerializer
......@@ -11,11 +11,13 @@ from core.serializers.vacancies import VacancySerializer, ApplicationSerializer
class VacancyViewSet(viewsets.ModelViewSet):
queryset = Vacancy.objects.all().filter(verified=True)
serializer_class = VacancySerializer
permission_classes = [IsAdminOrCompany]
class ApplicationViewSet(viewsets.ModelViewSet):
queryset = Application.objects.all()
serializer_class = ApplicationSerializer
permission_classes = [IsAdminOrStudent]
class BookmarkedVacancyByStudentViewSet(viewsets.GenericViewSet):
......@@ -28,7 +30,6 @@ class BookmarkedVacancyByStudentViewSet(viewsets.GenericViewSet):
return Response(vacancies.data)
def create(self, request, student_id):
print request.data
vacancy = get_object_or_404(Vacancy.objects.all(), pk=request.data['vacancy_id'])
student = get_object_or_404(Student.objects.all(), pk=student_id)
student.bookmarked_vacancies.add(vacancy)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment