Fakultas Ilmu Komputer UI

Commit 4d15e63a authored by Zamil Majdy's avatar Zamil Majdy
Browse files

[#140382397] #11 Update permission and seed

parent 56c05c74
from rest_framework import permissions
from rest_framework.exceptions import APIException
from core.models import Company
from core.models import Student
from core.models import Supervisor
def is_admin_or_student(user):
return user.is_superuser or hasattr(user, "student")
def is_admin_or_company(user):
return user.is_superuser or hasattr(user, "company")
def is_admin_or_supervisor(user):
return user.is_superuser or hasattr(user, "supervisor")
class IsAdminOrSelfOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
if request.user.is_superuser:
return True
# Instance must have an attribute named `user` or be `user`
if hasattr(obj, "user"):
return obj.user == request.user
return obj == request.user
class IsAdminOrStudent(permissions.BasePermission):
def has_permission(self, request, view):
return is_admin_or_student(request.user)
def has_object_permission(self, request, view, obj):
user = request.user
if user.is_superuser:
return True
student = None
if isinstance(obj, Student):
student = obj
elif hasattr(obj, "student"):
student = obj.student
else:
raise APIException(
"Checking student permission on object {} not associated with carrier"
.format(type(obj.__name__))
)
return hasattr(user, "student") and user.student == student
class IsAdminOrSupervisor(permissions.BasePermission):
def has_permission(self, request, view):
return is_admin_or_supervisor(request.user)
def has_object_permission(self, request, view, obj):
user = request.user
if user.is_superuser:
return True
supervisor = None
if isinstance(obj, Supervisor):
supervisor = obj
elif hasattr(obj, "supervisor"):
supervisor = obj.supervisor
else:
raise APIException(
"Checking supervisor permission on object {} not associated with carrier"
.format(type(obj.__name__))
)
return hasattr(user, "supervisor") and user.supervisor == supervisor
class IsAdminOrCompany(permissions.BasePermission):
def has_permission(self, request, view):
return is_admin_or_company(request.user)
def has_object_permission(self, request, view, obj):
user = request.user
if user.is_superuser:
return True
company = None
if isinstance(obj, Company):
company = obj
elif hasattr(obj, "company"):
company = obj.company
else:
raise APIException(
"Checking company permission on object {} not associated with carrier"
.format(type(obj.__name__))
)
return hasattr(user, "company") and user.company == company
......@@ -42,7 +42,7 @@ class Migration(migrations.Migration):
('created', models.DateTimeField(auto_now_add=True)),
('updated', models.DateTimeField(auto_now=True)),
('npm', models.IntegerField(unique=True, validators=[django.core.validators.MinValueValidator(100000000), django.core.validators.MaxValueValidator(9999999999)])),
('resume', models.FileField(blank=True, null=True, upload_to=core.models.accounts.get_file_path)),
('resume', models.FileField(blank=True, null=True, upload_to=core.models.accounts.get_student_resume_file_path)),
('phone_number', models.CharField(blank=True, db_index=True, max_length=100)),
],
),
......
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-03-27 20:51
from __future__ import unicode_literals
import core.models.accounts
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('core', '0006_auto_20170328_0258'),
]
operations = [
migrations.AlterField(
model_name='company',
name='logo',
field=models.FileField(blank=True, null=True, upload_to=core.models.accounts.get_company_logo_file_path),
),
]
......@@ -5,12 +5,19 @@ from django.contrib.auth.models import User
from django.core.validators import MinValueValidator, MaxValueValidator
from django.db import models
def get_file_path(instance, filename):
def get_student_resume_file_path(instance, filename):
extension = filename.split('.')[-1].lower()
filename = "%s.%s" % (uuid.uuid4(), extension)
return os.path.join("student-resume/", filename)
def get_company_logo_file_path(instance, filename):
extension = filename.split('.')[-1].lower()
filename = "%s.%s" % (uuid.uuid4(), extension)
return os.path.join("company-logo/", filename)
def get_display_name(user, full_name=False):
"""
Return a display name that always works like "Benoit J."
......@@ -39,7 +46,7 @@ class Student(models.Model):
updated = models.DateTimeField(auto_now=True)
user = models.OneToOneField(User)
npm = models.IntegerField(validators=[MinValueValidator(100000000), MaxValueValidator(9999999999)], unique=True)
resume = models.FileField(upload_to=get_file_path, null=True, blank=True)
resume = models.FileField(upload_to=get_student_resume_file_path, null=True, blank=True)
phone_number = models.CharField(max_length=100, blank=True, db_index=True)
bookmarked_vacancies = models.ManyToManyField('core.Vacancy', blank=True)
......@@ -60,7 +67,7 @@ class Company(models.Model):
user = models.OneToOneField(User)
description = models.TextField()
verified = models.BooleanField(default=False)
logo = models.CharField(max_length=1000, blank=True, null=True)
logo = models.FileField(upload_to=get_company_logo_file_path, null=True, blank=True)
alamat = models.CharField(max_length=1000, blank=True, null=True)
@property
......
from unittest import TestCase
from django.urls import reverse
class TestStudentViewSet(TestCase):
# def setUp(self):
# #c = Client()
# Student.objects.create(user = User.objects.create(username = "farhan"), npm = "1406572321")
#def test_bookmark_vacancies(self):
# url = reverse('bookmarked-vacancies')
# data = {'company_id': 1}
# response = self.client.post(url, data, format='json')
# self.fail()
#
# def test_remove_vacancies(self):
# self.fail()
# from unittest import TestCase
#
# from django.urls import reverse
#
#
# class TestStudentViewSet(TestCase):
# # def setUp(self):
# # #c = Client()
# # Student.objects.create(user = User.objects.create(username = "farhan"), npm = "1406572321")
#
# #def test_bookmark_vacancies(self):
# # url = reverse('bookmarked-vacancies')
# # data = {'company_id': 1}
# # response = self.client.post(url, data, format='json')
# # self.fail()
# #
# # def test_remove_vacancies(self):
# # self.fail()
......@@ -29,13 +29,11 @@ class StudentViewSet(viewsets.ModelViewSet):
@detail_route(methods=['post'], url_path='bookmarked-vacancies')
def bookmark_vacancies(self, request, pk):
user = self.request.user
print("yay1")
vacancy = get_object_or_404(Vacancy.objects.all(), pk=request.data['vacancy_id'])
print("yay2")
student = get_object_or_404(Student.objects.all(), pk=pk)
print("yay3")
if student != user.student and not user.is_staff:
raise ValidationError('You must be a student')
raise ValidationError('You must be a student'
)
student.bookmarked_vacancies.add(vacancy)
return Response(vacancy, status=status.HTTP_200_OK)
......
This diff is collapsed.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment