Fakultas Ilmu Komputer UI

Commit bd55bc73 authored by Joshua Casey's avatar Joshua Casey
Browse files

[#140655219] #24 #26 Changed student serializer and view set to grant company...

[#140655219] #24 #26 Changed student serializer and view set to grant company access and revised tests, also renamed show_resume to show_transcript
parent 719313f2
......@@ -18,6 +18,10 @@ def is_admin_or_supervisor(user):
return user.is_superuser or hasattr(user, "supervisor")
def is_admin_or_supervisor_or_company(user):
return user.is_superuser or hasattr(user, "supervisor") or hasattr(user, "company")
class IsAdminOrSelfOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
......@@ -94,3 +98,27 @@ class IsAdminOrCompany(permissions.BasePermission):
)
return hasattr(user, "company") and user.company == company
class IsAdminOrSupervisorOrCompany(permissions.BasePermission):
def has_permission(self, request, view):
return is_admin_or_supervisor_or_company(request.user)
class IsAdminOrSupervisorOrCompanyOrSelf(permissions.IsAuthenticated):
def has_object_permission(self, request, view, obj):
user = request.user
if user.is_superuser or hasattr(user, "company") or hasattr(user, "supervisor"):
return True
if hasattr(user, "student"):
if isinstance(obj, Student):
student = obj
elif hasattr(obj, "student"):
student = obj.student
else:
raise APIException(
"Checking student permission on object {} not associated with Student"
.format(type(obj.__name__))
)
return hasattr(user, "student") and user.student == student
return False
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-04-24 09:09
from __future__ import unicode_literals
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('core', '0008_auto_20170424_0725'),
]
operations = [
migrations.RenameField(
model_name='student',
old_name='show_resume',
new_name='show_transcript',
),
]
......@@ -55,7 +55,7 @@ class Student(models.Model):
birth_date = models.DateField(blank=True, null=True)
major = models.CharField(max_length=30, blank=True, null=True)
batch = models.CharField(max_length=4, blank=True, null=True)
show_resume = models.BooleanField(default=False)
show_transcript = models.BooleanField(default=False)
@property
def name(self):
......
......@@ -16,7 +16,7 @@ class StudentSerializer(serializers.ModelSerializer):
class Meta:
model = Student
fields = '__all__'
fields = ['id', 'name', 'user', 'npm', 'resume', 'phone_number', 'birth_place', 'birth_date', 'major', 'batch', 'show_transcript']
class CompanySerializer(serializers.ModelSerializer):
......
......@@ -17,6 +17,14 @@ class LoginTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
"nm_org" : "Ilmu Informasi",
"angkatan" : "2017"
}]
}, status_code=200)
url = '/api/login/'
......
......@@ -18,6 +18,14 @@ class ApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
"nm_org": "Ilmu Informasi",
"angkatan": "2017"
}]
}, status_code=200)
url = '/api/login/'
......@@ -40,6 +48,14 @@ class ApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
"nm_org": "Ilmu Informasi",
"angkatan": "2017"
}]
}, status_code=200)
url = '/api/login/'
......@@ -71,6 +87,14 @@ class BookmarkApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
"nm_org": "Ilmu Informasi",
"angkatan": "2017"
}]
}, status_code=200)
url = '/api/login/'
......@@ -93,6 +117,14 @@ class BookmarkApplicationTests(APITestCase):
"kodeidentitas": "1234567890",
"nama_role": "mahasiswa"
}, status_code=200)
m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
"kota_lahir": "kota_kota",
"tgl_lahir": "2017-12-31",
"program": [{
"nm_org": "Ilmu Informasi",
"angkatan": "2017"
}]
}, status_code=200)
url = '/api/login/'
......
......@@ -9,7 +9,8 @@ from rest_framework.permissions import IsAdminUser, IsAuthenticated
from rest_framework.response import Response
from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_409_CONFLICT
from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor
from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor, \
IsAdminOrSupervisorOrCompany, IsAdminOrSupervisorOrCompanyOrSelf
from core.models.accounts import Student, Company, Supervisor
from core.serializers.accounts import UserSerializer, StudentSerializer, CompanySerializer, SupervisorSerializer, \
LoginSerializer, RegisterSerializer
......@@ -45,6 +46,10 @@ class StudentViewSet(viewsets.ModelViewSet):
def get_permissions(self):
if self.action == "update":
return [IsAdminOrSelfOrReadOnly(), IsAdminOrStudent()]
if self.action == "list":
return [IsAuthenticated(), IsAdminOrSupervisorOrCompany()]
if self.action == "retrieve":
return [IsAuthenticated(), IsAdminOrSupervisorOrCompanyOrSelf()]
return super(StudentViewSet, self).get_permissions()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment