Skip to content

Commit

Permalink
Merge pull request #53 from SELab-2/permissies
Browse files Browse the repository at this point in the history 
Alle permissies toegevoegd en getest
  • Loading branch information
@sPAICEcake
sPAICEcake authored Mar 13, 2024
2 parents ef0be33 + 592100b commit f765375
Show file tree
Hide file tree
Showing 11 changed files with 193 additions and 116 deletions.
2 changes: 1 addition & 1 deletion api/models/gebruiker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ class Gebruiker(models.Model):
is_lesgever = models.BooleanField(default=False)

def __str__(self):
return self.user.first_name + self.user.last_name
return self.user.first_name + ' ' + self.user.last_name
5 changes: 5 additions & 0 deletions api/serializers/score.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ def create(self, validated_data):

def update(self, instance, validated_data):
validate_score(validated_data)
validate_indiening(instance, validated_data)
super().update(instance=instance, validated_data=validated_data)
instance.save()
return instance
Expand All @@ -24,4 +25,8 @@ def validate_score(data):
if data['score'] > max_score:
raise serializers.ValidationError(f'Score kan niet hoger zijn dan de maximale score van {max_score}')

def validate_indiening(instance, data):
if instance.indiening != data.get('indiening'):
raise serializers.ValidationError('indiening_id kan niet aangepast worden')


17 changes: 16 additions & 1 deletion api/utils.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from django.conf import settings
from api.models.gebruiker import Gebruiker
import requests


Expand All @@ -7,6 +8,7 @@
'vakken': '/api/vakken',
'groepen': '/api/groepen',
'indieningen': '/api/indieningen',
'indiening_bestanden': '/api/indiening_bestanden',
'scores': 'api/scores',
'projecten': 'api/projecten'
}
Expand All @@ -30,5 +32,18 @@ def get_graph_token():

response = requests.post(url=url, headers=headers, data=data)
return response.json()
except:
except Exception:
return None

def is_lesgever(user):
if user.is_superuser:
return True
gebruiker = Gebruiker.objects.get(pk=user.id)
return gebruiker.is_lesgever

def contains(lijst, user):
gebruiker = Gebruiker.objects.get(pk=user.id)
return lijst.all().contains(gebruiker)

def get_gebruiker(user):
return Gebruiker.objects.get(pk=user.id)
29 changes: 21 additions & 8 deletions api/views/gebruiker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,26 @@
from api.models.gebruiker import Gebruiker
from api.serializers.gebruiker import GebruikerSerializer

from api.utils import is_lesgever




@api_view(['GET'])
def gebruiker_list(request):
if request.method == 'GET':
gebruikers = Gebruiker.objects.all()
if is_lesgever(request.user):
gebruikers = Gebruiker.objects.all()
else:
gebruikers = Gebruiker.objects.filter(user=request.user.id)

if 'is_lesgever' in request.GET and request.GET.get('is_lesgever').lower() in ['true', 'false']:
gebruikers = gebruikers.filter(is_lesgever = (request.GET.get('is_lesgever').lower() == 'true'))


serializer = GebruikerSerializer(gebruikers, many=True)
return Response(serializer.data)
return Response(status=status.HTTP_403_FORBIDDEN)


@api_view(['GET', 'PUT'])
Expand All @@ -29,12 +35,19 @@ def gebruiker_detail(request, id):
return Response(status=status.HTTP_404_NOT_FOUND)

if request.method == 'GET':
serializer = GebruikerSerializer(gebruiker)
return Response(serializer.data)
if request.method == 'PUT':
serializer = GebruikerSerializer(gebruiker, data=request.data)
if serializer.is_valid():
serializer.save()
if is_lesgever(request.user) or id == request.user.id:
serializer = GebruikerSerializer(gebruiker)
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_403_FORBIDDEN)
elif request.method == 'PUT':
if request.user.is_superuser:
serializer = GebruikerSerializer(gebruiker, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_403_FORBIDDEN)




49 changes: 29 additions & 20 deletions api/views/groep.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@

from api.models.groep import Groep
from api.serializers.groep import GroepSerializer
from api.utils import is_lesgever, contains


@api_view(['GET', 'POST'])
def groep_list(request, format=None):

if request.method == 'GET':
groepen = Groep.objects.all()
if is_lesgever(request.user):
groepen = Groep.objects.all()
else:
groepen = Groep.objects.filter(studenten=request.user.id)

if "project" in request.GET:
try:
Expand All @@ -29,32 +32,38 @@ def groep_list(request, format=None):

serializer = GroepSerializer(groepen, many=True)
return Response(serializer.data)



elif request.method == 'POST':
serializer = GroepSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
if is_lesgever(request.user):
serializer = GroepSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_403_FORBIDDEN)

@api_view(['GET', 'PUT', 'DELETE'])
def groep_detail(request, id, format=None):
try:
groep = Groep.objects.get(pk=id)
except Groep.DoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)

if request.method == 'GET':
serializer = GroepSerializer(groep)
return Response(serializer.data)

elif request.method == 'PUT':
serializer = GroepSerializer(groep, data=request.data)
if serializer.is_valid():
serializer.save()
if is_lesgever(request.user) or contains(groep.studenten, request.user):
serializer = GroepSerializer(groep)
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_403_FORBIDDEN)

elif request.method == 'DELETE':
groep.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
if is_lesgever(request.user):
if request.method == 'PUT':
serializer = GroepSerializer(groep, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

elif request.method == 'DELETE':
groep.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_403_FORBIDDEN)
35 changes: 26 additions & 9 deletions api/views/indiening.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,19 @@
from rest_framework import status

from api.models.indiening import Indiening, IndieningBestand
from api.models.groep import Groep
from api.serializers.indiening import IndieningSerializer, IndieningBestandSerializer
from api.utils import is_lesgever, contains


@api_view(['GET', 'POST'])
def indiening_list(request, format=None):

if request.method == 'GET':
indieningen = Indiening.objects.all()
if is_lesgever(request.user):
indieningen = Indiening.objects.all()
else:
groepen = Groep.objects.filter(studenten=request.user.id)
indieningen = Indiening.objects.filter(groep__in=groepen)

if "groep" in request.GET:
try:
Expand Down Expand Up @@ -47,20 +52,30 @@ def indiening_detail(request, id, format=None):
return Response(status=status.HTTP_404_NOT_FOUND)

if request.method == 'GET':
serializer = IndieningSerializer(indiening)
return Response(serializer.data)
if is_lesgever(request.user) or contains(indiening.groep.studenten, request.user):
serializer = IndieningSerializer(indiening)
return Response(serializer.data)
return Response(status=status.HTTP_403_FORBIDDEN)

elif request.method == 'DELETE':
indiening.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
if is_lesgever(request.user) or contains(indiening.groep.studenten, request.user):
indiening.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_403_FORBIDDEN)



@api_view(['GET'])
def indiening_bestand_list(request, format=None):

if request.method == 'GET':
indieningen_bestanden = IndieningBestand.objects.all()
if is_lesgever(request.user):
indieningen_bestanden = IndieningBestand.objects.all()
else:
groepen = Groep.objects.filter(studenten=request.user.id)
indieningen = Indiening.objects.filter(groep__in=groepen)
indieningen_bestanden = IndieningBestand.objects.filter(indiening__in=indieningen)


if "indiening" in request.GET:
try:
Expand All @@ -81,5 +96,7 @@ def indiening_bestand_detail(request, id, format=None):
return Response(status=status.HTTP_404_NOT_FOUND)

if request.method == 'GET':
serializer = IndieningBestandSerializer(indiening_bestand)
return Response(serializer.data)
if is_lesgever(request.user) or contains(indiening_bestand.indiening.groep.studenten, request.user):
serializer = IndieningBestandSerializer(indiening_bestand)
return Response(serializer.data)
return Response(status=status.HTTP_403_FORBIDDEN)
49 changes: 30 additions & 19 deletions api/views/project.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,19 @@
from rest_framework import status

from api.models.project import Project
from api.models.vak import Vak
from api.serializers.project import ProjectSerializer
from api.utils import is_lesgever, contains


@api_view(['GET', 'POST'])
def project_list(request, format=None):

if request.method == 'GET':
projects = Project.objects.all()
if is_lesgever(request.user):
projects = Project.objects.all()
else:
vakken = Vak.objects.filter(studenten=request.user.id)
projects = Project.objects.filter(vak__in=vakken)

if 'vak' in request.GET:
try:
Expand All @@ -23,12 +28,14 @@ def project_list(request, format=None):
return Response(serializer.data)

elif request.method == 'POST':
serializer = ProjectSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

if is_lesgever(request.user):
serializer = ProjectSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_403_FORBIDDEN)

@api_view(['GET', 'PUT', 'DELETE'])
def project_detail(request, id, format=None):
try:
Expand All @@ -37,16 +44,20 @@ def project_detail(request, id, format=None):
return Response(status=status.HTTP_404_NOT_FOUND)

if request.method == 'GET':
serializer = ProjectSerializer(project)
return Response(serializer.data)

elif request.method == 'PUT':
serializer = ProjectSerializer(project, data=request.data)
if serializer.is_valid():
serializer.save()
if is_lesgever(request.user) or contains(project.vak.studenten, request.user):
serializer = ProjectSerializer(project)
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_403_FORBIDDEN)

elif request.method == 'DELETE':
project.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
if is_lesgever(request.user):
if request.method == 'PUT':
serializer = ProjectSerializer(project, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

elif request.method == 'DELETE':
project.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
return Response(status=status.HTTP_403_FORBIDDEN)
Loading

0 comments on commit f765375

Please sign in to comment.