Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

Commit

Permalink
Merge branch 'api-working' of https://github.com/SELab-2/UGent-1 into…
Browse files Browse the repository at this point in the history
… api-working
  • Loading branch information
PJDeSmijter committed Mar 12, 2024
2 parents 2f06aee + 65c45d2 commit f413c89
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 2 deletions.
2 changes: 1 addition & 1 deletion backend/pigeonhole/apps/courses/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def has_permission(self, request, view):
return True
return

if request.user.is_student or request.user.is_teacher:
if request.user.is_student:
return view.action in ['list', 'retrieve']

return False
18 changes: 18 additions & 0 deletions backend/pigeonhole/apps/users/permissions.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
from rest_framework import permissions

from backend.pigeonhole.apps.users.models import User


class UserPermissions(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.is_admin or request.user.is_superuser:
return True # TODO can admins destroy each other?

if request.user.is_teacher or request.user.is_student:
if view.action in ['list', 'retrieve']: # TODO: can teachers create and destroy users?
return True
elif view.action in ['update', 'partial_update', 'destroy'] and User.objects.filter(
id=request.user.id).exists():
return True

return False
35 changes: 34 additions & 1 deletion backend/pigeonhole/apps/users/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,13 @@
from rest_framework.response import Response

from backend.pigeonhole.apps.users.models import User, UserSerializer
from .permissions import UserPermissions


class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [IsAuthenticated]
permission_classes = [IsAuthenticated, UserPermissions]

def list(self, request, *args, **kwargs):
serializer = UserSerializer(self.queryset, many=True)
Expand All @@ -24,3 +25,35 @@ def create(self, request, *args, **kwargs):
return Response(serializer.data, status=status.HTTP_201_CREATED)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

def update(self, request, *args, **kwargs):
user_id = kwargs.get('pk')
user = User.objects.get(pk=user_id)
serializer = UserSerializer(user, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

def partial_update(self, request, *args, **kwargs):
user_id = kwargs.get('pk')
user = User.objects.get(pk=user_id)
serializer = UserSerializer(user, data=request.data, partial=True)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

def destroy(self, request, *args, **kwargs):
user_id = kwargs.get('pk')
user = User.objects.get(pk=user_id)
user.delete()
return Response(status=status.HTTP_204_NO_CONTENT)

def retrieve(self, request, *args, **kwargs):
user_id = kwargs.get('pk')
user = User.objects.get(pk=user_id)
serializer = UserSerializer(user, many=False)
return Response(serializer.data, status=status.HTTP_200_OK)

0 comments on commit f413c89

Please sign in to comment.