TTMK/web2.0-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
02634c8e02503e98a7dd55bbb94bb2c91ffaf109
web2.0-backend/webapp/views.py
T
Aarni Halinen b8342ba66a finish template question API
2021-08-24 02:50:46 +03:00

328 lines
13 KiB
Python
Raw Blame History

"""Webapp views."""
from jwt import decode
from jwt.exceptions import InvalidSignatureError
from django.utils import timezone
from dealer.git import git
from django.conf import settings
from django.http import HttpResponse, JsonResponse
from django.shortcuts import render, get_object_or_404
from django.views.decorators.http import require_http_methods
from django_filters import rest_framework as filters
from django.db.models import Prefetch
from django.core.exceptions import ObjectDoesNotExist
from rest_framework import routers
from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
from rest_framework.filters import OrderingFilter, SearchFilter
from rest_framework.decorators import action
from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission, AllowAny, IsAuthenticated
from jsonschema import validate
from jsonschema.exceptions import ValidationError
from webapp.models import *
from webapp.serializers import *
from webapp.utils import admin_send_email_signupees, decode_base64_file
class SignupPermission(BasePermission):
def has_permission(self, request, view):
if request.method == 'POST':
return True
return request.user and request.user.is_authenticated
# -- REST API -- #
class RootView(routers.APIRootView):
permission_classes = [IsAuthenticatedOrReadOnly]
class EventViewSet(ModelViewSet):
queryset = Event.objects.filter(deleted=False)
ordering = ["start_time"]
serializer_class = EventSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
filter_fields = ('id', 'tags', 'visible', 'signupForm')
search_fields = ('id', 'tags', 'visible', 'signupForm')
def get_queryset(self):
# TODO: For create and update, this return old data in signupForm field (prefetched)...
if self.request.user.is_authenticated or \
self.request.method == 'POST' or \
self.request.method == 'PUT':
return Event.objects.filter(deleted=False).prefetch_related(
Prefetch('signupForm', queryset=SignupForm.objects.filter(deleted=False), to_attr='filtered_signup_forms')
)
since = self.request.query_params.get('since', None)
if since:
return Event.objects.filter(deleted=False, visible=True, end_time__gt=since).order_by('start_time').prefetch_related(
Prefetch('signupForm', queryset=SignupForm.objects.filter(deleted=False, visible=True), to_attr='filtered_signup_forms')
)
return Event.objects.filter(deleted=False, visible=True, end_time__gt=timezone.now()).order_by('start_time').prefetch_related(
Prefetch('signupForm', queryset=SignupForm.objects.filter(deleted=False, visible=True), to_attr='filtered_signup_forms')
)
def create(self, request, *args, **kwargs):
raw_image = request.data.get("image", None)
if raw_image is not None:
image = decode_base64_file(raw_image)
request.data.update({
"image": image
})
return super().create(request, *args, **kwargs)
def update(self, request, *args, **kwargs):
raw_image = request.data.get("image", None)
if raw_image is not None:
image = decode_base64_file(raw_image)
request.data.update({
"image": image
})
return super().update(request, *args, **kwargs)
def destroy(self, request, pk=None, *args, **kwargs):
try:
event = self.get_object()
event.deleted = True
event.save()
return JsonResponse(status=200, data={"message": "OK"})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"Event {pk} not found"})
class SignupFormViewSet(ModelViewSet):
queryset = SignupForm.objects.filter(deleted=False)
ordering = ["start_time"]
serializer_class = SignupFormSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
def create(self, request, *args, **kwargs):
try:
schema = {
"type": "array",
}
validate(instance=request.data["questions"], schema=schema)
return super().create(request, *args, **kwargs)
except ValidationError as err:
return JsonResponse(status=400, data={"error": err.message})
def get_queryset(self):
if self.request.user.is_authenticated:
return SignupForm.objects.filter(deleted=False).order_by('start_time')
return SignupForm.objects.filter(deleted=False, visible=True).order_by('start_time')
def destroy(self, request, pk=None, *args, **kwargs):
try:
form = self.get_object()
form.deleted = True
form.save()
return JsonResponse(status=200, data={"message": "OK"})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"SignupForm {pk} not found"})
@action(detail=True, methods=['post'], permission_classes=[IsAuthenticated])
def sendemail(self, request, pk=None, *args, **kwargs):
subject = request.data["subject"]
content = request.data["content"]
mode = request.data["mode"]
queryset = self.filter_queryset(self.get_queryset())
filter = {'pk': pk}
signupForm = get_object_or_404(queryset, **filter)
if (mode == "all"):
admin_send_email_signupees(signupForm.signups, subject, content)
return JsonResponse(status=201, data={"message": "Email sent"})
elif (mode == "actual"):
admin_send_email_signupees(signupForm.signups[:signupForm.quota], subject, content)
return JsonResponse(status=201, data={"message": "Email sent"})
elif (mode == "reserved"):
admin_send_email_signupees(signupForm.signups[signupForm.quota:], subject, content)
return JsonResponse(status=201, data={"message": "Email sent"})
else:
return JsonResponse(status=400, data={"error": f"Bad mode '{mode}'"})
@action(detail=True, methods=['get'], permission_classes=[IsAuthenticated])
def signups(self, request, pk=None, *args, **kwargs):
queryset = self.filter_queryset(self.get_queryset())
filter = {'pk': pk}
signupForm = get_object_or_404(queryset, **filter)
return Response(SignupSerializer(signupForm.signups, many=True).data)
class SignupViewSet(ModelViewSet):
queryset = Signup.objects.filter(deleted=False)
serializer_class = SignupSerializer
permission_classes = [SignupPermission]
@action(detail=True, methods=['get', 'put'], permission_classes=[AllowAny])
def edit(self, request, pk=None, *args, **kwargs):
uuid = request.query_params.get("uuid", None)
queryset = self.filter_queryset(self.get_queryset())
filter = {'pk': pk, 'uuid': uuid}
get_object_or_404(queryset, **filter)
if request.method == 'GET':
return self.retrieve(request, *args, **kwargs)
elif request.method == 'PUT':
return self.partial_update(request, *args, **kwargs)
def create(self, request, *args, **kwargs):
id = request.data["signupForm_id"]
try:
answer = request.data["answer"]
form = SignupForm.objects.get(id=id)
if (form.isOpen):
# Throws ValidationError if not valid
validate(instance=answer, schema=form.schema)
return super().create(request, *args, **kwargs)
except ValidationError as inst:
return JsonResponse(status=400, data={"error": inst.message})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"SignupForm {id} not found"})
else:
return JsonResponse(status=404, data={"error": f"SignupForm {id} not found"})
def partial_update(self, request, pk=None, *args, **kwargs):
try:
# ID & UUID validated in edit @action for normal users.
# This is otherwise open for authenticated users.
signup = self.get_object()
answer = request.data["answer"]
form = SignupForm.objects.get(id=signup.signupForm_id)
if (form.visible):
# Throws ValidationError if not valid
validate(instance=answer, schema=form.schema)
return super().partial_update(request, *args, **kwargs)
except ValidationError as inst:
return JsonResponse(status=400, data={"error": inst.message})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"SignupForm {id} not found"})
else:
return JsonResponse(status=404, data={"error": f"SignupForm {id} not found"})
def destroy(self, request, pk=None, *args, **kwargs):
try:
signup = self.get_object()
signup.deleted = True
signup.save()
return JsonResponse(status=200, data={"message": "OK"})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"Signup {pk} not found"})
class SavedQuestionsViewSet(ModelViewSet):
queryset = TemplateQuestion.objects.filter(deleted=False)
serializer_class = SavedQuestionsSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
def destroy(self, request, pk=None, *args, **kwargs):
try:
question = self.get_object()
question.deleted = True
question.save()
return JsonResponse(status=200, data={"message": "OK"})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"Template question {pk} not found"})
class FeedViewSet(ModelViewSet):
queryset = Feed.objects.filter(deleted=False)
serializer_class = FeedSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
filter_backends = (filters.DjangoFilterBackend, SearchFilter, OrderingFilter)
filter_fields = ('id', 'tags', 'visible')
search_fields = ('id', 'tags', 'visible')
def get_queryset(self):
if self.request.user.is_authenticated:
return Feed.objects.filter(deleted=False).order_by('-publish_time')
else:
objs = Feed.objects.filter(deleted=False, visible=True).order_by('-publish_time')
# TODO: Bad filtering. Rewrite!
result_ids = []
for obj in objs:
if obj.autohide_enabled:
if obj.autohide > timezone.now():
result_ids.append(obj.id)
else:
result_ids.append(obj.id)
return Feed.objects.filter(id__in=result_ids).order_by('-publish_time')
def destroy(self, request, pk=None, *args, **kwargs):
try:
post = self.get_object()
post.deleted = True
post.save()
return JsonResponse(status=200, data={"message": "OK"})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"Post {pk} not found"})
class TagsViewSet(ReadOnlyModelViewSet):
queryset = Tag.objects.all()
serializer_class = TagSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
class JobAdViewSet(ModelViewSet):
queryset = JobAd.objects.filter(deleted=False)
serializer_class = JobAdSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
def get_queryset(self):
if self.request.user.is_authenticated:
return JobAd.objects.filter(deleted=False)
return JobAd.objects.filter(deleted=False, visible=True, autohide_at__gt=timezone.now())
def destroy(self, request, pk=None, *args, **kwargs):
try:
ad = self.get_object()
ad.deleted = True
ad.save()
return JsonResponse(status=200, data={"message": "OK"})
except ObjectDoesNotExist:
return JsonResponse(status=404, data={"error": f"Job Ad {pk} not found"})
@require_http_methods(["GET"])
def about_view(request, *args, **kwargs):
"""Render about page."""
latest_commit = "Not found"
latest_date = "Not found"
latest_tag = "Not found"
try:
repo = git.init_repo()
latest_commit = repo.git("rev-parse HEAD").decode('utf-8')
latest_date = repo.git("show -s --format=%ci " + latest_commit).decode('utf-8')
latest_tag = repo.git("describe --tags " + repo.git("rev-list --tags --max-count=1").decode('utf-8')).decode('utf-8')
except Exception as e:
print(f"Git failed:\n{e}")
context = {
'commit': latest_commit,
'date': latest_date,
'tag': latest_tag
}
return render(request, "about.html", context)
@require_http_methods(["GET"])
def nginx_jwt_resp(request, *args, **kwargs):
cookie = request.COOKIES.get("jwt", None)
if not cookie:
return HttpResponse("", status=401)
try:
token = decode(cookie, settings.SECRET_KEY)
except InvalidSignatureError:
return HttpResponse("", status=403)
user = 'admin' if token.get('username', '') == 'admin' else 'moderator'
resp = HttpResponse("", status=200)
resp['X-FBrowser-User'] = user
return resp
Reference in New Issue View Git Blame Copy Permalink