diff --git a/src/common/permissions.py b/src/common/permissions.py
index beaae6f8654fd6dadbf54aa7a74368c5f01515a6..7d2384c7bf9186939272c68ac9d5f61dbfe58e72 100644
--- a/src/common/permissions.py
+++ b/src/common/permissions.py
@@ -28,11 +28,3 @@ class IsStaffOrStudent(BasePermission):
def has_permission(self, request, view):
return request.user.is_authenticated and\
(request.user.profile.role == 'Staff' or request.user.profile.role == 'Student')
-
-
-class StudentJustCreate(BasePermission):
- def has_permission(self, request, view):
- if request.user.is_authenticated and request.user.profile.role == 'Staff':
- return True
- return request.user.is_authenticated and request.user.profile.role == 'Student' and\
- (request.method in SAFE_METHODS or request.method == 'CREATE')
diff --git a/src/document/migrations/0004_auto_20190114_2016.py b/src/document/migrations/0004_auto_20190114_2016.py
new file mode 100644
index 0000000000000000000000000000000000000000..fa317eeedd01b653bac85982709bf5bcf3e49d34
--- /dev/null
+++ b/src/document/migrations/0004_auto_20190114_2016.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.0.1 on 2019-01-14 19:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('document', '0003_document_solution'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='document',
+ name='description',
+ field=models.TextField(blank=True, default=''),
+ ),
+ ]
diff --git a/src/document/models.py b/src/document/models.py
index 0d5d5f8ce7643b56d9fe484cf22a1eabd4e39a54..862ec5e032b116db9e0476a1026c9a621b5c1148 100644
--- a/src/document/models.py
+++ b/src/document/models.py
@@ -10,7 +10,7 @@ class Document(models.Model):
uploaded_by = models.ForeignKey(Profile, on_delete=models.DO_NOTHING)
uploaded_at = models.DateTimeField(auto_now_add=True, editable=False)
name = models.CharField(max_length=150)
- description = models.TextField()
+ description = models.TextField(blank=True, default='', )
file = models.FileField(
validators=[
validators.FileExtensionValidator([
diff --git a/src/document/serializers.py b/src/document/serializers.py
index cea73e36ba326264a31b589607f59055eb890fc7..00f7f789dcb28231c76884cf9e2e49501181a0c7 100644
--- a/src/document/serializers.py
+++ b/src/document/serializers.py
@@ -2,6 +2,7 @@ from rest_framework import serializers
from common.serializers import CurrentUserProfileDefault
from . import models
+from common.middleware import CurrentUserMiddleware
class DocumentSerializer(serializers.ModelSerializer):
@@ -14,3 +15,9 @@ class DocumentSerializer(serializers.ModelSerializer):
def get_uploaded_by_name(self, obj):
return obj.uploaded_by.full_name
+
+ def validate(self, data):
+ profile = CurrentUserMiddleware.get_current_user_profile()
+ if data['solution'] not in profile.solution.all():
+ raise serializers.ValidationError('You dont have permission!')
+ return data
diff --git a/src/homework/migrations/0006_auto_20190114_1938.py b/src/homework/migrations/0006_auto_20190114_1938.py
new file mode 100644
index 0000000000000000000000000000000000000000..02e23165017fa0dc5efac9723039b79eec37fdbd
--- /dev/null
+++ b/src/homework/migrations/0006_auto_20190114_1938.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.0.1 on 2019-01-14 18:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('homework', '0005_auto_20190114_1658'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='solution',
+ name='note',
+ field=models.TextField(blank=True, default=''),
+ ),
+ ]
diff --git a/src/homework/models.py b/src/homework/models.py
index 2f3e785df82722652e7d850e4db7e8cfdd38f0df..6e1147c2d884cf168ce188edbd9513cccc7a8bad 100755
--- a/src/homework/models.py
+++ b/src/homework/models.py
@@ -28,9 +28,9 @@ class Solution(models.Model):
on_delete=models.DO_NOTHING,
default=CurrentUserMiddleware.get_current_user_profile,
)
- created_at = models.DateTimeField(auto_now_add=True, editable=False)
- updated_at = models.DateTimeField(auto_now=True, editable=False)
- note = models.TextField()
+ created_at = models.DateTimeField(auto_now_add=True, editable=False,)
+ updated_at = models.DateTimeField(auto_now=True, editable=False,)
+ note = models.TextField(blank=True, default='',)
accepted = models.BooleanField()
corrected = models.BooleanField()
diff --git a/src/homework/serializers.py b/src/homework/serializers.py
index 595260de6015813f1814317efe9f08b0438e996b..0e5191f3c29fbfe25271b0762fe26fa02adeb00d 100755
--- a/src/homework/serializers.py
+++ b/src/homework/serializers.py
@@ -3,6 +3,7 @@ from django.utils import timezone
from common.serializers import CurrentUserProfileDefault
from . import models
+from common.middleware import CurrentUserMiddleware
class TaskSerializer(serializers.ModelSerializer):
@@ -35,10 +36,7 @@ class SolutionSerializer(serializers.ModelSerializer):
def validate(self, data):
if timezone.now() > data['task'].deadline:
raise serializers.ValidationError('You late.')
+ profile = CurrentUserMiddleware.get_current_user_profile()
+ if profile.role != 'Staff' and (data['accepted'] or data['corrected'] or data['note'] != ''):
+ raise serializers.ValidationError("You don't have permission!")
return data
-
- def create(self, validated_data):
- validated_data['accepted'] = False
- validated_data['corrected'] = False
- validated_data['note'] = ''
- return self.Meta.model.objects.create(**validated_data)
diff --git a/src/homework/views.py b/src/homework/views.py
index 25707861c955b74f8ce34294eb7fb14649635f3b..db3c92acc6fe4b2b04b054eecfda10ec3af17016 100755
--- a/src/homework/views.py
+++ b/src/homework/views.py
@@ -1,6 +1,5 @@
from rest_framework import viewsets
-from rest_framework.permissions import IsAuthenticated
from . import serializers
from . import models
from common import permissions
@@ -14,7 +13,7 @@ class TasksViewSet(viewsets.ModelViewSet):
class SolutionsViewSet(viewsets.ModelViewSet):
serializer_class = serializers.SolutionSerializer
- permission_classes = (permissions.IsStaffOrStudent, permissions.StudentJustCreate)
+ permission_classes = (permissions.IsStaffOrStudent, )
def get_queryset(self):
user = self.request.user