From 338bad1e83c0bc4ffd6eb9313b02f729315ffa6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bodor=20M=C3=A1t=C3=A9?= <bodor.mate@kszk.bme.hu>
Date: Mon, 14 Jan 2019 20:17:45 +0100
Subject: [PATCH] Validate document end solution
---
src/common/permissions.py | 8 --------
.../migrations/0004_auto_20190114_2016.py | 18 ++++++++++++++++++
src/document/models.py | 2 +-
src/document/serializers.py | 7 +++++++
.../migrations/0006_auto_20190114_1938.py | 18 ++++++++++++++++++
src/homework/models.py | 6 +++---
src/homework/serializers.py | 10 ++++------
src/homework/views.py | 3 +--
8 files changed, 52 insertions(+), 20 deletions(-)
create mode 100644 src/document/migrations/0004_auto_20190114_2016.py
create mode 100644 src/homework/migrations/0006_auto_20190114_1938.py
diff --git a/src/common/permissions.py b/src/common/permissions.py
index beaae6f..7d2384c 100644
--- a/src/common/permissions.py
+++ b/src/common/permissions.py
@@ -28,11 +28,3 @@ class IsStaffOrStudent(BasePermission):
def has_permission(self, request, view):
return request.user.is_authenticated and\
(request.user.profile.role == 'Staff' or request.user.profile.role == 'Student')
-
-
-class StudentJustCreate(BasePermission):
- def has_permission(self, request, view):
- if request.user.is_authenticated and request.user.profile.role == 'Staff':
- return True
- return request.user.is_authenticated and request.user.profile.role == 'Student' and\
- (request.method in SAFE_METHODS or request.method == 'CREATE')
diff --git a/src/document/migrations/0004_auto_20190114_2016.py b/src/document/migrations/0004_auto_20190114_2016.py
new file mode 100644
index 0000000..fa317ee
--- /dev/null
+++ b/src/document/migrations/0004_auto_20190114_2016.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.0.1 on 2019-01-14 19:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('document', '0003_document_solution'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='document',
+ name='description',
+ field=models.TextField(blank=True, default=''),
+ ),
+ ]
diff --git a/src/document/models.py b/src/document/models.py
index 0d5d5f8..862ec5e 100644
--- a/src/document/models.py
+++ b/src/document/models.py
@@ -10,7 +10,7 @@ class Document(models.Model):
uploaded_by = models.ForeignKey(Profile, on_delete=models.DO_NOTHING)
uploaded_at = models.DateTimeField(auto_now_add=True, editable=False)
name = models.CharField(max_length=150)
- description = models.TextField()
+ description = models.TextField(blank=True, default='', )
file = models.FileField(
validators=[
validators.FileExtensionValidator([
diff --git a/src/document/serializers.py b/src/document/serializers.py
index cea73e3..00f7f78 100644
--- a/src/document/serializers.py
+++ b/src/document/serializers.py
@@ -2,6 +2,7 @@ from rest_framework import serializers
from common.serializers import CurrentUserProfileDefault
from . import models
+from common.middleware import CurrentUserMiddleware
class DocumentSerializer(serializers.ModelSerializer):
@@ -14,3 +15,9 @@ class DocumentSerializer(serializers.ModelSerializer):
def get_uploaded_by_name(self, obj):
return obj.uploaded_by.full_name
+
+ def validate(self, data):
+ profile = CurrentUserMiddleware.get_current_user_profile()
+ if data['solution'] not in profile.solution.all():
+ raise serializers.ValidationError('You dont have permission!')
+ return data
diff --git a/src/homework/migrations/0006_auto_20190114_1938.py b/src/homework/migrations/0006_auto_20190114_1938.py
new file mode 100644
index 0000000..02e2316
--- /dev/null
+++ b/src/homework/migrations/0006_auto_20190114_1938.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.0.1 on 2019-01-14 18:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('homework', '0005_auto_20190114_1658'),
+ ]
+
+ operations = [
+ migrations.AlterField(
+ model_name='solution',
+ name='note',
+ field=models.TextField(blank=True, default=''),
+ ),
+ ]
diff --git a/src/homework/models.py b/src/homework/models.py
index 2f3e785..6e1147c 100755
--- a/src/homework/models.py
+++ b/src/homework/models.py
@@ -28,9 +28,9 @@ class Solution(models.Model):
on_delete=models.DO_NOTHING,
default=CurrentUserMiddleware.get_current_user_profile,
)
- created_at = models.DateTimeField(auto_now_add=True, editable=False)
- updated_at = models.DateTimeField(auto_now=True, editable=False)
- note = models.TextField()
+ created_at = models.DateTimeField(auto_now_add=True, editable=False,)
+ updated_at = models.DateTimeField(auto_now=True, editable=False,)
+ note = models.TextField(blank=True, default='',)
accepted = models.BooleanField()
corrected = models.BooleanField()
diff --git a/src/homework/serializers.py b/src/homework/serializers.py
index 595260d..0e5191f 100755
--- a/src/homework/serializers.py
+++ b/src/homework/serializers.py
@@ -3,6 +3,7 @@ from django.utils import timezone
from common.serializers import CurrentUserProfileDefault
from . import models
+from common.middleware import CurrentUserMiddleware
class TaskSerializer(serializers.ModelSerializer):
@@ -35,10 +36,7 @@ class SolutionSerializer(serializers.ModelSerializer):
def validate(self, data):
if timezone.now() > data['task'].deadline:
raise serializers.ValidationError('You late.')
+ profile = CurrentUserMiddleware.get_current_user_profile()
+ if profile.role != 'Staff' and (data['accepted'] or data['corrected'] or data['note'] != ''):
+ raise serializers.ValidationError("You don't have permission!")
return data
-
- def create(self, validated_data):
- validated_data['accepted'] = False
- validated_data['corrected'] = False
- validated_data['note'] = ''
- return self.Meta.model.objects.create(**validated_data)
diff --git a/src/homework/views.py b/src/homework/views.py
index 2570786..db3c92a 100755
--- a/src/homework/views.py
+++ b/src/homework/views.py
@@ -1,6 +1,5 @@
from rest_framework import viewsets
-from rest_framework.permissions import IsAuthenticated
from . import serializers
from . import models
from common import permissions
@@ -14,7 +13,7 @@ class TasksViewSet(viewsets.ModelViewSet):
class SolutionsViewSet(viewsets.ModelViewSet):
serializer_class = serializers.SolutionSerializer
- permission_classes = (permissions.IsStaffOrStudent, permissions.StudentJustCreate)
+ permission_classes = (permissions.IsStaffOrStudent, )
def get_queryset(self):
user = self.request.user
--
GitLab