Validate document end solution

338bad1e · Bodor Máté · 402a9a97 · 338bad1e · 338bad1e · 338bad1e
Commit 338bad1e authored 6 years ago by Bodor Máté
--- a/src/common/permissions.py
+++ b/src/common/permissions.py
@@ -28,11 +28,3 @@ class IsStaffOrStudent(BasePermission):
    def has_permission(self, request, view):
        return request.user.is_authenticated and\
               (request.user.profile.role == 'Staff' or request.user.profile.role == 'Student')
-
-
-class StudentJustCreate(BasePermission):
-    def has_permission(self, request, view):
-        if request.user.is_authenticated and request.user.profile.role == 'Staff':
-            return True
-        return request.user.is_authenticated and request.user.profile.role == 'Student' and\
-               (request.method in SAFE_METHODS or request.method == 'CREATE')
--- a/src/document/migrations/0004_auto_20190114_2016.py
+++ b/src/document/migrations/0004_auto_20190114_2016.py
+# Generated by Django 2.0.1 on 2019-01-14 19:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('document', '0003_document_solution'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='document',
+            name='description',
+            field=models.TextField(blank=True, default=''),
+        ),
+    ]
--- a/src/document/models.py
+++ b/src/document/models.py
@@ -10,7 +10,7 @@ class Document(models.Model):
    uploaded_by = models.ForeignKey(Profile, on_delete=models.DO_NOTHING)
    uploaded_at = models.DateTimeField(auto_now_add=True, editable=False)
    name = models.CharField(max_length=150)
-    description = models.TextField()
+    description = models.TextField(blank=True, default='', )
    file = models.FileField(
        validators=[
            validators.FileExtensionValidator([

--- a/src/document/serializers.py
+++ b/src/document/serializers.py
@@ -2,6 +2,7 @@ from rest_framework import serializers

 from common.serializers import CurrentUserProfileDefault
 from . import models
+from common.middleware import CurrentUserMiddleware


 class DocumentSerializer(serializers.ModelSerializer):
@@ -14,3 +15,9 @@ class DocumentSerializer(serializers.ModelSerializer):

    def get_uploaded_by_name(self, obj):
        return obj.uploaded_by.full_name
+
+    def validate(self, data):
+        profile = CurrentUserMiddleware.get_current_user_profile()
+        if data['solution'] not in profile.solution.all():
+            raise serializers.ValidationError('You dont have permission!')
+        return data
--- a/src/homework/migrations/0006_auto_20190114_1938.py
+++ b/src/homework/migrations/0006_auto_20190114_1938.py
+# Generated by Django 2.0.1 on 2019-01-14 18:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('homework', '0005_auto_20190114_1658'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='solution',
+            name='note',
+            field=models.TextField(blank=True, default=''),
+        ),
+    ]
--- a/src/homework/models.py
+++ b/src/homework/models.py
@@ -28,9 +28,9 @@ class Solution(models.Model):
        on_delete=models.DO_NOTHING,
        default=CurrentUserMiddleware.get_current_user_profile,
    )
-    created_at = models.DateTimeField(auto_now_add=True, editable=False)
-    updated_at = models.DateTimeField(auto_now=True, editable=False)
-    note = models.TextField()
+    created_at = models.DateTimeField(auto_now_add=True, editable=False,)
+    updated_at = models.DateTimeField(auto_now=True, editable=False,)
+    note = models.TextField(blank=True, default='',)
    accepted = models.BooleanField()
    corrected = models.BooleanField()


--- a/src/homework/serializers.py
+++ b/src/homework/serializers.py
@@ -3,6 +3,7 @@ from django.utils import timezone

 from common.serializers import CurrentUserProfileDefault
 from . import models
+from common.middleware import CurrentUserMiddleware


 class TaskSerializer(serializers.ModelSerializer):
@@ -35,10 +36,7 @@ class SolutionSerializer(serializers.ModelSerializer):
    def validate(self, data):
        if timezone.now() > data['task'].deadline:
            raise serializers.ValidationError('You late.')
+        profile = CurrentUserMiddleware.get_current_user_profile()
+        if profile.role != 'Staff' and (data['accepted'] or data['corrected'] or data['note'] != ''):
+            raise serializers.ValidationError("You don't have permission!")
        return data
-
-    def create(self, validated_data):
-        validated_data['accepted'] = False
-        validated_data['corrected'] = False
-        validated_data['note'] = ''
-        return self.Meta.model.objects.create(**validated_data)
--- a/src/homework/views.py
+++ b/src/homework/views.py
 from rest_framework import viewsets

-from rest_framework.permissions import IsAuthenticated
 from . import serializers
 from . import models
 from common import permissions
@@ -14,7 +13,7 @@ class TasksViewSet(viewsets.ModelViewSet):

 class SolutionsViewSet(viewsets.ModelViewSet):
    serializer_class = serializers.SolutionSerializer
-    permission_classes = (permissions.IsStaffOrStudent, permissions.StudentJustCreate)
+    permission_classes = (permissions.IsStaffOrStudent, )

    def get_queryset(self):
        user = self.request.user