Add member cards api route

2020-01-14 01:51:46 +00:00 · 2020-01-14 01:51:46 +00:00 · 384964ca07
commit 384964ca07
parent c22a19736d
3 changed files with 47 additions and 1 deletions
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@ -159,6 +159,34 @@ class AdminSearchSerializer(serializers.Serializer):



+# member viewing his own cards
+class CardSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.Card
+        fields = '__all__'
+        read_only_fields = [
+            'id',
+            'card_number',
+            'member_id',
+            'notes',
+            'last_seen_at',
+            'active_status',
+            'user',
+        ]
+
+# admin viewing member details
+class AdminCardSerializer(CardSerializer):
+    card_number = serializers.CharField()
+    class Meta:
+        model = models.Card
+        fields = '__all__'
+        read_only_fields = [
+            'id',
+            'last_seen_at',
+        ]
+
+
+
 class UserTrainingSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Training
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@ -27,7 +27,13 @@ class RetrieveUpdateViewSet(
        mixins.RetrieveModelMixin,
        mixins.UpdateModelMixin):
    def list(self, request):
-        raise exceptions.PermissionDenied
+        return Response([])
+
+class CreateRetrieveUpdateDeleteViewSet(
+        RetrieveUpdateViewSet,
+        mixins.CreateModelMixin,
+        mixins.DestroyModelMixin):
+    pass


 search_strings = {}
@ -105,6 +111,17 @@ class MemberViewSet(RetrieveUpdateViewSet):
            return serializers.MemberSerializer


+class CardViewSet(CreateRetrieveUpdateDeleteViewSet):
+    permission_classes = [AllowMetadata | IsAuthenticated, IsOwnerOrAdmin]
+    queryset = models.Card.objects.all()
+
+    def get_serializer_class(self):
+        if is_admin_director(self.request.user):
+            return serializers.AdminCardSerializer
+        else:
+            return serializers.CardSerializer
+
+
 class CourseViewSet(viewsets.ModelViewSet):
    permission_classes = [AllowMetadata | IsAuthenticated]
    queryset = models.Course.objects.annotate(date=Max('sessions__datetime')).order_by('-date')
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@ -11,6 +11,7 @@ router.register(r'members', views.MemberViewSet, basename='members')
 router.register(r'courses', views.CourseViewSet, basename='course')
 router.register(r'sessions', views.SessionViewSet, basename='session')
 router.register(r'search', views.SearchViewSet, basename='search')
+router.register(r'cards', views.CardViewSet, basename='card')
 #router.register(r'me', views.FullMemberView, basename='fullmember')
 #router.register(r'registration', views.RegistrationViewSet, basename='register')