diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py index 270eda3..95695ca 100644 --- a/apiserver/apiserver/api/serializers.py +++ b/apiserver/apiserver/api/serializers.py @@ -100,7 +100,29 @@ class TransactionSerializer(serializers.ModelSerializer): # member viewing other members +# hide info for non-vetted members so someone sitting +# in our parking lot can't scrape all our info class OtherMemberSerializer(serializers.ModelSerializer): + last_name = serializers.SerializerMethodField() + + class Meta: + model = models.Member + fields = [ + 'id', + 'preferred_name', + 'last_name', + 'status', + 'current_start_date', + 'application_date', + 'photo_small', + 'public_bio', + ] + + def get_last_name(self, obj): + return obj.last_name[0] + '.' + +# vetted member viewing other members +class VettedOtherMemberSerializer(serializers.ModelSerializer): class Meta: model = models.Member fields = [ @@ -234,13 +256,23 @@ class SearchSerializer(serializers.Serializer): serializer = OtherMemberSerializer(obj) return serializer.data +# vetted member viewing member list or search result +class VettedSearchSerializer(serializers.Serializer): + q = serializers.CharField(write_only=True, max_length=64) + seq = serializers.IntegerField(write_only=True) + member = serializers.SerializerMethodField() + + def get_member(self, obj): + serializer = VettedOtherMemberSerializer(obj) + return serializer.data + # instructor viewing search result class InstructorSearchSerializer(serializers.Serializer): member = serializers.SerializerMethodField() training = serializers.SerializerMethodField() def get_member(self, obj): - serializer = OtherMemberSerializer(obj) + serializer = VettedOtherMemberSerializer(obj) return serializer.data def get_training(self, obj): @@ -402,7 +434,7 @@ class SessionSerializer(serializers.ModelSerializer): def get_instructor_name(self, obj): if obj.instructor and hasattr(obj.instructor, 'member'): - name = '{} {}'.format(obj.instructor.member.preferred_name, obj.instructor.member.last_name[0]) + name = '{} {}.'.format(obj.instructor.member.preferred_name, obj.instructor.member.last_name[0]) else: name = 'Unknown' return obj.old_instructor or name diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py index 8ae20b9..fb41cea 100644 --- a/apiserver/apiserver/api/views.py +++ b/apiserver/apiserver/api/views.py @@ -54,6 +54,8 @@ class SearchViewSet(Base, Retrieve): return serializers.AdminSearchSerializer elif self.request.user.member.is_instructor and self.action == 'retrieve': return serializers.InstructorSearchSerializer + elif self.request.user.member.vetted_date: + return serializers.VettedSearchSerializer else: return serializers.SearchSerializer @@ -126,7 +128,12 @@ class SearchViewSet(Base, Retrieve): num_results = 100 queryset = self.get_queryset()[:num_results] - serializer = serializers.SearchSerializer(queryset, many=True) + + if self.request.user.member.vetted_date: + serializer = serializers.VettedSearchSerializer(queryset, many=True) + else: + serializer = serializers.SearchSerializer(queryset, many=True) + return Response({'seq': seq, 'results': serializer.data}) diff --git a/webclient/src/Members.js b/webclient/src/Members.js index 2a24db1..8ab8424 100644 --- a/webclient/src/Members.js +++ b/webclient/src/Members.js @@ -73,8 +73,6 @@ export function Members(props) { const [search, setSearch] = useState(searchDefault); const { token } = props; - console.log(sort); - useEffect(() => { setResponse(false); searchCache = search.q; @@ -197,6 +195,7 @@ export function MemberDetail(props) { }, [refreshCount]); const member = result.member || false; + const photo = member?.photo_large || member?.photo_small || false; return ( @@ -208,7 +207,7 @@ export function MemberDetail(props) {

- +

{isAdmin(user) ?