Add api route and webclient page for account settings

2020-01-12 08:16:09 +00:00
parent 82dfa132e7
commit e256e32341
8 changed files with 200 additions and 89 deletions
--- a/apiserver/apiserver/api/models.py
+++ b/apiserver/apiserver/api/models.py
@@ -11,6 +11,8 @@ class Member(models.Model):
    last_name = models.CharField(max_length=32)

    set_details = models.BooleanField(default=False)
+    is_director = models.BooleanField(default=False)
+    is_instructor = models.BooleanField(default=False)
    preferred_name = models.CharField(max_length=32, blank=True)
    status = models.CharField(max_length=32, blank=True)
    phone = models.CharField(max_length=32, blank=True)
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -12,8 +12,8 @@ from . import models, old_models

 STATIC_FOLDER = 'data/static/'
 LARGE_SIZE = 1080
-MEDIUM_SIZE = 150
-SMALL_SIZE = 80
+MEDIUM_SIZE = 220
+SMALL_SIZE = 110

 def process_image(upload):
    try:
@@ -74,17 +74,49 @@ class OtherMemberSerializer(serializers.ModelSerializer):

 # member viewing himself
 class MemberSerializer(serializers.ModelSerializer):
+    photo = serializers.ImageField(write_only=True, required=False)
    class Meta:
        model = models.Member
        fields = '__all__'
-        read_only_fields = ['user', 'application_date', 'current_start_date', 'vetted_date', 'monthly_fees', 'old_member_id']
+        read_only_fields = [
+            'id',
+            'is_director',
+            'is_instructor',
+            'status',
+            'expire_date',
+            'current_start_date',
+            'application_date',
+            'vetted_date',
+            'monthly_fees',
+            'photo_large',
+            'photo_medium',
+            'photo_small',
+            'user',
+        ]
+
+    def update(self, instance, validated_data):
+        photo = validated_data.get('photo', None)
+        if photo:
+            small, medium, large = process_image(photo)
+            instance.photo_small = small
+            instance.photo_medium = medium
+            instance.photo_large = large
+
+        return super().update(instance, validated_data)
+

 # adming viewing member
-class AdminMemberSerializer(serializers.ModelSerializer):
+class AdminMemberSerializer(MemberSerializer):
    class Meta:
        model = models.Member
        fields = '__all__'
-        read_only_fields = ['id', 'user']
+        read_only_fields = [
+            'id',
+            'photo_large',
+            'photo_medium',
+            'photo_small',
+            'user',
+        ]


 class TransactionSerializer(serializers.ModelSerializer):
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -1,6 +1,7 @@
 from django.contrib.auth.models import User, Group
 from django.db.models import Max
-from rest_framework import viewsets, views, permissions, mixins
+from rest_framework import viewsets, views, mixins, generics, exceptions
+from rest_framework.permissions import BasePermission, IsAuthenticated
 from rest_framework.response import Response
 from rest_auth.registration.views import RegisterView
 from fuzzywuzzy import fuzz, process
@@ -8,10 +9,23 @@ from collections import OrderedDict

 from . import models, serializers

-class AllowMetadata(permissions.BasePermission):
+class AllowMetadata(BasePermission):
    def has_permission(self, request, view):
        return request.method in ['OPTIONS', 'HEAD']

+def is_admin_director(user):
+    return user.is_staff or user.member.is_director
+
+class IsOwnerOrAdmin(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        return obj.user == request.user or is_admin_director(request.user)
+
+class RetrieveUpdateViewSet(
+        viewsets.GenericViewSet,
+        mixins.RetrieveModelMixin,
+        mixins.UpdateModelMixin):
+    def list(self, request):
+        raise exceptions.PermissionDenied


 search_strings = {}
@@ -25,11 +39,10 @@ def gen_search_strings():

 NUM_SEARCH_RESULTS = 10
 class SearchViewSet(viewsets.GenericViewSet, mixins.RetrieveModelMixin):
-    permission_classes = [AllowMetadata | permissions.IsAuthenticated]
+    permission_classes = [AllowMetadata | IsAuthenticated]
    serializer_class = serializers.OtherMemberSerializer

    def get_queryset(self):
-
        queryset = models.Member.objects.all()
        search = self.request.data.get('q', '').lower()

@@ -71,26 +84,19 @@ class SearchViewSet(viewsets.GenericViewSet, mixins.RetrieveModelMixin):
        return Response({'seq': seq, 'results': serializer.data})


-class MemberViewSet(viewsets.ModelViewSet):
-    permission_classes = [AllowMetadata | permissions.IsAuthenticated]
-    http_method_names = ['options', 'head', 'get', 'put', 'patch']
-
-    def get_queryset(self):
-        objects = models.Member.objects.all()
-        if self.request.user.is_staff:
-            return objects.order_by('id')
-        else:
-            return objects.filter(user=self.request.user)
+class MemberViewSet(RetrieveUpdateViewSet):
+    permission_classes = [AllowMetadata | IsAuthenticated, IsOwnerOrAdmin]
+    queryset = models.Member.objects.all()

    def get_serializer_class(self):
-        if self.request.user.is_staff:
+        if is_admin_director(self.request.user):
            return serializers.AdminMemberSerializer
        else:
            return serializers.MemberSerializer


 class CourseViewSet(viewsets.ModelViewSet):
-    permission_classes = [AllowMetadata | permissions.IsAuthenticated]
+    permission_classes = [AllowMetadata | IsAuthenticated]
    queryset = models.Course.objects.annotate(date=Max('sessions__datetime')).order_by('-date')

    def get_serializer_class(self):
@@ -101,7 +107,7 @@ class CourseViewSet(viewsets.ModelViewSet):


 class SessionViewSet(viewsets.ModelViewSet):
-    permission_classes = [AllowMetadata | permissions.IsAuthenticated]
+    permission_classes = [AllowMetadata | IsAuthenticated]

    def get_queryset(self):
        if self.action == 'list':
@@ -117,7 +123,7 @@ class SessionViewSet(viewsets.ModelViewSet):


 class MyUserView(views.APIView):
-    permission_classes = [AllowMetadata | permissions.IsAuthenticated]
+    permission_classes = [AllowMetadata | IsAuthenticated]

    def get(self, request):
        serializer = serializers.UserSerializer(request.user)
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@@ -7,7 +7,7 @@ from .api import views

 router = routers.DefaultRouter()
 #router.register(r'users', views.UserViewSet)
-router.register(r'members', views.MemberViewSet, basename='member')
+router.register(r'members', views.MemberViewSet, basename='members')
 router.register(r'courses', views.CourseViewSet, basename='course')
 router.register(r'sessions', views.SessionViewSet, basename='session')
 router.register(r'search', views.SearchViewSet, basename='search')