Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7429cdddeb17699a09d4e2cc4ecc597cafcdc74
edx-platform/lms/djangoapps/mobile_api/users/views.py
Dave St.Germain bd581fdbb5 Cleaning up pylint and pep8 errors.
2014-09-29 16:39:32 -04:00

77 lines
2.7 KiB
Python
Raw Blame History

"""
Views for user API
"""
from django.shortcuts import redirect
from rest_framework import generics, permissions
from rest_framework.authentication import OAuth2Authentication, SessionAuthentication
from rest_framework.decorators import api_view, authentication_classes, permission_classes
from rest_framework.permissions import IsAuthenticated
from courseware.access import has_access
from student.models import CourseEnrollment, User
from .serializers import CourseEnrollmentSerializer, UserSerializer
class IsUser(permissions.BasePermission):
"""
Permission that checks to see if the request user matches the User models
"""
def has_object_permission(self, request, view, obj):
return request.user == obj
class UserDetail(generics.RetrieveAPIView):
"""Read-only information about our User.
This will be where users are redirected to after API login and will serve
as a place to list all useful resources this user can access.
"""
authentication_classes = (OAuth2Authentication, SessionAuthentication)
permission_classes = (permissions.IsAuthenticated, IsUser)
queryset = (
User.objects.all()
.select_related('profile', 'course_enrollments')
)
serializer_class = UserSerializer
lookup_field = 'username'
class UserCourseEnrollmentsList(generics.ListAPIView):
"""Read-only list of courses that this user is enrolled in."""
authentication_classes = (OAuth2Authentication, SessionAuthentication)
permission_classes = (permissions.IsAuthenticated, IsUser)
queryset = CourseEnrollment.objects.all()
serializer_class = CourseEnrollmentSerializer
lookup_field = 'username'
def get_queryset(self):
qset = self.queryset.filter(
user__username=self.kwargs['username'], is_active=True
).order_by('created')
return mobile_course_enrollments(qset, self.request.user)
@api_view(["GET"])
@authentication_classes((OAuth2Authentication, SessionAuthentication))
@permission_classes((IsAuthenticated,))
def my_user_info(request):
"""
Redirect to the currently-logged-in user's info page
"""
return redirect("user-detail", username=request.user.username)
def mobile_course_enrollments(enrollments, user):
"""
Return enrollments only if courses are mobile_available (or if the user has staff access)
enrollments is a list of CourseEnrollments.
"""
for enr in enrollments:
course = enr.course
# The course doesn't always really exist -- we can have bad data in the enrollments
# pointing to non-existent (or removed) courses, in which case `course` is None.
if course and (course.mobile_available or has_access(user, 'staff', course)):
yield enr
Reference in New Issue View Git Blame Copy Permalink