Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Allow requester indies to retrieve school #147

Merged
merged 4 commits into from
Nov 25, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions codeforlife/user/permissions/is_independent.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,31 @@
Created on 12/12/2023 at 13:55:47(+00:00).
"""

import typing as t

from ...permissions import IsAuthenticated
from ..models import User


class IsIndependent(IsAuthenticated):
"""Request's user must be independent."""

def __init__(
self,
is_requesting_to_join_class: t.Optional[bool] = None,
):
# pylint: disable=line-too-long
"""Initialize permission.

Args:
is_requesting_to_join_class: Check if the independent is (not)
requesting to join a class. If None, don't check.
"""
# pylint: enable=line-too-long
super().__init__()

self.is_requesting_to_join_class = is_requesting_to_join_class

def has_permission(self, request, view):
user = request.user
return (
Expand All @@ -19,4 +37,15 @@ def has_permission(self, request, view):
and user.teacher is None
and user.student is not None
and user.student.class_field is None
and (
self.is_requesting_to_join_class is None
or (
self.is_requesting_to_join_class
and user.student.pending_class_request is not None
)
or (
not self.is_requesting_to_join_class
and user.student.pending_class_request is None
)
)
)
23 changes: 17 additions & 6 deletions codeforlife/user/views/school.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from ...views import ModelViewSet
from ..models import School
from ..models import User as RequestUser
from ..permissions import IsStudent, IsTeacher
from ..permissions import IsIndependent, IsStudent, IsTeacher
from ..serializers import SchoolSerializer


Expand All @@ -21,16 +21,27 @@ def get_permissions(self):
if self.action == "list":
return [AllowNone()]

return [OR(IsStudent(), IsTeacher(in_school=True))]
return [
OR(
OR(IsStudent(), IsTeacher(in_school=True)),
IsIndependent(is_requesting_to_join_class=True),
)
]

# pylint: disable-next=missing-function-docstring
def get_queryset(self):
user = self.request.auth_user
if user.student:
return School.objects.filter(
# TODO: should be user.student.school_id
id=user.student.class_field.teacher.school_id
)
if user.student.class_field:
return School.objects.filter(
# TODO: should be user.student.school_id
id=user.student.class_field.teacher.school_id
)
if user.student.pending_class_request:
return School.objects.filter(
# TODO: should be user.requesting_to_join_class.school_id
id=user.student.pending_class_request.teacher.school_id
)

user = self.request.school_teacher_user
return School.objects.filter(id=user.teacher.school_id)
31 changes: 28 additions & 3 deletions codeforlife/user/views/school_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,14 @@

from ...permissions import OR, AllowNone
from ...tests import ModelViewSetTestCase
from ..models import School, SchoolTeacherUser, StudentUser, User
from ..permissions import IsStudent, IsTeacher
from ..models import (
IndependentUser,
School,
SchoolTeacherUser,
StudentUser,
User,
)
from ..permissions import IsIndependent, IsStudent, IsTeacher
from ..views import SchoolViewSet

RequestUser = User
Expand All @@ -16,6 +22,7 @@
class TestSchoolViewSet(ModelViewSetTestCase[RequestUser, School]):
basename = "school"
model_view_set_class = SchoolViewSet
fixtures = ["school_1", "independent"]

# test: get permissions

Expand All @@ -29,7 +36,12 @@ def test_get_permissions__list(self):
def test_get_permissions__retrieve(self):
"""Only student and school-teachers can retrieve a school."""
self.assert_get_permissions(
permissions=[OR(IsStudent(), IsTeacher(in_school=True))],
permissions=[
OR(
OR(IsStudent(), IsTeacher(in_school=True)),
IsIndependent(is_requesting_to_join_class=True),
)
],
action="retrieve",
)

Expand All @@ -55,6 +67,19 @@ def test_get_queryset__student(self):
request=self.client.request_factory.get(user=user),
)

def test_get_queryset__independent(self):
"""
An independent-user can only target the school they are requesting
to join.
"""
user = IndependentUser.objects.get(username="[email protected]")
assert user

self.assert_get_queryset(
values=[user.student.pending_class_request.teacher.school],
request=self.client.request_factory.get(user=user),
)

# test: actions

def test_retrieve(self):
Expand Down