nk20/apps/api/serializers.py

# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later


from django.contrib.contenttypes.models import ContentType
from django.contrib.auth.models import User
from django.utils import timezone
from rest_framework import serializers
from member.api.serializers import ProfileSerializer, MembershipSerializer
from member.models import Membership
from note.api.serializers import NoteSerializer
from note.models import Alias
from note_kfet.middlewares import get_current_request
from permission.backends import PermissionBackend


class UserSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Users.
    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
    """

    class Meta:
        model = User
        exclude = (
            'password',
            'groups',
            'user_permissions',
        )


class ContentTypeSerializer(serializers.ModelSerializer):
    """
    REST API Serializer for Users.
    The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
    """

    class Meta:
        model = ContentType
        fields = '__all__'


class OAuthSerializer(serializers.ModelSerializer):
    """
    Informations that are transmitted by OAuth.
    For now, this includes user, profile and valid memberships.
    This should be better managed later.
    """
    normalized_name = serializers.SerializerMethodField()

    profile = serializers.SerializerMethodField()

    note = serializers.SerializerMethodField()

    memberships = serializers.SerializerMethodField()

    def get_normalized_name(self, obj):
        return Alias.normalize(obj.username)

    def get_profile(self, obj):
        # Display the profile of the user only if we have rights to see it.
        return ProfileSerializer().to_representation(obj.profile) \
            if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None

    def get_note(self, obj):
        # Display the note of the user only if we have rights to see it.
        return NoteSerializer().to_representation(obj.note) \
            if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None

    def get_memberships(self, obj):
        # Display only memberships that we are allowed to see.
        return serializers.ListSerializer(child=MembershipSerializer()).to_representation(
            obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())
                           .filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view')))

    class Meta:
        model = User
        fields = (
            'id',
            'username',
            'normalized_name',
            'first_name',
            'last_name',
            'email',
            'is_superuser',
            'is_active',
            'is_staff',
            'profile',
            'note',
            'memberships',
        )
Update 131 files - /apps/activity/api/serializers.py - /apps/activity/api/urls.py - /apps/activity/api/views.py - /apps/activity/tests/test_activities.py - /apps/activity/__init__.py - /apps/activity/admin.py - /apps/activity/apps.py - /apps/activity/forms.py - /apps/activity/tables.py - /apps/activity/urls.py - /apps/activity/views.py - /apps/api/__init__.py - /apps/api/apps.py - /apps/api/serializers.py - /apps/api/tests.py - /apps/api/urls.py - /apps/api/views.py - /apps/api/viewsets.py - /apps/logs/signals.py - /apps/logs/apps.py - /apps/logs/__init__.py - /apps/logs/api/serializers.py - /apps/logs/api/urls.py - /apps/logs/api/views.py - /apps/member/api/serializers.py - /apps/member/api/urls.py - /apps/member/api/views.py - /apps/member/templatetags/memberinfo.py - /apps/member/__init__.py - /apps/member/admin.py - /apps/member/apps.py - /apps/member/auth.py - /apps/member/forms.py - /apps/member/hashers.py - /apps/member/signals.py - /apps/member/tables.py - /apps/member/urls.py - /apps/member/views.py - /apps/note/api/serializers.py - /apps/note/api/urls.py - /apps/note/api/views.py - /apps/note/models/__init__.py - /apps/note/static/note/js/consos.js - /apps/note/templates/note/mails/negative_balance.txt - /apps/note/templatetags/getenv.py - /apps/note/templatetags/pretty_money.py - /apps/note/tests/test_transactions.py - /apps/note/__init__.py - /apps/note/admin.py - /apps/note/apps.py - /apps/note/forms.py - /apps/note/signals.py - /apps/note/tables.py - /apps/note/urls.py - /apps/note/views.py - /apps/permission/api/serializers.py - /apps/permission/api/urls.py - /apps/permission/api/views.py - /apps/permission/templatetags/perms.py - /apps/permission/tests/test_oauth2.py - /apps/permission/tests/test_permission_denied.py - /apps/permission/tests/test_permission_queries.py - /apps/permission/tests/test_rights_page.py - /apps/permission/__init__.py - /apps/permission/admin.py - /apps/permission/backends.py - /apps/permission/apps.py - /apps/permission/decorators.py - /apps/permission/permissions.py - /apps/permission/scopes.py - /apps/permission/signals.py - /apps/permission/tables.py - /apps/permission/urls.py - /apps/permission/views.py - /apps/registration/tests/test_registration.py - /apps/registration/__init__.py - /apps/registration/apps.py - /apps/registration/forms.py - /apps/registration/tables.py - /apps/registration/tokens.py - /apps/registration/urls.py - /apps/registration/views.py - /apps/treasury/api/serializers.py - /apps/treasury/api/urls.py - /apps/treasury/api/views.py - /apps/treasury/templatetags/escape_tex.py - /apps/treasury/tests/test_treasury.py - /apps/treasury/__init__.py - /apps/treasury/admin.py - /apps/treasury/apps.py - /apps/treasury/forms.py - /apps/treasury/signals.py - /apps/treasury/tables.py - /apps/treasury/urls.py - /apps/treasury/views.py - /apps/wei/api/serializers.py - /apps/wei/api/urls.py - /apps/wei/api/views.py - /apps/wei/forms/surveys/__init__.py - /apps/wei/forms/surveys/base.py - /apps/wei/forms/surveys/wei2021.py - /apps/wei/forms/surveys/wei2022.py - /apps/wei/forms/surveys/wei2023.py - /apps/wei/forms/__init__.py - /apps/wei/forms/registration.py - /apps/wei/management/commands/export_wei_registrations.py - /apps/wei/management/commands/import_scores.py - /apps/wei/management/commands/wei_algorithm.py - /apps/wei/templates/wei/weilist_sample.tex - /apps/wei/tests/test_wei_algorithm_2021.py - /apps/wei/tests/test_wei_algorithm_2022.py - /apps/wei/tests/test_wei_algorithm_2023.py - /apps/wei/tests/test_wei_registration.py - /apps/wei/__init__.py - /apps/wei/admin.py - /apps/wei/apps.py - /apps/wei/tables.py - /apps/wei/urls.py - /apps/wei/views.py - /note_kfet/settings/__init__.py - /note_kfet/settings/base.py - /note_kfet/settings/development.py - /note_kfet/settings/secrets_example.py - /note_kfet/static/js/base.js - /note_kfet/admin.py - /note_kfet/inputs.py - /note_kfet/middlewares.py - /note_kfet/urls.py - /note_kfet/views.py - /note_kfet/wsgi.py - /entrypoint.sh 2024-02-07 01:26:49 +00:00			`# Copyright (C) 2018-2024 by BDE ENS Paris-Saclay`
move viewsets and serializers out of urls.py 2020-09-02 17:00:04 +00:00			`# SPDX-License-Identifier: GPL-3.0-or-later`


			`from django.contrib.contenttypes.models import ContentType`
			`from django.contrib.auth.models import User`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`from django.utils import timezone`
			`from rest_framework import serializers`
			`from member.api.serializers import ProfileSerializer, MembershipSerializer`
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`from member.models import Membership`
Provide also note information (with balance and picture) Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 11:55:19 +00:00			`from note.api.serializers import NoteSerializer`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`from note.models import Alias`
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`from note_kfet.middlewares import get_current_request`
			`from permission.backends import PermissionBackend`
Remove useless blank lines and spaces in api app 2020-09-03 19:21:09 +00:00
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00
			`class UserSerializer(serializers.ModelSerializer):`
move viewsets and serializers out of urls.py 2020-09-02 17:00:04 +00:00			`"""`
			`REST API Serializer for Users.`
			The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
			`"""`

			`class Meta:`
			`model = User`
			`exclude = (`
			`'password',`
			`'groups',`
			`'user_permissions',`
			`)`


Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`class ContentTypeSerializer(serializers.ModelSerializer):`
move viewsets and serializers out of urls.py 2020-09-02 17:00:04 +00:00			`"""`
			`REST API Serializer for Users.`
			The djangorestframework plugin will analyse the model `User` and parse all fields in the API.
			`"""`

			`class Meta:`
			`model = ContentType`
			`fields = '__all__'`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00

			`class OAuthSerializer(serializers.ModelSerializer):`
			`"""`
			`Informations that are transmitted by OAuth.`
			`For now, this includes user, profile and valid memberships.`
			`This should be better managed later.`
			`"""`
			`normalized_name = serializers.SerializerMethodField()`

In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`profile = serializers.SerializerMethodField()`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`note = serializers.SerializerMethodField()`
Provide also note information (with balance and picture) Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 11:55:19 +00:00
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`memberships = serializers.SerializerMethodField()`

			`def get_normalized_name(self, obj):`
			`return Alias.normalize(obj.username)`

In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`def get_profile(self, obj):`
			`# Display the profile of the user only if we have rights to see it.`
			`return ProfileSerializer().to_representation(obj.profile) \`
Fix permission checks in the /api/me view Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2022-03-09 10:45:24 +00:00			`if PermissionBackend.check_perm(get_current_request(), 'member.view_profile', obj.profile) else None`
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00
			`def get_note(self, obj):`
			`# Display the note of the user only if we have rights to see it.`
			`return NoteSerializer().to_representation(obj.note) \`
Fix permission checks in the /api/me view Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2022-03-09 10:45:24 +00:00			`if PermissionBackend.check_perm(get_current_request(), 'note.view_note', obj.note) else None`
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`def get_memberships(self, obj):`
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`# Display only memberships that we are allowed to see.`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`return serializers.ListSerializer(child=MembershipSerializer()).to_representation(`
In the /api/me page, display note, profile and memberships only if we have associated permissions Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-12-23 22:25:18 +00:00			`obj.memberships.filter(date_start__lte=timezone.now(), date_end__gte=timezone.now())`
			`.filter(PermissionBackend.filter_queryset(get_current_request(), Membership, 'view')))`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00
			`class Meta:`
			`model = User`
			`fields = (`
			`'id',`
			`'username',`
			`'normalized_name',`
			`'first_name',`
			`'last_name',`
			`'email',`
			`'is_superuser',`
			`'is_active',`
			`'is_staff',`
			`'profile',`
Provide also note information (with balance and picture) Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 11:55:19 +00:00			`'note',`
Add profile and membership information to OAuth views Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-03-09 09:57:35 +00:00			`'memberships',`
			`)`