Source code for intranet.apps.users.api

import io
import os

from rest_framework import generics
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response

from django.conf import settings
from django.contrib.auth import get_user_model

from intranet.apps.search.views import get_search_results

from ..auth.rest_permissions import ApiAndOauthPermission, DenyRestrictedPermission
from .models import Grade
from .renderers import JPEGRenderer
from .serializers import CounselorTeacherSerializer, StudentSerializer, UserSerializer


[docs]class ProfileDetail(generics.RetrieveAPIView): """API endpoint that retrieves an Ion profile. /api/profile: retrieve your profile /api/profile/<pk>: retrieve the profile of the user with id <pk> /api/profile/<username>: retrieve the profile of the user with username <username> """ serializer_class = UserSerializer permission_classes = (IsAuthenticated,)
[docs] def retrieve(self, request, *args, **kwargs): if "pk" in kwargs: user = get_user_model().objects.get(pk=kwargs["pk"]) elif "username" in kwargs: user = get_user_model().objects.get(username__iexact=kwargs["username"]) else: user = request.user if not request.user.oauth_and_api_access and user != request.user: return Response({"detail": "You do not have permission to perform this action."}, status=403) if request.user.is_restricted and user != request.user: raise get_user_model().DoesNotExist # Remove sensitive information data = self.get_serializer(user).data fields_to_remove = [ "middle_name", "absences", "address", "emails", "phones", "websites", "is_announcements_admin", ] for field in fields_to_remove: data.pop(field) return Response(data)
[docs]class ProfilePictureDetail(generics.RetrieveAPIView): """API endpoint that retrieves an Ion profile picture. /api/profile/<pk>/picture: retrieve default profile picture /api/profile/<pk>/picture/<photo_year>: retrieve profile picture for year <photo_year> """ serializer_class = UserSerializer permission_classes = (DenyRestrictedPermission,) renderer_classes = (JPEGRenderer,)
[docs] def retrieve(self, request, *args, **kwargs): if "pk" in kwargs: user = get_user_model().objects.get(pk=kwargs["pk"]) elif "username" in kwargs: user = get_user_model().objects.get(username=kwargs["username"]) else: user = request.user binary = None if "photo_year" in kwargs: photo_year = kwargs["photo_year"] if photo_year in Grade.names: grade_number = Grade.number_from_name(photo_year) if user.photos.filter(grade_number=grade_number).exists(): binary = user.photos.filter(grade_number=grade_number).first().binary else: binary = None else: binary = user.default_photo if binary is None: default_image_path = os.path.join(settings.PROJECT_ROOT, "static/img/default_profile_pic.png") with io.open(default_image_path, mode="rb") as f: binary = f.read() return Response(binary, content_type="image/jpeg")