Source code for intranet.apps.users.api

import os

from django.conf import settings
from django.contrib.auth import get_user_model
from rest_framework import generics
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response

from intranet.apps.search.views import get_search_results

from ..auth.rest_permissions import ApiAndOauthPermission, DenyRestrictedPermission
from .models import Grade
from .renderers import JPEGRenderer
from .serializers import CounselorTeacherSerializer, StudentSerializer, UserSerializer



[docs]class ProfileDetail(generics.RetrieveAPIView):
    """API endpoint that retrieves an Ion profile.

    /api/profile: retrieve your profile
    /api/profile/<pk>: retrieve the profile of the user with id <pk>
    /api/profile/<username>: retrieve the profile of the user with username <username>

    """

    serializer_class = UserSerializer
    permission_classes = (IsAuthenticated,)

    def retrieve(self, request, *args, **kwargs):
        if "pk" in kwargs:
            user = get_user_model().objects.get(pk=kwargs["pk"])
        elif "username" in kwargs:
            user = get_user_model().objects.get(username__iexact=kwargs["username"])
        else:
            user = request.user

        if not request.user.oauth_and_api_access and user != request.user:
            return Response({"detail": "You do not have permission to perform this action."}, status=403)

        if request.user.is_restricted and user != request.user:
            raise get_user_model().DoesNotExist

        # Remove sensitive information
        data = self.get_serializer(user).data
        fields_to_remove = [
            "middle_name",
            "absences",
            "address",
            "emails",
            "phones",
            "websites",
            "is_announcements_admin",
        ]
        if not (request.user.is_teacher or request.user.is_eighth_admin):
            fields_to_remove.append("student_id")

        for field in fields_to_remove:
            data.pop(field)

        return Response(data)




[docs]class ProfilePictureDetail(generics.RetrieveAPIView):
    """API endpoint that retrieves an Ion profile picture.

    /api/profile/<pk>/picture: retrieve default profile picture
    /api/profile/<pk>/picture/<photo_year>: retrieve profile picture for year <photo_year>

    """

    serializer_class = UserSerializer
    permission_classes = (DenyRestrictedPermission,)
    renderer_classes = (JPEGRenderer,)

    def retrieve(self, request, *args, **kwargs):
        if "pk" in kwargs:
            user = get_user_model().objects.get(pk=kwargs["pk"])
        elif "username" in kwargs:
            user = get_user_model().objects.get(username=kwargs["username"])
        else:
            user = request.user

        binary = None
        if "photo_year" in kwargs:
            photo_year = kwargs["photo_year"]
            if photo_year in Grade.names:
                grade_number = Grade.number_from_name(photo_year)
                if user.photos.filter(grade_number=grade_number).exists():
                    binary = user.photos.filter(grade_number=grade_number).first().binary
                else:
                    binary = None
        else:
            binary = user.default_photo
        if binary is None:
            default_image_path = os.path.join(settings.PROJECT_ROOT, "static/img/default_profile_pic.png")
            with open(default_image_path, mode="rb") as f:
                binary = f.read()

        return Response(binary, content_type="image/jpeg")