API:s for the new front-end

src/customPermissions.py

@@ -0,0 +1,7 @@
+from rest_framework.authentication import SessionAuthentication
+
+class CsrfExemptSessionAuthentication(SessionAuthentication):
+
+    def enforce_csrf(self, request):
+        return
+

src/events/customPermissions.py

@@ -0,0 +1,21 @@
+from rest_framework.permissions import BasePermission
+from rest_framework.authentication import SessionAuthentication
+class CsrfExemptSessionAuthentication(SessionAuthentication):
+
+    def enforce_csrf(self, request):
+        return
+
+class OwnApplicationPermission(BasePermission):
+    """
+    Object-level permission to only allow updating his own profile
+    """
+    def has_object_permission(self, request, view, obj):
+        return obj.event_applicant == request.user
+
+class ParticipantAllowancePermission(BasePermission):
+
+    def has_object_permission(self, request, view, obj):
+        if request.method not in ["GET", "HEAD", "OPTIONS"]:
+            return not obj.ticket.locked
+        else:
+            return True

src/events/serializers/serializers.py

@@ -0,0 +1,33 @@
+from events.models.costs import Costs
+from events.models.event import Event
+from events.models.participant import Participant
+from events.models.application import EventApplication
+from events.models.ticket import Ticket
+from rest_framework import serializers
+
+class CostsSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Costs
+        fields = '__all__'
+
+class EventSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Event
+        fields = '__all__'
+        depth = 1
+
+class ParticipantSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Participant
+        fields = '__all__'
+
+class EventApplicationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = EventApplication
+        fields = '__all__'
+        depth = 1
+
+class TicketSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Ticket
+        fields = '__all__'

src/events/urls.py

@@ -1,6 +1,15 @@
 from django.urls import path, re_path
+from rest_framework import routers
 from events import views
 
+router = routers.SimpleRouter()
+router.register(r'^api/costs', views.api.CostsViewSet, basename="CostsView")
+router.register(r'^api/event', views.api.EventViewSet, basename="EventView")
+router.register(r'^api/eventapplication', views.api.EventApplicationViewSet, basename="EventApplicationView")
+router.register(r'^api/ticket', views.api.TicketViewSet, basename="TicketView")
+router.register(r'^api/participant', views.api.ParticipantViewSet, basename="ParticipantView")
+
+
 urlpatterns = [
     path('event/<int:pk>',
          views.EventView.as_view(),
@@ -31,3 +40,5 @@
         name='events_event_modeladmin_export_participants'
     ),
 ]
+
+urlpatterns += router.urls

src/events/views/__init__.py

@@ -5,3 +5,4 @@
 from .admin_unassign_unpaid import *
 from .admin_remove_applications import *
 from .admin_export_participants import *
+from .api import *

src/events/views/api.py

@@ -0,0 +1,54 @@
+from rest_framework import viewsets, authentication
+from events.serializers.serializers import *
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, AllowAny, IsAuthenticated
+from events.models.costs import Costs
+from events.models.event import Event
+from events.models.participant import Participant
+from events.models.application import EventApplication
+from events.models.ticket import Ticket
+from events.customPermissions import OwnApplicationPermission, CsrfExemptSessionAuthentication, \
+    ParticipantAllowancePermission
+
+class CostsViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = CostsSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [AllowAny]
+    queryset = Costs.objects.all()
+
+class EventViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = EventSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticatedOrReadOnly]
+    queryset = Event.objects.all()
+
+class ParticipantViewSet(viewsets.ModelViewSet):
+    serializer_class = ParticipantSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticatedOrReadOnly, ParticipantAllowancePermission]
+
+    def get_queryset(self):
+        user = self.request.user
+        tickets = list(Ticket.objects.filter.values_list(owner=user))
+        queryset = Participant.objects.filter(ticket__in=tickets)
+        return queryset
+
+class EventApplicationViewSet(viewsets.ModelViewSet):
+    serializer_class = EventApplicationSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticated, OwnApplicationPermission]
+
+    def get_queryset(self):
+        user = self.request.user
+        queryset = EventApplication.objects.filter(event_applicant=user)
+        return queryset
+
+class TicketViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = TicketSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticated]
+
+    def get_queryset(self):
+        user = self.request.user
+        queryset = Ticket.objects.filter(owner=user)
+        return queryset
+

src/involvement/customPermissions.py

@@ -0,0 +1,42 @@
+from rest_framework.permissions import BasePermission
+from rest_framework.authentication import SessionAuthentication
+from datetime import date
+class CsrfExemptSessionAuthentication(SessionAuthentication):
+
+    def enforce_csrf(self, request):
+        return
+class ReadAndCreate(BasePermission):
+    """
+        Authenticated user can create but not delete or update.
+    """
+    def has_permission(self, request, view):
+        return True if request.method in ["GET", "HEAD", "OPTIONS", "POST"] else False
+
+class ReadCreateUpdate(BasePermission):
+    """
+        Authenticated user can create and update but not delete.
+    """
+    def has_permission(self, request, view):
+        return True if request.method not in ["DELETE"] else False
+
+class OwnApplicationPermission(BasePermission):
+    """
+    Object-level permission to only allow updating his own profile
+    """
+    def has_object_permission(self, request, view, obj):
+        return obj.applicant == request.user
+
+class DeleteApplicationPermission(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if obj.status in ["Draft", "Submitted"]:
+            return True
+        return False
+
+
+class EditApplicationPermission(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if obj.status in ["Draft"]:
+            if obj.position.recruitment_end > date.today():
+                return True
+            return False
+        return False

src/involvement/serializers/application_serializer.py

@@ -0,0 +1,15 @@
+from involvement.models.application import Application
+from rest_framework import serializers
+
+#Role serializer
+class ApplicationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Application
+        fields = '__all__'
+        depth = 1
+
+class ApplicationEditSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Application
+        exclude = ["status"]
+        depth = 1

src/involvement/serializers/position_serializer.py

@@ -0,0 +1,13 @@
+from involvement.models.position import Position
+from rest_framework import serializers
+
+class PositionSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Position
+        fields = '__all__'
+
+class PositionDepthSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Position
+        fields = '__all__'
+        depth = 1

src/involvement/serializers/role_serializer.py

@@ -0,0 +1,8 @@
+from involvement.models.role import Role
+from rest_framework import serializers
+
+#Role serializer
+class RoleSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Role
+        fields = '__all__'

src/involvement/serializers/team_serializer.py

@@ -0,0 +1,9 @@
+from involvement.models.team import Team
+from rest_framework import serializers
+
+#Serializer for team
+class TeamSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Team
+        fields = '__all__'
+

src/involvement/urls.py

@@ -1,7 +1,17 @@
 from django.conf.urls import re_path
-
+from rest_framework import routers
 from involvement import views
 
+#API URLs
+router = routers.SimpleRouter()
+router.register(r'^position', views.position_api.PositionViewSet, basename="PositionView")
+router.register(r'^position2', views.position_api.Position2ViewSet, basename="Position2View")
+router.register(r'^teams', views.team_read_api.TeamViewSet, basename="TeamsView")
+router.register(r'^roles', views.role_read_api.RoleViewSet, basename="RolesView")
+router.register(r'^application', views.application_api.ApplicationViewSet, basename="ApplicationView")
+router.register(r'^application-update', views.application_api.ApplicationEditViewSet, basename="ApplicationEditView")
+router.register(r'^application-delete', views.application_api.ApplicationDeleteViewSet, basename="ApplicationDeleteView")
+
 urlpatterns = [
     re_path(
         r'^admin/involvement/position/elect/(\d+)/$',
@@ -19,3 +29,5 @@
         name='involvement_position_extend'
     ),
 ]
+
+urlpatterns += router.urls

src/involvement/views/__init__.py

@@ -9,9 +9,13 @@
 from .position_create_view import PositionCreateView
 from .position_edit_view import PositionEditView
 from .position_inspect_view import PositionInspectView
+from .position_api import PositionViewSet
 from .role_create_view import RoleCreateView
 from .role_edit_view import RoleEditView
 from .application_create_view import ApplicationCreateView
 from .application_edit_view import ApplicationEditView
 from .application_inspect_view import ApplicationInspectView
 from .role_inspect_view import RoleInspectView
+from .team_read_api import TeamViewSet
+from .role_read_api import RoleViewSet
+from .application_api import ApplicationViewSet

src/involvement/views/application_api.py

@@ -0,0 +1,39 @@
+from rest_framework import viewsets, mixins, authentication
+from involvement.serializers.application_serializer import ApplicationSerializer, ApplicationEditSerializer
+from rest_framework.permissions import IsAuthenticated
+from involvement.models.application import Application
+from involvement.customPermissions import OwnApplicationPermission, DeleteApplicationPermission, \
+    EditApplicationPermission
+from involvement.customPermissions import CsrfExemptSessionAuthentication
+
+#Role view
+class ApplicationViewSet(viewsets.GenericViewSet, mixins.CreateModelMixin, mixins.ListModelMixin, \
+                         mixins.RetrieveModelMixin):
+    serializer_class = ApplicationSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticated, OwnApplicationPermission]
+
+    def get_queryset(self):
+        user = self.request.user
+        queryset = Application.objects.filter(applicant=user)
+        return queryset
+
+class ApplicationDeleteViewSet(viewsets.GenericViewSet, mixins.DestroyModelMixin):
+    serializer_class = ApplicationSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticated, OwnApplicationPermission, DeleteApplicationPermission]
+
+    def get_queryset(self):
+        user = self.request.user
+        queryset = Application.objects.filter(applicant=user)
+        return queryset
+
+class ApplicationEditViewSet(viewsets.GenericViewSet, mixins.UpdateModelMixin):
+    serializer_class = ApplicationEditSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticated, OwnApplicationPermission, EditApplicationPermission]
+
+    def get_queryset(self):
+        user = self.request.user
+        queryset = Application.objects.filter(applicant=user)
+        return queryset

src/involvement/views/position_api.py

@@ -0,0 +1,17 @@
+from rest_framework import viewsets, authentication, mixins
+from involvement.serializers.position_serializer import PositionSerializer, PositionDepthSerializer
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAuthenticated
+from involvement.models.position import Position
+from involvement.customPermissions import CsrfExemptSessionAuthentication
+
+class PositionViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = PositionSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticatedOrReadOnly]
+    queryset = Position.objects.all()
+
+class Position2ViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = PositionDepthSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [IsAuthenticatedOrReadOnly]
+    queryset = Position.objects.all()

src/involvement/views/role_read_api.py

@@ -0,0 +1,11 @@
+from rest_framework import viewsets, authentication
+from involvement.serializers.role_serializer import RoleSerializer
+from rest_framework.permissions import AllowAny
+from involvement.models.role import Role
+from involvement.customPermissions import CsrfExemptSessionAuthentication
+#Role view
+class RoleViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = RoleSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [AllowAny]
+    queryset = Role.objects.all()

src/involvement/views/team_read_api.py

@@ -0,0 +1,12 @@
+from rest_framework import viewsets, authentication
+from involvement.serializers.team_serializer import TeamSerializer
+from rest_framework.permissions import AllowAny
+from involvement.models.team import Team
+from involvement.customPermissions import CsrfExemptSessionAuthentication
+#Read Teams API
+class TeamViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = TeamSerializer
+    authentication_classes = (CsrfExemptSessionAuthentication, authentication.BasicAuthentication)
+    permission_classes = [AllowAny]
+    queryset = Team.objects.all()
+

src/members/customPermissions.py

@@ -0,0 +1,5 @@
+from rest_framework.authentication import SessionAuthentication
+class CsrfExemptSessionAuthentication(SessionAuthentication):
+
+    def enforce_csrf(self, request):
+        return

src/members/serializers.py

@@ -1,6 +1,12 @@
 from rest_framework import serializers
 from utils.validators import SSNValidator
+from members.models.member import Member
 
+class MemberSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Member
+        fields = '__all__'
+        depth = 1
 
 class MemberCheckSerializer(serializers.Serializer):
     ssn = serializers.CharField()

src/members/urls.py

@@ -1,10 +1,14 @@
 from django.conf.urls import re_path, include
 from django.urls import reverse_lazy
 from django.views.generic import CreateView
+from rest_framework import routers
 
 from members import views
 from members.forms import RegistrationForm
 
+router = routers.SimpleRouter()
+router.register(r'^me', views.MemberViewSet, basename="MemberViewSet")
+
 urlpatterns = [
     re_path(r'^profile/$', views.ProfileView.as_view(), name='profile'),
     re_path(
@@ -25,3 +29,5 @@
         views.CustomPasswordResetView.as_view(),
         name='password_reset_custom'),
 ]
+
+urlpatterns += router.urls