almost staff page is also ready just a small issue in putt/patch request

RCOE-Code-Cell · Sep 29, 2024 · 85a5164 · 85a5164
1 parent 18d893e
commit 85a5164
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 0 deletions.
diff --git a/server/cc_admin/group_alteration.py b/server/cc_admin/group_alteration.py
@@ -0,0 +1,36 @@
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import status
+from rest_framework.exceptions import PermissionDenied
+from round.models import Groups
+from round.serializers import TotalGroupsSerializer
+import jwt
+from .models import User
+
+class UpdateGroupView(APIView):
+    def put(self, request, group_id):
+        token = request.headers.get('Authorization')
+        if not token:
+            return Response({"error": "Unauthorized!"}, status=status.HTTP_401_UNAUTHORIZED)
+
+        # Decode JWT to check if user is staff
+        try:
+            payload = jwt.decode(token, 'secret', algorithms="HS256")
+        except jwt.ExpiredSignatureError:
+            return Response({"error": "Token expired!"}, status=status.HTTP_401_UNAUTHORIZED)
+        except jwt.InvalidTokenError:
+            return Response({"error": "Invalid token!"}, status=status.HTTP_401_UNAUTHORIZED)
+
+        user = User.objects.filter(id=payload['id']).first()
+        if not user or not user.is_staff:
+            raise PermissionDenied("You do not have permission to perform this action.")
+
+        group = Groups.objects.filter(id=group_id).first()
+        if not group:
+            return Response({"error": "Group not found!"}, status=status.HTTP_404_NOT_FOUND)
+
+        serializer = TotalGroupsSerializer(group, data=request.data, partial=True)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
diff --git a/server/cc_admin/urls.py b/server/cc_admin/urls.py
@@ -5,12 +5,14 @@
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib.staticfiles.urls import  staticfiles_urlpatterns
+from . group_alteration import UpdateGroupView
 
 
 urlpatterns = [
     path('login',LoginView.as_view()),
     path('user',UserView.as_view()),
     path('logout',LogoutView.as_view()),
+    path('update-group/<int:group_id>/', UpdateGroupView.as_view(), name='update-group'),
 ]+ static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
 
 

diff --git a/server/cc_admin/views.py b/server/cc_admin/views.py
@@ -36,6 +36,9 @@ def post(self, request):
 
         if not user.is_active:
             raise AuthenticationFailed('Account not activated. Please verify your email.')
+        if not user.is_staff:
+            raise AuthenticationFailed('Only staff can access this.')
+
 
         payload = {
             'id': user.id,

diff --git a/server/db.sqlite3 b/server/db.sqlite3