From 85a5164d6be83b2af472c8087b4d2ec6581c3b7c Mon Sep 17 00:00:00 2001 From: Fareed95 Date: Sun, 29 Sep 2024 18:03:10 +0530 Subject: [PATCH] almost staff page is also ready just a small issue in putt/patch request --- server/cc_admin/group_alteration.py | 36 ++++++++++++++++++++++++++++ server/cc_admin/urls.py | 2 ++ server/cc_admin/views.py | 3 +++ server/db.sqlite3 | Bin 139264 -> 139264 bytes 4 files changed, 41 insertions(+) create mode 100644 server/cc_admin/group_alteration.py diff --git a/server/cc_admin/group_alteration.py b/server/cc_admin/group_alteration.py new file mode 100644 index 0000000..4e17455 --- /dev/null +++ b/server/cc_admin/group_alteration.py @@ -0,0 +1,36 @@ +from rest_framework.views import APIView +from rest_framework.response import Response +from rest_framework import status +from rest_framework.exceptions import PermissionDenied +from round.models import Groups +from round.serializers import TotalGroupsSerializer +import jwt +from .models import User + +class UpdateGroupView(APIView): + def put(self, request, group_id): + token = request.headers.get('Authorization') + if not token: + return Response({"error": "Unauthorized!"}, status=status.HTTP_401_UNAUTHORIZED) + + # Decode JWT to check if user is staff + try: + payload = jwt.decode(token, 'secret', algorithms="HS256") + except jwt.ExpiredSignatureError: + return Response({"error": "Token expired!"}, status=status.HTTP_401_UNAUTHORIZED) + except jwt.InvalidTokenError: + return Response({"error": "Invalid token!"}, status=status.HTTP_401_UNAUTHORIZED) + + user = User.objects.filter(id=payload['id']).first() + if not user or not user.is_staff: + raise PermissionDenied("You do not have permission to perform this action.") + + group = Groups.objects.filter(id=group_id).first() + if not group: + return Response({"error": "Group not found!"}, status=status.HTTP_404_NOT_FOUND) + + serializer = TotalGroupsSerializer(group, data=request.data, partial=True) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data, status=status.HTTP_200_OK) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) diff --git a/server/cc_admin/urls.py b/server/cc_admin/urls.py index a4651a2..ec1a3e7 100644 --- a/server/cc_admin/urls.py +++ b/server/cc_admin/urls.py @@ -5,12 +5,14 @@ from django.conf import settings from django.conf.urls.static import static from django.contrib.staticfiles.urls import staticfiles_urlpatterns +from . group_alteration import UpdateGroupView urlpatterns = [ path('login',LoginView.as_view()), path('user',UserView.as_view()), path('logout',LogoutView.as_view()), + path('update-group//', UpdateGroupView.as_view(), name='update-group'), ]+ static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) diff --git a/server/cc_admin/views.py b/server/cc_admin/views.py index b91de6c..7bd69c7 100644 --- a/server/cc_admin/views.py +++ b/server/cc_admin/views.py @@ -36,6 +36,9 @@ def post(self, request): if not user.is_active: raise AuthenticationFailed('Account not activated. Please verify your email.') + if not user.is_staff: + raise AuthenticationFailed('Only staff can access this.') + payload = { 'id': user.id, diff --git a/server/db.sqlite3 b/server/db.sqlite3 index 9cb54368faf63f2e905a04a9550f85b8f8476bf8..297fefbd2f5d60ac3260afcbb26f1e8c8d9a31ff 100644 GIT binary patch delta 262 zcmZoTz|nAkV}dlJ@kAMCM&peM@AMeiH~Z_)v1jCLev`NTO&+6!p%6R&bq4<5{CD}k z^1tVQ$^V%D`ewm~gZw>!ejZTjQ&jEX>&_Zay9@PFt3#Q&E61yJQZpvn{c zTrA9-jO-wSZTpM;j4}d3?7Z6;_&4xp@+{?b8`a|Q;Y4j_ZVXw89Arll4nu_022F4?f?J) delta 120 zcmV-;0Ehp8zzBfA2#^~AF_9cY0Wq;)?k)iZvrjLaKLH4X>~6R0ZUGoE4h0Y601x{Q z^$+h4=?~+x5rEMTm*cMiAr1u(=l~D=5BCr95A6@=vk`#S54Y&Q0UQtx1rB`x53mnu a4