mirror of
https://github.com/ae-utbm/sith.git
synced 2025-07-10 03:49:24 +00:00
21
core/api.py
21
core/api.py
@ -3,16 +3,21 @@ from typing import Annotated
|
||||
import annotated_types
|
||||
from django.conf import settings
|
||||
from django.http import HttpResponse
|
||||
from ninja_extra import ControllerBase, api_controller, route
|
||||
from ninja import Query
|
||||
from ninja_extra import ControllerBase, api_controller, paginate, route
|
||||
from ninja_extra.exceptions import PermissionDenied
|
||||
from ninja_extra.pagination import PageNumberPaginationExtra
|
||||
from ninja_extra.schemas import PaginatedResponseSchema
|
||||
|
||||
from club.models import Mailing
|
||||
from core.api_permissions import CanView
|
||||
from core.api_permissions import CanView, IsLoggedInCounter, IsOldSubscriber, IsRoot
|
||||
from core.models import User
|
||||
from core.schemas import (
|
||||
FamilyGodfatherSchema,
|
||||
MarkdownSchema,
|
||||
UserFamilySchema,
|
||||
UserFilterSchema,
|
||||
UserProfileSchema,
|
||||
)
|
||||
from core.templatetags.renderer import markdown
|
||||
|
||||
@ -38,6 +43,18 @@ class MailingListController(ControllerBase):
|
||||
return data
|
||||
|
||||
|
||||
@api_controller("/user", permissions=[IsOldSubscriber | IsRoot | IsLoggedInCounter])
|
||||
class UserController(ControllerBase):
|
||||
@route.get("", response=list[UserProfileSchema])
|
||||
def fetch_profiles(self, pks: Query[set[int]]):
|
||||
return User.objects.filter(pk__in=pks)
|
||||
|
||||
@route.get("/search", response=PaginatedResponseSchema[UserProfileSchema])
|
||||
@paginate(PageNumberPaginationExtra, page_size=20)
|
||||
def search_users(self, filters: Query[UserFilterSchema]):
|
||||
return filters.filter(User.objects.all())
|
||||
|
||||
|
||||
DepthValue = Annotated[int, annotated_types.Ge(0), annotated_types.Le(10)]
|
||||
DEFAULT_DEPTH = 4
|
||||
|
||||
|
@ -42,6 +42,8 @@ from django.http import HttpRequest
|
||||
from ninja_extra import ControllerBase
|
||||
from ninja_extra.permissions import BasePermission
|
||||
|
||||
from counter.models import Counter
|
||||
|
||||
|
||||
class IsInGroup(BasePermission):
|
||||
"""Check that the user is in the group whose primary key is given."""
|
||||
@ -120,3 +122,15 @@ class IsOwner(BasePermission):
|
||||
self, request: HttpRequest, controller: ControllerBase, obj: Any
|
||||
) -> bool:
|
||||
return request.user.is_owner(obj)
|
||||
|
||||
|
||||
class IsLoggedInCounter(BasePermission):
|
||||
"""Check that a user is logged in a counter."""
|
||||
|
||||
def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool:
|
||||
if "/counter/" not in request.META["HTTP_REFERER"]:
|
||||
return False
|
||||
token = request.session.get("counter_token")
|
||||
if not token:
|
||||
return False
|
||||
return Counter.objects.filter(token=token).exists()
|
||||
|
@ -49,8 +49,7 @@ class CustomerLookup(RightManagedLookupChannel):
|
||||
model = Customer
|
||||
|
||||
def get_query(self, q, request):
|
||||
users = search_user(q)
|
||||
return [user.customer for user in users]
|
||||
return list(Customer.objects.filter(user__in=search_user(q)))
|
||||
|
||||
def format_match(self, obj):
|
||||
return obj.user.get_mini_item()
|
||||
|
@ -991,8 +991,8 @@ class SithFile(models.Model):
|
||||
return user.is_board_member
|
||||
if user.is_com_admin:
|
||||
return True
|
||||
if self.is_in_sas and user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID):
|
||||
return True
|
||||
if self.is_in_sas:
|
||||
return user.is_in_group(pk=settings.SITH_GROUP_SAS_ADMIN_ID)
|
||||
return user.id == self.owner_id
|
||||
|
||||
def can_be_viewed_by(self, user):
|
||||
|
@ -1,5 +1,12 @@
|
||||
from typing import Annotated
|
||||
|
||||
from annotated_types import MinLen
|
||||
from django.contrib.staticfiles.storage import staticfiles_storage
|
||||
from ninja import ModelSchema, Schema
|
||||
from django.db.models import Q
|
||||
from django.utils.text import slugify
|
||||
from haystack.query import SearchQuerySet
|
||||
from ninja import FilterSchema, ModelSchema, Schema
|
||||
from pydantic import AliasChoices, Field
|
||||
|
||||
from core.models import User
|
||||
|
||||
@ -12,10 +19,6 @@ class SimpleUserSchema(ModelSchema):
|
||||
fields = ["id", "nick_name", "first_name", "last_name"]
|
||||
|
||||
|
||||
class MarkdownSchema(Schema):
|
||||
text: str
|
||||
|
||||
|
||||
class UserProfileSchema(ModelSchema):
|
||||
"""The necessary information to show a user profile"""
|
||||
|
||||
@ -42,6 +45,42 @@ class UserProfileSchema(ModelSchema):
|
||||
return obj.profile_pict.get_download_url()
|
||||
|
||||
|
||||
class UserFilterSchema(FilterSchema):
|
||||
search: Annotated[str, MinLen(1)]
|
||||
exclude: list[int] | None = Field(
|
||||
None, validation_alias=AliasChoices("exclude", "exclude[]")
|
||||
)
|
||||
|
||||
def filter_search(self, value: str | None) -> Q:
|
||||
if not value:
|
||||
return Q()
|
||||
if len(value) < 3:
|
||||
# For small queries, full text search isn't necessary
|
||||
return (
|
||||
Q(first_name__istartswith=value)
|
||||
| Q(last_name__istartswith=value)
|
||||
| Q(nick_name__istartswith=value)
|
||||
)
|
||||
return Q(
|
||||
id__in=list(
|
||||
SearchQuerySet()
|
||||
.models(User)
|
||||
.autocomplete(auto=slugify(value).replace("-", " "))
|
||||
.order_by("-last_update")
|
||||
.values_list("pk", flat=True)
|
||||
)
|
||||
)
|
||||
|
||||
def filter_exclude(self, value: set[int] | None) -> Q:
|
||||
if not value:
|
||||
return Q()
|
||||
return ~Q(id__in=value)
|
||||
|
||||
|
||||
class MarkdownSchema(Schema):
|
||||
text: str
|
||||
|
||||
|
||||
class FamilyGodfatherSchema(Schema):
|
||||
godfather: int
|
||||
godchild: int
|
||||
|
@ -107,3 +107,35 @@ function update_query_string(key, value, action = History.REPLACE, url = null) {
|
||||
|
||||
return url;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Given a paginated endpoint, fetch all the items of this endpoint,
|
||||
* performing multiple API calls if necessary.
|
||||
* @param {string} url The paginated endpoint to fetch
|
||||
* @return {Promise<Object[]>}
|
||||
*/
|
||||
async function fetch_paginated(url) {
|
||||
const max_per_page = 199;
|
||||
const paginated_url = new URL(url, document.location.origin);
|
||||
paginated_url.searchParams.set("page_size", max_per_page.toString());
|
||||
paginated_url.searchParams.set("page", "1");
|
||||
|
||||
let first_page = (await ( await fetch(paginated_url)).json());
|
||||
let results = first_page.results;
|
||||
|
||||
const nb_pictures = first_page.count
|
||||
const nb_pages = Math.ceil(nb_pictures / max_per_page);
|
||||
|
||||
if (nb_pages > 1) {
|
||||
let promises = [];
|
||||
for (let i = 2; i <= nb_pages; i++) {
|
||||
paginated_url.searchParams.set("page", i.toString());
|
||||
promises.push(
|
||||
fetch(paginated_url).then(res => res.json().then(json => json.results))
|
||||
);
|
||||
}
|
||||
results.push(...await Promise.all(promises))
|
||||
}
|
||||
return results;
|
||||
}
|
||||
|
261
core/static/core/js/sith-select2.js
Normal file
261
core/static/core/js/sith-select2.js
Normal file
@ -0,0 +1,261 @@
|
||||
/**
|
||||
* Builders to use Select2 in our templates.
|
||||
*
|
||||
* This comes with two flavours : local data or remote data.
|
||||
*
|
||||
* # Local data source
|
||||
*
|
||||
* To use local data source, you must define an array
|
||||
* in your JS code, having the fields `id` and `text`.
|
||||
*
|
||||
* ```js
|
||||
* const data = [
|
||||
* {id: 1, text: "foo"},
|
||||
* {id: 2, text: "bar"},
|
||||
* ];
|
||||
* document.addEventListener("DOMContentLoaded", () => sithSelect2({
|
||||
* element: document.getElementById("select2-input"),
|
||||
* data_source: local_data_source(data)
|
||||
* }));
|
||||
* ```
|
||||
*
|
||||
* You can also define a callback that return ids to exclude :
|
||||
*
|
||||
* ```js
|
||||
* const data = [
|
||||
* {id: 1, text: "foo"},
|
||||
* {id: 2, text: "bar"},
|
||||
* {id: 3, text: "to exclude"},
|
||||
* ];
|
||||
* document.addEventListener("DOMContentLoaded", () => sithSelect2({
|
||||
* element: document.getElementById("select2-input"),
|
||||
* data_source: local_data_source(data, {
|
||||
* excluded: () => data.filter((i) => i.text === "to exclude").map((i) => parseInt(i))
|
||||
* })
|
||||
* }));
|
||||
* ```
|
||||
*
|
||||
* # Remote data source
|
||||
*
|
||||
* Select2 with remote data sources are similar to those with local
|
||||
* data, but with some more parameters, like `result_converter`,
|
||||
* which takes a callback that must return a `Select2Object`.
|
||||
*
|
||||
* ```js
|
||||
* document.addEventListener("DOMContentLoaded", () => sithSelect2({
|
||||
* element: document.getElementById("select2-input"),
|
||||
* data_source: remote_data_source("/api/user/search", {
|
||||
* excluded: () => [1, 2], // exclude users 1 and 2 from the search
|
||||
* result_converter: (user) => Object({id: user.id, text: user.first_name})
|
||||
* })
|
||||
* }));
|
||||
* ```
|
||||
*
|
||||
* # Overrides
|
||||
*
|
||||
* Dealing with a select2 may be complex.
|
||||
* That's why, when defining a select,
|
||||
* you may add an override parameter,
|
||||
* in which you can declare any parameter defined in the
|
||||
* Select2 documentation.
|
||||
*
|
||||
* ```js
|
||||
* document.addEventListener("DOMContentLoaded", () => sithSelect2({
|
||||
* element: document.getElementById("select2-input"),
|
||||
* data_source: remote_data_source("/api/user/search", {
|
||||
* result_converter: (user) => Object({id: user.id, text: user.first_name}),
|
||||
* overrides: {
|
||||
* delay: 500
|
||||
* }
|
||||
* })
|
||||
* }));
|
||||
* ```
|
||||
*
|
||||
* # Caveats with exclude
|
||||
*
|
||||
* With local data source, select2 evaluates the data only once.
|
||||
* Thus, modify the exclude after the initialisation is a no-op.
|
||||
*
|
||||
* With remote data source, the exclude list will be evaluated
|
||||
* after each api response.
|
||||
* It makes it possible to bind the data returned by the callback
|
||||
* to some reactive data, thus making the exclude list dynamic.
|
||||
*
|
||||
* # Images
|
||||
*
|
||||
* Sometimes, you would like to display an image besides
|
||||
* the text on the select items.
|
||||
* In this case, fill the `picture_getter` option :
|
||||
*
|
||||
* ```js
|
||||
* document.addEventListener("DOMContentLoaded", () => sithSelect2({
|
||||
* element: document.getElementById("select2-input"),
|
||||
* data_source: remote_data_source("/api/user/search", {
|
||||
* result_converter: (user) => Object({id: user.id, text: user.first_name})
|
||||
* })
|
||||
* picture_getter: (user) => user.profile_pict,
|
||||
* }));
|
||||
* ```
|
||||
*
|
||||
* # Binding with alpine
|
||||
*
|
||||
* You can declare your select2 component in an Alpine data.
|
||||
*
|
||||
* ```html
|
||||
* <body>
|
||||
* <div x-data="select2_test">
|
||||
* <select x-ref="search" x-ref="select"></select>
|
||||
* <p x-text="current_selection.id"></p>
|
||||
* <p x-text="current_selection.text"></p>
|
||||
* </div>
|
||||
* </body>
|
||||
*
|
||||
* <script>
|
||||
* document.addEventListener("alpine:init", () => {
|
||||
* Alpine.data("select2_test", () => ({
|
||||
* selector: undefined,
|
||||
* current_select: {id: "", text: ""},
|
||||
*
|
||||
* init() {
|
||||
* this.selector = sithSelect2({
|
||||
* element: $(this.$refs.select),
|
||||
* data_source: local_data_source(
|
||||
* [{id: 1, text: "foo"}, {id: 2, text: "bar"}]
|
||||
* ),
|
||||
* });
|
||||
* this.selector.on("select2:select", (event) => {
|
||||
* // select2 => Alpine signals here
|
||||
* this.current_select = this.selector.select2("data")
|
||||
* });
|
||||
* this.$watch("current_selected" (value) => {
|
||||
* // Alpine => select2 signals here
|
||||
* });
|
||||
* },
|
||||
* }));
|
||||
* })
|
||||
* </script>
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef Select2Object
|
||||
* @property {number} id
|
||||
* @property {string} text
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef Select2Options
|
||||
* @property {Element} element
|
||||
* @property {Object} data_source
|
||||
* the data source, built with `local_data_source` or `remote_data_source`
|
||||
* @property {number[]} excluded A list of ids to exclude from search
|
||||
* @property {undefined | function(Object): string} picture_getter
|
||||
* A callback to get the picture field from the API response
|
||||
* @property {Object | undefined} overrides
|
||||
* Any other select2 parameter to apply on the config
|
||||
*/
|
||||
|
||||
/**
|
||||
* @param {Select2Options} options
|
||||
*/
|
||||
function sithSelect2(options) {
|
||||
const elem = $(options.element);
|
||||
return elem.select2({
|
||||
theme: elem[0].multiple ? "classic" : "default",
|
||||
minimumInputLength: 2,
|
||||
templateResult: select_item_builder(options.picture_getter),
|
||||
...options.data_source,
|
||||
...(options.overrides || {}),
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @typedef LocalSourceOptions
|
||||
* @property {undefined | function(): number[]} excluded
|
||||
* A callback to the ids to exclude from the search
|
||||
*/
|
||||
|
||||
/**
|
||||
* Build a data source for a Select2 from a local array
|
||||
* @param {Select2Object[]} source The array containing the data
|
||||
* @param {RemoteSourceOptions} options
|
||||
*/
|
||||
function local_data_source(source, options) {
|
||||
if (!!options.excluded) {
|
||||
const ids = options.excluded();
|
||||
return { data: source.filter((i) => !ids.includes(i.id)) };
|
||||
}
|
||||
return { data: source };
|
||||
}
|
||||
|
||||
/**
|
||||
* @typedef RemoteSourceOptions
|
||||
* @property {undefined | function(): number[]} excluded
|
||||
* A callback to the ids to exclude from the search
|
||||
* @property {undefined | function(): Select2Object} result_converter
|
||||
* A converter for a value coming from the remote api
|
||||
* @property {undefined | Object} overrides
|
||||
* Any other select2 parameter to apply on the config
|
||||
*/
|
||||
|
||||
/**
|
||||
* Build a data source for a Select2 from a remote url
|
||||
* @param {string} source The url of the endpoint
|
||||
* @param {RemoteSourceOptions} options
|
||||
*/
|
||||
function remote_data_source(source, options) {
|
||||
jQuery.ajaxSettings.traditional = true;
|
||||
let params = {
|
||||
url: source,
|
||||
dataType: "json",
|
||||
cache: true,
|
||||
delay: 250,
|
||||
data: function (params) {
|
||||
return {
|
||||
search: params.term,
|
||||
exclude: [
|
||||
...(this.val() || []).map((i) => parseInt(i)),
|
||||
...(options.excluded ? options.excluded() : []),
|
||||
],
|
||||
};
|
||||
},
|
||||
};
|
||||
if (!!options.result_converter) {
|
||||
params["processResults"] = function (data) {
|
||||
return { results: data.results.map(options.result_converter) };
|
||||
};
|
||||
}
|
||||
if (!!options.overrides) {
|
||||
Object.assign(params, options.overrides);
|
||||
}
|
||||
return { ajax: params };
|
||||
}
|
||||
|
||||
function item_formatter(user) {
|
||||
if (user.loading) {
|
||||
return user.text;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Build a function to display the results
|
||||
* @param {null | function(Object):string} picture_getter
|
||||
* @return {function(string): jQuery|HTMLElement}
|
||||
*/
|
||||
function select_item_builder(picture_getter) {
|
||||
return (item) => {
|
||||
const picture =
|
||||
typeof picture_getter === "function" ? picture_getter(item) : null;
|
||||
const img_html = picture
|
||||
? `<img
|
||||
src="${picture_getter(item)}"
|
||||
alt="${item.text}"
|
||||
onerror="this.src = '/static/core/img/unknown.jpg'"
|
||||
/>`
|
||||
: "";
|
||||
|
||||
return $(`<div class="select-item">
|
||||
${img_html}
|
||||
<span class="select-item-text">${item.text}</span>
|
||||
</div>`);
|
||||
};
|
||||
}
|
@ -615,6 +615,38 @@ a:not(.button) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
.select2 {
|
||||
margin: 10px 0!important;
|
||||
max-width: 100%;
|
||||
min-width: 100%;
|
||||
|
||||
ul {
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
textarea {
|
||||
background-color: inherit;
|
||||
}
|
||||
|
||||
.select2-container--default {
|
||||
color: black;
|
||||
}
|
||||
}
|
||||
.select2-results {
|
||||
.select-item {
|
||||
display: flex;
|
||||
flex-direction: row;
|
||||
gap: 10px;
|
||||
align-items: center;
|
||||
|
||||
img {
|
||||
max-height: 40px;
|
||||
border-radius: 50%;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#news_details {
|
||||
display: inline-block;
|
||||
margin-top: 20px;
|
||||
@ -1170,13 +1202,6 @@ u,
|
||||
}
|
||||
}
|
||||
|
||||
/* XXX This seems to be used in the SAS */
|
||||
#pict {
|
||||
display: inline-block;
|
||||
width: 80%;
|
||||
background: hsl(0, 0%, 20%);
|
||||
border: solid hsl(0, 0%, 20%) 2px;
|
||||
}
|
||||
/*--------------------------------MATMAT-------------------------------*/
|
||||
.matmat_results {
|
||||
display: flex;
|
||||
|
1
core/static/vendored/select2/select2.min.css
vendored
Normal file
1
core/static/vendored/select2/select2.min.css
vendored
Normal file
File diff suppressed because one or more lines are too long
2
core/static/vendored/select2/select2.min.js
vendored
Normal file
2
core/static/vendored/select2/select2.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
@ -11,6 +11,7 @@
|
||||
<link rel="stylesheet" href="{{ scss('core/markdown.scss') }}">
|
||||
<link rel="stylesheet" href="{{ scss('core/header.scss') }}">
|
||||
<link rel="stylesheet" href="{{ scss('core/navbar.scss') }}">
|
||||
<link rel="stylesheet" href="{{ static('vendored/select2/select2.min.css') }}">
|
||||
|
||||
{% block jquery_css %}
|
||||
{# Thile file is quite heavy (around 250kb), so declaring it in a block allows easy removal #}
|
||||
@ -24,6 +25,9 @@
|
||||
<script src="{{ static('vendored/jquery/jquery-3.6.2.min.js') }}"></script>
|
||||
<!-- Put here to always have acces to those functions on django widgets -->
|
||||
<script src="{{ static('core/js/script.js') }}"></script>
|
||||
<script defer src="{{ static('vendored/select2/select2.min.js') }}"></script>
|
||||
<script defer src="{{ static('core/js/sith-select2.js') }}"></script>
|
||||
|
||||
|
||||
{% block additional_css %}{% endblock %}
|
||||
{% block additional_js %}{% endblock %}
|
||||
|
@ -65,17 +65,29 @@
|
||||
|
||||
{{ super() }}
|
||||
<script>
|
||||
/**
|
||||
* @typedef UserProfile
|
||||
* @property {number} id
|
||||
* @property {string} first_name
|
||||
* @property {string} last_name
|
||||
* @property {string} nick_name
|
||||
* @property {string} display_name
|
||||
* @property {string} profile_url
|
||||
* @property {string} profile_pict
|
||||
*/
|
||||
/**
|
||||
* @typedef Picture
|
||||
* @property {number} id
|
||||
* @property {string} name
|
||||
* @property {number} size
|
||||
* @property {string} date
|
||||
* @property {Object} author
|
||||
* @property {UserProfile} owner
|
||||
* @property {string} full_size_url
|
||||
* @property {string} compressed_url
|
||||
* @property {string} thumb_url
|
||||
* @property {string} album
|
||||
* @property {boolean} is_moderated
|
||||
* @property {boolean} asked_for_removal
|
||||
*/
|
||||
|
||||
document.addEventListener("alpine:init", () => {
|
||||
@ -86,7 +98,7 @@
|
||||
albums: {},
|
||||
|
||||
async init() {
|
||||
this.pictures = await this.get_pictures();
|
||||
this.pictures = await fetch_paginated("{{ url("api:pictures") }}" + "?users_identified={{ object.id }}");
|
||||
this.albums = this.pictures.reduce((acc, picture) => {
|
||||
if (!acc[picture.album]){
|
||||
acc[picture.album] = [];
|
||||
@ -97,34 +109,6 @@
|
||||
this.loading = false;
|
||||
},
|
||||
|
||||
/**
|
||||
* @return {Promise<Picture[]>}
|
||||
*/
|
||||
async get_pictures() {
|
||||
{# The API forbids to get more than 199 items at once
|
||||
from paginated routes.
|
||||
In order to download all the user pictures, it may be needed
|
||||
to performs multiple requests #}
|
||||
const max_per_page = 199;
|
||||
const url = "{{ url("api:pictures") }}"
|
||||
+ "?users_identified={{ object.id }}"
|
||||
+ `&page_size=${max_per_page}`;
|
||||
|
||||
let first_page = (await ( await fetch(url)).json());
|
||||
let promises = [first_page.results];
|
||||
|
||||
const nb_pictures = first_page.count
|
||||
const nb_pages = Math.ceil(nb_pictures / max_per_page);
|
||||
|
||||
for (let i = 2; i <= nb_pages; i++) {
|
||||
promises.push(
|
||||
fetch(url + `&page=${i}`).then(res => res.json().then(json => json.results))
|
||||
);
|
||||
}
|
||||
return (await Promise.all(promises)).flat()
|
||||
},
|
||||
|
||||
|
||||
async download_zip(){
|
||||
this.is_downloading = true;
|
||||
const bar = this.$refs.progress;
|
||||
|
Reference in New Issue
Block a user