Skip to content

Commit

Permalink
Handle misconfigurations and edgecases
Browse files Browse the repository at this point in the history
  • Loading branch information
krishnans2006 committed Sep 4, 2023
1 parent 4d3a98e commit 66fcdec
Show file tree
Hide file tree
Showing 17 changed files with 124 additions and 78 deletions.
6 changes: 3 additions & 3 deletions homecoming/apps/announcements/forms.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ def __init__(self, user, *args, **kwargs):
super().__init__(*args, **kwargs)

if not user.has_management_permission:
self.fields["class_group"].queryset = self.fields["class_group"].queryset.filter(
id=user.class_group.id
)
self.fields["class_group"].queryset = self.fields[
"class_group"
].queryset.filter(id=user.class_group.id)

def clean(self):
cleaned_data = self.cleaned_data
Expand Down
33 changes: 24 additions & 9 deletions homecoming/apps/announcements/migrations/0001_initial.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,37 @@ class Migration(migrations.Migration):
initial = True

dependencies = [
('authentication', '0004_user_is_hoco_admin'),
("authentication", "0004_user_is_hoco_admin"),
]

operations = [
migrations.CreateModel(
name='Announcement',
name="Announcement",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=128)),
('description', models.TextField(max_length=48000)),
('start_time', models.DateTimeField()),
('end_time', models.DateTimeField()),
('class_group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='announcements', to='authentication.classgroup')),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("name", models.CharField(max_length=128)),
("description", models.TextField(max_length=48000)),
("start_time", models.DateTimeField()),
("end_time", models.DateTimeField()),
(
"class_group",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
related_name="announcements",
to="authentication.classgroup",
),
),
],
options={
'ordering': ('start_time',),
"ordering": ("start_time",),
},
),
]
6 changes: 5 additions & 1 deletion homecoming/apps/announcements/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@

urlpatterns = [
path("create/", views.create_announcement_view, name="create_announcement_page"),
path("edit/<int:announcement_id>/", views.edit_announcement_view, name="edit_announcement"),
path(
"edit/<int:announcement_id>/",
views.edit_announcement_view,
name="edit_announcement",
),
path(
"delete/<int:pk>",
management_or_class_group_admin_only(views.DeleteAnnouncementView.as_view()),
Expand Down
16 changes: 9 additions & 7 deletions homecoming/apps/announcements/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,12 @@

from django import http
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.http import HttpRequest, HttpResponse, JsonResponse
from django.shortcuts import redirect, render, get_object_or_404
from django.http import HttpRequest, HttpResponse
from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse, reverse_lazy
from django.views.generic.edit import DeleteView

from ..auth.decorators import management_only, management_or_class_group_admin_only
from ..scores.models import ScoreBoard
from ..auth.decorators import management_or_class_group_admin_only
from .forms import AnnouncementForm
from .models import Announcement

Expand Down Expand Up @@ -83,7 +81,9 @@ def edit_announcement_view(request: HttpRequest, announcement_id: int) -> HttpRe
raise http.Http404

if request.method == "POST":
form = AnnouncementForm(data=request.POST, instance=announcement, user=request.user)
form = AnnouncementForm(
data=request.POST, instance=announcement, user=request.user
)
if form.is_valid():
form.save()
messages.info(request, "Announcement edited!")
Expand All @@ -92,7 +92,9 @@ def edit_announcement_view(request: HttpRequest, announcement_id: int) -> HttpRe
form = AnnouncementForm(instance=announcement, user=request.user)

return render(
request, "announcements/announcement_form.html", {"form": form, "id": announcement_id}
request,
"announcements/announcement_form.html",
{"form": form, "id": announcement_id},
)


Expand Down
2 changes: 1 addition & 1 deletion homecoming/apps/auth/admin.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from django.contrib import admin

from .models import User, ClassGroup
from .models import ClassGroup, User

admin.site.register(User)
admin.site.register(ClassGroup)
3 changes: 2 additions & 1 deletion homecoming/apps/auth/decorators.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
)

management_or_class_group_admin_only = user_passes_test(
lambda u: u.is_authenticated and (u.has_management_permission or u.is_class_group_admin)
lambda u: u.is_authenticated
and (u.has_management_permission or u.is_class_group_admin)
)
1 change: 0 additions & 1 deletion homecoming/apps/auth/forms.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import bleach

from django import forms
from django.core.exceptions import ValidationError

from .models import ClassGroup

Expand Down
24 changes: 16 additions & 8 deletions homecoming/apps/auth/migrations/0003_auto_20230901_1648.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,30 @@
class Migration(migrations.Migration):

dependencies = [
('authentication', '0002_auto_20201107_1851'),
("authentication", "0002_auto_20201107_1851"),
]

operations = [
migrations.CreateModel(
name='ClassGroup',
name="ClassGroup",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=128)),
('username_prefix', models.CharField(max_length=4)),
('message', models.TextField(blank=True, max_length=48000, null=True)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("name", models.CharField(max_length=128)),
("username_prefix", models.CharField(max_length=4)),
("message", models.TextField(blank=True, max_length=48000, null=True)),
],
),
migrations.AddField(
model_name='user',
name='is_class_group_admin',
model_name="user",
name="is_class_group_admin",
field=models.BooleanField(default=False),
),
]
6 changes: 3 additions & 3 deletions homecoming/apps/auth/migrations/0004_user_is_hoco_admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@
class Migration(migrations.Migration):

dependencies = [
('authentication', '0003_auto_20230901_1648'),
("authentication", "0003_auto_20230901_1648"),
]

operations = [
migrations.AddField(
model_name='user',
name='is_hoco_admin',
model_name="user",
name="is_hoco_admin",
field=models.BooleanField(default=False),
),
]
6 changes: 3 additions & 3 deletions homecoming/apps/auth/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ def class_group(self):

@property
def has_management_permission(self) -> bool:
return self.is_hoco_admin or self.is_teacher or self.is_staff or self.is_superuser
return (
self.is_hoco_admin or self.is_teacher or self.is_staff or self.is_superuser
)

@property
def short_name(self):
Expand All @@ -40,8 +42,6 @@ class ClassGroup(models.Model):
message = models.TextField(max_length=48000, blank=True, null=True)

def has_user(self, user: User) -> bool:
if self.username_prefix == "_":
return True
return user.username.startswith(self.username_prefix)

def __str__(self):
Expand Down
14 changes: 7 additions & 7 deletions homecoming/apps/auth/views.py
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
from django import http
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.http import HttpRequest, HttpResponse, JsonResponse
from django.shortcuts import redirect, render, get_object_or_404
from django.urls import reverse, reverse_lazy
from django.views.generic.edit import DeleteView
from django.http import HttpRequest, HttpResponse
from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse

from .decorators import management_or_class_group_admin_only
from .models import ClassGroup
from .forms import ClassGroupForm
from .models import ClassGroup


def login(request: HttpRequest) -> HttpResponse:
Expand All @@ -35,4 +33,6 @@ def edit_class_group_view(request: HttpRequest, class_group_id: int) -> HttpResp
else:
form = ClassGroupForm(instance=class_group)

return render(request, "auth/class_group_form.html", {"form": form, "id": class_group_id})
return render(
request, "auth/class_group_form.html", {"form": form, "id": class_group_id}
)
32 changes: 22 additions & 10 deletions homecoming/apps/base/views.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
import datetime

from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.db.models import Sum
Expand All @@ -8,19 +6,25 @@
from django.urls import reverse
from django.utils import timezone

from ..announcements.models import Announcement
from ..auth.decorators import management_only
from ..auth.models import ClassGroup
from ..announcements.models import Announcement
from ..events.models import Event
from ..scores.models import ScoreBoard


@login_required
def index_view(request: HttpRequest) -> HttpResponse:
# Combine class group announcements and global announcements
all_announcements = request.user.class_group.announcements.all() | Announcement.objects.filter(
class_group__username_prefix="_"
)
if request.user.class_group:
all_announcements = (
request.user.class_group.announcements.all()
| Announcement.objects.filter(class_group__username_prefix="_")
)
else:
all_announcements = Announcement.objects.filter(
class_group__username_prefix="_"
)
announcements = (
all_announcements.filter(end_time__gte=timezone.now())
.filter(start_time__lte=timezone.now())
Expand All @@ -38,8 +42,12 @@ def index_view(request: HttpRequest) -> HttpResponse:
"sophomore_total": ScoreBoard.objects.aggregate(Sum("sophomore_score"))[
"sophomore_score__sum"
],
"junior_total": ScoreBoard.objects.aggregate(Sum("junior_score"))["junior_score__sum"],
"senior_total": ScoreBoard.objects.aggregate(Sum("senior_score"))["senior_score__sum"],
"junior_total": ScoreBoard.objects.aggregate(Sum("junior_score"))[
"junior_score__sum"
],
"senior_total": ScoreBoard.objects.aggregate(Sum("senior_score"))[
"senior_score__sum"
],
}

if ClassGroup.objects.filter(username_prefix="_").exists():
Expand All @@ -59,8 +67,12 @@ def api_view(request: HttpRequest) -> JsonResponse:
"sophomore_total": ScoreBoard.objects.aggregate(Sum("sophomore_score"))[
"sophomore_score__sum"
],
"junior_total": ScoreBoard.objects.aggregate(Sum("junior_score"))["junior_score__sum"],
"senior_total": ScoreBoard.objects.aggregate(Sum("senior_score"))["senior_score__sum"],
"junior_total": ScoreBoard.objects.aggregate(Sum("junior_score"))[
"junior_score__sum"
],
"senior_total": ScoreBoard.objects.aggregate(Sum("senior_score"))[
"senior_score__sum"
],
}
resp = JsonResponse(context)
resp["Access-Control-Allow-Origin"] = "*"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@
class Migration(migrations.Migration):

dependencies = [
('scores', '0002_auto_20200715_2206'),
("scores", "0002_auto_20200715_2206"),
]

operations = [
migrations.AddField(
model_name='scoreboard',
name='staff_score',
model_name="scoreboard",
name="staff_score",
field=models.IntegerField(default=0),
),
]
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
class Migration(migrations.Migration):

dependencies = [
('scores', '0003_scoreboard_staff_score'),
("scores", "0003_scoreboard_staff_score"),
]

operations = [
migrations.RemoveField(
model_name='scoreboard',
name='staff_score',
model_name="scoreboard",
name="staff_score",
),
]
4 changes: 3 additions & 1 deletion homecoming/settings/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@
}

AUTH_PASSWORD_VALIDATORS = [
{"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"
},
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
Expand Down
Loading

0 comments on commit 66fcdec

Please sign in to comment.