Authentication

.github/workflows/test.yml

@@ -0,0 +1,22 @@
+name: Backend test CI
+
+on:
+  - pull_request
+
+jobs:
+  backend-test:
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        working-directory: ./
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r ./backend/requirements.txt
+      - name: Running Django tests
+        run: |
+          sh ./backend/runtests.sh

.gitignore

@@ -2,6 +2,7 @@
 .env
 django/db.sqlite3
 backend/db.sqlite3
+backend/uploads
 venv/
 .venv/
 

Makefile

@@ -6,4 +6,17 @@ stop:
 
 lint:
 	docker exec pigeonhole-backend flake8 .
-	docker exec pigeonhole-frontend npm run lint
+	docker exec pigeonhole-frontend npm run lint
+
+superuser:
+    docker exec -it pigeonhole-backend python manage.py createsuperuser
+
+reset:
+    docker image prune -af
+    docker system prune
+
+backendtest:
+	docker exec -it pigeonhole-backend sh /usr/src/app/backend/runtests.sh
+
+backendshell:
+	docker exec -it pigeonhole-backend sh

backend/pigeonhole/apps/courses/migrations/0001_initial.py

@@ -1,9 +1,10 @@
-# Generated by Django 5.0.2 on 2024-03-02 21:03
+# Generated by Django 5.0.2 on 2024-03-12 13:00
 
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [

backend/pigeonhole/apps/courses/permissions.py

@@ -0,0 +1,29 @@
+from rest_framework import permissions
+from backend.pigeonhole.apps.users.models import User
+
+
+class CourseUserPermissions(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_admin or request.user.is_superuser:
+            return True
+
+        if request.user.is_teacher:
+            return True
+
+        if request.user.is_student or request.user.is_teacher:
+            return view.action in ['list', 'retrieve']
+
+        return False
+
+    def has_object_permission(self, request, view, obj):
+        if request.user.is_admin or request.user.is_superuser:
+            return True
+        if request.user.is_teacher:
+            if User.objects.filter(id=request.user.id, course=obj).exists():
+                return True
+            return view.action in ['list', 'retrieve']
+
+        if request.user.is_student:
+            return view.action in ['list', 'retrieve']
+
+        return False

backend/pigeonhole/apps/courses/views.py

@@ -0,0 +1,71 @@
+from rest_framework import viewsets, status
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.decorators import action
+
+from backend.pigeonhole.apps.users.models import User
+from .models import Course, CourseSerializer
+from .permissions import CourseUserPermissions
+
+
+class CourseViewSet(viewsets.ModelViewSet):
+    queryset = Course.objects.all()
+    serializer_class = CourseSerializer
+    permission_classes = [IsAuthenticated, CourseUserPermissions]
+
+    def create(self, request, *args, **kwargs):
+        serializer = CourseSerializer(data=request.data)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_201_CREATED)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def update(self, request, *args, **kwargs):
+        course_id = kwargs.get('pk')
+        course = Course.objects.get(pk=course_id)
+        serializer = CourseSerializer(course, data=request.data)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def destroy(self, request, *args, **kwargs):
+        course_id = kwargs.get('pk')
+        course = Course.objects.get(pk=course_id)
+        course.delete()
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    def list(self, request, *args, **kwargs):
+        if request.user.is_admin or request.user.is_superuser:
+            serializer = CourseSerializer(self.queryset, many=True)
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        if request.user.is_teacher or request.user.is_student:
+            courses = User.objects.get(id=request.user.id).course.all()
+            serializer = CourseSerializer(courses, many=True)
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        serializer = CourseSerializer(self.queryset, many=True)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def retrieve(self, request, *args, **kwargs):
+        course_id = kwargs.get('pk')
+        course = Course.objects.get(pk=course_id)
+        serializer = CourseSerializer(course, many=False)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+    def partial_update(self, request, *args, **kwargs):
+        course_id = kwargs.get('pk')
+        course = Course.objects.get(pk=course_id)
+        serializer = CourseSerializer(course, data=request.data, partial=True)
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    @action(detail=True, methods=['post'])
+    def join_course(self, request, *args, **kwargs):
+        course_id = kwargs.get('pk')
+        course = Course.objects.get(pk=course_id)
+        user = User.objects.get(id=request.user.id)
+        user.course.add(course)
+        return Response(status=status.HTTP_200_OK)
+

backend/pigeonhole/apps/groups/migrations/0001_initial.py

@@ -1,10 +1,11 @@
-# Generated by Django 5.0.2 on 2024-03-02 21:03
+# Generated by Django 5.0.2 on 2024-03-12 13:00
 
 import django.db.models.deletion
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [
@@ -16,9 +17,9 @@ class Migration(migrations.Migration):
             name='Group',
             fields=[
                 ('group_id', models.BigAutoField(primary_key=True, serialize=False)),
-                ('group_nr', models.IntegerField()),
+                ('group_nr', models.IntegerField(blank=True, null=True)),
                 ('feedback', models.TextField(null=True)),
-                ('final_score', models.IntegerField()),
+                ('final_score', models.IntegerField(blank=True, null=True)),
                 ('project_id', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='projects.project')),
             ],
         ),

backend/pigeonhole/apps/groups/migrations/0002_initial.py

@@ -1,20 +1,22 @@
-# Generated by Django 5.0.2 on 2024-03-02 21:03
+# Generated by Django 5.0.2 on 2024-03-12 13:00
 
+from django.conf import settings
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [
         ('groups', '0001_initial'),
-        ('users', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
         migrations.AddField(
             model_name='group',
-            name='student',
-            field=models.ManyToManyField(to='users.student'),
+            name='user',
+            field=models.ManyToManyField(to=settings.AUTH_USER_MODEL),
         ),
     ]

backend/pigeonhole/apps/groups/models.py

@@ -1,31 +1,44 @@
 from django.db import models
 from rest_framework import serializers
+from django.core.exceptions import ValidationError
 
 from backend.pigeonhole.apps.projects.models import Project
-from backend.pigeonhole.apps.users.models import Student
+from backend.pigeonhole.apps.users.models import User
 
 
 class Group(models.Model):
     group_id = models.BigAutoField(primary_key=True)
     group_nr = models.IntegerField(blank=True, null=True)
     project_id = models.ForeignKey(Project, on_delete=models.CASCADE)
-    student = models.ManyToManyField(Student)
+    user = models.ManyToManyField(User)
     feedback = models.TextField(null=True)
     final_score = models.IntegerField(null=True, blank=True)
 
     objects = models.Manager()
 
+    # a student can only be in one group per project
+    def clean(self):
+        for student in self.student.all():
+            existing_groups = Group.objects.filter(
+                project_id=self.project_id, student=student).exclude(
+                group_id=self.group_id)
+            if existing_groups.exists():
+                raise ValidationError(f"Student {student} is already part of "
+                                      "another group in this project.")
+
+    # a student can only be in one group per project, group_nr is
+    # automatically assigned and unique per project
     def save(self, *args, **kwargs):
         if not self.group_id:
             if self.group_nr is None:
                 max_group_nr = Group.objects.filter(
                     project_id=self.project_id).aggregate(
-                        models.Max('group_nr'))['group_nr__max'] or 0
+                    models.Max('group_nr'))['group_nr__max'] or 0
                 self.group_nr = max_group_nr + 1
         super().save(*args, **kwargs)
 
 
 class GroupSerializer(serializers.ModelSerializer):
     class Meta:
         model = Group
-        fields = ["group_id", "group_nr", "final_score", "project_id", "student"]
+        fields = ["group_id", "group_nr", "final_score", "project_id", "user", "feedback"]

backend/pigeonhole/apps/groups/permission.py

@@ -0,0 +1,18 @@
+from rest_framework import permissions
+
+
+class CanAccessProject(permissions.BasePermission):
+    # Custom user class to check if the user can join a group.
+    def has_permission(self, request, view):
+        user = request.user
+        course_id = view.kwargs.get('course_id')
+
+        if user.is_admin or user.is_superuser:
+            return True
+        elif user.is_teacher:
+            if user.course.filter(course_id=course_id).exists():
+                return True
+        elif user.is_student:
+            if user.course.filter(course_id=course_id).exists():
+                return True
+        return False

backend/pigeonhole/apps/groups/views.py

@@ -0,0 +1,53 @@
+from django.shortcuts import get_object_or_404
+from rest_framework import viewsets, status
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+
+from backend.pigeonhole.apps.courses.models import Course
+from backend.pigeonhole.apps.groups.models import Group, GroupSerializer
+from backend.pigeonhole.apps.projects.models import Project
+
+# TODO tests for score/max_score
+
+
+class GroupViewSet(viewsets.ModelViewSet):
+    queryset = Group.objects.all()
+    serializer_class = GroupSerializer
+    permission_classes = [IsAuthenticated]
+
+    def create(self, request, *args, **kwargs):
+        # TODO zorg dat er geen 2 groepen met hetzelfde nummer kunnen zijn.
+        course_id = kwargs.get('course_id')
+
+        if request.user.is_teacher or request.user.is_admin or request.user.is_superuser:
+            # Check whether the course exists
+            get_object_or_404(Course, course_id=course_id)
+
+            serializer = GroupSerializer(data=request.data)
+            if serializer.is_valid():
+                serializer.save()
+                return Response(serializer.data, status=status.HTTP_201_CREATED)
+            else:
+                return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+        return Response({"message": "You are not allowed to create a new group."},
+                        status=status.HTTP_400_BAD_REQUEST)
+
+    def list(self, request, *args, **kwargs):
+        serializer = GroupSerializer(self.queryset, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+    def retrieve(self, request, *args, **kwargs):
+        course_id = kwargs.get('course_id')
+        project_id = kwargs.get('project_id')
+        group_id = kwargs.get('pk')
+
+        # Check whether the course exists
+        get_object_or_404(Course, course_id=course_id)
+
+        # Check whether the project exists
+        get_object_or_404(Project, pk=project_id)
+        group = get_object_or_404(Group, group_id=group_id)
+
+        serializer = GroupSerializer(instance=group, many=False)
+
+        return Response(serializer.data, status=status.HTTP_200_OK)