SELab-2 · robinpdev · Mar 14, 2024 · Mar 2, 2024 · Mar 2, 2024 · Mar 2, 2024
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,22 @@
+name: Backend test CI
+
+on:
+  - pull_request
+
+jobs:
+  backend-test:
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        working-directory: ./
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r ./backend/requirements.txt
+      - name: Running Django tests
+        run: |
+          sh ./backend/runtests.sh
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 .env
 django/db.sqlite3
 backend/db.sqlite3
+backend/uploads
 venv/
 .venv/
 

diff --git a/Makefile b/Makefile
@@ -6,4 +6,17 @@ stop:
 
 lint:
 	docker exec pigeonhole-backend flake8 .
-	docker exec pigeonhole-frontend npm run lint
+	docker exec pigeonhole-frontend npm run lint
+
+superuser:
+	docker exec -it pigeonhole-backend python manage.py createsuperuser
+
+reset:
+	docker image prune -af
+	docker system prune
+
+backendtest:
+	docker exec -it pigeonhole-backend sh /usr/src/app/backend/runtests.sh
+
+backendshell:
+	docker exec -it pigeonhole-backend sh
diff --git a/backend/pigeonhole/apps/courses/migrations/0001_initial.py b/backend/pigeonhole/apps/courses/migrations/0001_initial.py
@@ -1,9 +1,10 @@
-# Generated by Django 5.0.2 on 2024-03-02 21:03
+# Generated by Django 5.0.3 on 2024-03-12 22:52
 
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [

diff --git a/backend/pigeonhole/apps/courses/permissions.py b/backend/pigeonhole/apps/courses/permissions.py
@@ -0,0 +1,26 @@
+from rest_framework import permissions
+
+from backend.pigeonhole.apps.users.models import User
+from backend.pigeonhole.apps.courses.models import Course
+
+
+class CourseUserPermissions(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if request.user.is_admin or request.user.is_superuser:
+            return True
+
+        if request.user.is_teacher:
+            if view.action in ['create', 'list', 'retrieve']:
+                return True
+            elif view.action in ['update', 'partial_update', 'destroy', 'get_projects'] and User.objects.filter(
+                    id=request.user.id,
+                    course=view.kwargs[
+                        'pk']).exists():
+                return True
+            return
+
+        if request.user.is_student:
+            if view.action == 'get_projects':
+                return Course.objects.filter(course_id=view.kwargs['pk'], user=request.user).exists()
+            return view.action in ['list', 'retrieve']
+        return False
diff --git a/backend/pigeonhole/apps/courses/views.py b/backend/pigeonhole/apps/courses/views.py
@@ -0,0 +1,42 @@
+from rest_framework import viewsets, status
+from rest_framework.decorators import action
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+
+from backend.pigeonhole.apps.courses.models import CourseSerializer
+from backend.pigeonhole.apps.projects.models import Project
+from backend.pigeonhole.apps.projects.models import ProjectSerializer
+from .models import Course
+from .permissions import CourseUserPermissions
+
+
+class CourseViewSet(viewsets.ModelViewSet):
+    queryset = Course.objects.all()
+    serializer_class = CourseSerializer
+    permission_classes = [IsAuthenticated, CourseUserPermissions]
+
+    def perform_create(self, serializer):
+        course = serializer.save()
+        user = self.request.user
+        user.course.add(course)
+
+    @action(detail=True, methods=['post'])
+    def join_course(self, request, *args, **kwargs):
+        course = self.get_object()
+        user = request.user
+
+        user.course.add(course)
+        return Response(status=status.HTTP_200_OK)
+
+    @action(detail=False, methods=['GET'])
+    def get_selected_courses(self, request, *args, **kwargs):
+        user = request.user
+        courses = user.course.all()
+        serializer = CourseSerializer(courses, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+    @action(detail=True, methods=['GET'])
+    def get_projects(self, request, *args, **kwargs):
+        course = self.get_object()
+        projects = Project.objects.filter(course_id=course)
+        return Response(ProjectSerializer(projects, many=True).data, status=status.HTTP_200_OK)
diff --git a/backend/pigeonhole/apps/groups/migrations/0001_initial.py b/backend/pigeonhole/apps/groups/migrations/0001_initial.py
@@ -1,10 +1,11 @@
-# Generated by Django 5.0.2 on 2024-03-02 21:03
+# Generated by Django 5.0.3 on 2024-03-12 22:52
 
 import django.db.models.deletion
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [
@@ -16,9 +17,10 @@ class Migration(migrations.Migration):
             name='Group',
             fields=[
                 ('group_id', models.BigAutoField(primary_key=True, serialize=False)),
-                ('group_nr', models.IntegerField()),
+                ('group_nr', models.IntegerField(blank=True, null=True)),
                 ('feedback', models.TextField(null=True)),
-                ('final_score', models.IntegerField()),
+                ('final_score', models.IntegerField(blank=True, null=True)),
+                ('visible', models.BooleanField(default=True)),
                 ('project_id', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='projects.project')),
             ],
         ),

diff --git a/backend/pigeonhole/apps/groups/migrations/0002_initial.py b/backend/pigeonhole/apps/groups/migrations/0002_initial.py
@@ -1,20 +1,22 @@
-# Generated by Django 5.0.2 on 2024-03-02 21:03
+# Generated by Django 5.0.3 on 2024-03-12 22:52
 
+from django.conf import settings
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [
         ('groups', '0001_initial'),
-        ('users', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
         migrations.AddField(
             model_name='group',
-            name='student',
-            field=models.ManyToManyField(to='users.student'),
+            name='user',
+            field=models.ManyToManyField(to=settings.AUTH_USER_MODEL),
         ),
     ]
diff --git a/...s/migrations/0003_alter_group_group_nr.py → ...ps/migrations/0003_alter_group_visible.py b/...s/migrations/0003_alter_group_group_nr.py → ...ps/migrations/0003_alter_group_visible.py
@@ -1,4 +1,4 @@
-# Generated by Django 5.0.2 on 2024-03-07 20:30
+# Generated by Django 5.0.3 on 2024-03-13 11:04
 
 from django.db import migrations, models
 
@@ -12,7 +12,7 @@ class Migration(migrations.Migration):
     operations = [
         migrations.AlterField(
             model_name='group',
-            name='group_nr',
-            field=models.IntegerField(blank=True, null=True),
+            name='visible',
+            field=models.BooleanField(default=False),
         ),
     ]
diff --git a/backend/pigeonhole/apps/groups/migrations/0004_alter_group_final_score.py b/backend/pigeonhole/apps/groups/migrations/0004_alter_group_final_score.py
diff --git a/backend/pigeonhole/apps/groups/migrations/0004_alter_group_user.py b/backend/pigeonhole/apps/groups/migrations/0004_alter_group_user.py
@@ -0,0 +1,20 @@
+# Generated by Django 5.0.3 on 2024-03-13 18:34
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('groups', '0003_alter_group_visible'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='group',
+            name='user',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL),
+        ),
+    ]
diff --git a/backend/pigeonhole/apps/groups/models.py b/backend/pigeonhole/apps/groups/models.py
@@ -1,31 +1,68 @@
+from django.core.exceptions import ValidationError
 from django.db import models
 from rest_framework import serializers
 
 from backend.pigeonhole.apps.projects.models import Project
-from backend.pigeonhole.apps.users.models import Student
+from backend.pigeonhole.apps.users.models import User
 
 
 class Group(models.Model):
     group_id = models.BigAutoField(primary_key=True)
     group_nr = models.IntegerField(blank=True, null=True)
     project_id = models.ForeignKey(Project, on_delete=models.CASCADE)
-    student = models.ManyToManyField(Student)
+    user = models.ManyToManyField(User, blank=True)
     feedback = models.TextField(null=True)
     final_score = models.IntegerField(null=True, blank=True)
+    visible = models.BooleanField(null=False, default=False)
 
     objects = models.Manager()
 
+    # a student can only be in one group per project
+    def clean(self):
+        if self.user.exists():  # Only validate if there are users
+            for student in self.user.all():
+                existing_groups = Group.objects.filter(
+                    project_id=self.project_id, user=student).exclude(
+                    group_id=self.group_id)
+                if existing_groups.exists():
+                    raise ValidationError(f"Student {student} is already part of "
+                                          "another group in this project.")
+
+    # a student can only be in one group per project, group_nr is
+    # automatically assigned and unique per project
     def save(self, *args, **kwargs):
         if not self.group_id:
             if self.group_nr is None:
                 max_group_nr = Group.objects.filter(
                     project_id=self.project_id).aggregate(
-                        models.Max('group_nr'))['group_nr__max'] or 0
+                    models.Max('group_nr'))['group_nr__max'] or 0
                 self.group_nr = max_group_nr + 1
         super().save(*args, **kwargs)
 
 
 class GroupSerializer(serializers.ModelSerializer):
     class Meta:
         model = Group
-        fields = ["group_id", "group_nr", "final_score", "project_id", "student"]
+        fields = ["group_id", "group_nr", "final_score", "project_id", "user", "feedback", "visible"]
+
+    def to_representation(self, instance):
+        data = super().to_representation(instance)
+        request = self.context.get('request')
+
+        # if student not in group always hide final_score and feedback
+        if request and request.user.is_student and not instance.user.filter(
+                pk=request.user.pk).exists():
+            if 'final_score' in data:
+                del data['final_score']
+            if 'feedback' in data:
+                del data['feedback']
+            return data
+
+        # Check if the user is a student and the group is not visible
+        if request and request.user.is_student and not instance.visible:
+            # Hide sensitive information for students
+            if 'final_score' in data:
+                del data['final_score']
+            if 'feedback' in data:
+                del data['feedback']
+        return data
diff --git a/backend/pigeonhole/apps/groups/permission.py b/backend/pigeonhole/apps/groups/permission.py
@@ -0,0 +1,49 @@
+from rest_framework.response import Response
+from rest_framework import permissions, status
+
+from backend.pigeonhole.apps.groups.models import Group
+from backend.pigeonhole.apps.projects.models import Project
+
+
+class CanAccessGroup(permissions.BasePermission):
+    # Custom user class to check if the user can join a group.
+    def has_permission(self, request, view):
+        if not request.user.is_authenticated:
+            # If user is not authenticated, deny permission
+            return False
+
+        if view.action in ['create', 'list']:
+            return False
+
+        user = request.user
+        group_id = int(view.kwargs.get('pk'))
+        if not Group.objects.filter(group_id=group_id).exists():
+            if user.is_admin or user.is_superuser:
+                return Response(status=status.HTTP_404_NOT_FOUND)
+            return False
+
+        project_id = Group.objects.get(group_id=group_id).project_id.project_id
+        if not Project.objects.filter(project_id=project_id).exists():
+            if user.is_admin or user.is_superuser:
+                return Response(status=status.HTTP_404_NOT_FOUND)
+            return False
+
+        course_id = Project.objects.get(project_id=project_id).course_id.course_id
+        if user.is_admin or user.is_superuser:
+            return view.action not in ['join', 'leave']
+        elif user.is_teacher:
+            if user.course.filter(course_id=course_id).exists():
+                return view.action in ['retrieve', 'get_submissions', 'update', 'partial_update']
+        elif user.is_student:
+            if user.course.filter(course_id=course_id).exists():
+                # check if the user is already in the group
+                if Group.objects.get(group_id=group_id).user.filter(id=user.id).exists():
+                    return view.action in ['retrieve', 'get_submissions', 'leave']
+                elif Group.objects.get(group_id=group_id).user.count() < Project.objects.get(
+                        project_id=project_id).group_size:
+                    return view.action in ['retrieve', 'get_submissions', 'join']
+                elif view.action in ['join']:
+                    return Response({'message': 'Group is full'}, status=status.HTTP_400_BAD_REQUEST)
+                elif view.action in ['leave']:
+                    return Response({'message': 'User is not in the group'}, status=status.HTTP_400_BAD_REQUEST)
+        return False