Merge pull request #298 from bounswe/privacy-settings

[Backend] Privacy settings
bounswe · Jan 1, 2022 · bf0217a · bf0217a
2 parents 7cb650c + dddf762
commit bf0217a
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 6 deletions.
diff --git a/backend/authentication/models.py b/backend/authentication/models.py
@@ -59,7 +59,7 @@ class User(AbstractUser):
 
     badges = ArrayField(models.CharField(max_length=30), default=empty_list)
 
-    privacy = models.BooleanField(default=True)
+    privacy = models.BooleanField(default=False)
 
     email = models.EmailField(_('email address'), blank=True, unique=True, error_messages={
             'unique': _("A user with that email address already exists."),

diff --git a/backend/profiles/serializers.py b/backend/profiles/serializers.py
@@ -4,9 +4,14 @@
 class ProfileSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
-        fields = ('id', 'first_name', 'last_name',
+        fields = ('id', 'first_name', 'last_name', 'username',
                   'bio', 'fav_sport_1', 'fav_sport_2', 'fav_sport_3',
-                  'location', 'avatar')
-        read_only_fields = ('id',)
+                  'location', 'avatar', 'privacy', 'badges')
+        read_only_fields = ('id', 'username', 'badges')
 
 
+class PrivateProfileSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ('id', 'username', 'avatar', 'privacy')
+        read_only_fields = ('id', 'username')
diff --git a/backend/profiles/views.py b/backend/profiles/views.py
@@ -1,6 +1,6 @@
 from authentication.models import User
 from eventposts.models import EventPost
-from .serializers import ProfileSerializer
+from .serializers import ProfileSerializer, PrivateProfileSerializer
 from eventposts.serializers import SimpleEventSerializer
 from rest_framework_simplejwt.authentication import JWTAuthentication
 from django.http import JsonResponse
@@ -34,6 +34,27 @@ class ProfileViewSet(MultipleFieldsLookupMixin, viewsets.ModelViewSet):
     lookup_fields = ('username', 'id')
     JWTauth = JWTAuthentication()
 
+    def get_serializer_class(self):
+        target = self.kwargs['pk']
+        if target.isdigit():
+            target = self.queryset.get(id=target).username
+
+        if self.action == 'retrieve':
+            private = self.queryset.get(username=target).privacy
+            if "HTTP_AUTHORIZATION" not in self.request.META:
+                if private:
+                    return PrivateProfileSerializer
+                else:
+                    return ProfileSerializer
+            user, _ = self.JWTauth.authenticate(self.request)
+            if target == user.username:
+                return ProfileSerializer
+            else:
+                if private:
+                    return PrivateProfileSerializer
+
+        return ProfileSerializer
+
     def wrap_all(self, objects):
         response = \
             {
@@ -63,7 +84,10 @@ def wrap(self, data):
 
     def authenticate(self):
         user, _ = self.JWTauth.authenticate(self.request)
-        return user.username == self.kwargs['username']
+        pk = self.kwargs['pk']
+        if pk.isdigit():
+            pk = self.queryset.get(id=pk).username
+        return user.username == pk
 
     def update(self, request, *args, **kwargs):
         if self.authenticate():