Add imagegallery endpoints

lego/apps/events/constants.py

@@ -10,7 +10,6 @@
 SOCIAL = "social"
 OTHER = "other"
 EVENT = "event"
-IMAGE = "image"
 
 EVENT_TYPES = (
     (COMPANY_PRESENTATION, COMPANY_PRESENTATION),

lego/apps/events/serializers/events.py

@@ -194,6 +194,9 @@ def get_attended_count(self, event):
 
 class ImageGallerySerializer(BasisModelSerializer):
     cover = ImageField(source="key", required=True, options={"height": 500})
+    cover_placeholder = ImageField(
+        source="key", required=False, options={"height": 50, "filters": ["blur(20)"]}
+    )
 
     class Meta:
         model = File
@@ -205,6 +208,7 @@ class Meta:
             "save_for_use",
             "cover",
             "token",
+            "cover_placeholder",
         )
         read_only = True
 

lego/apps/events/views.py

@@ -61,6 +61,7 @@
     save_and_notify_payment,
 )
 from lego.apps.events.websockets import notify_event_registration
+from lego.apps.files.constants import IMAGE
 from lego.apps.files.models import File
 from lego.apps.permissions.api.filters import LegoPermissionFilter
 from lego.apps.permissions.api.views import AllowedPermissionsMixin
@@ -304,10 +305,11 @@ def upcoming(self, request):
         serializer_class=ImageGallerySerializer,
         permission_classes=[permissions.IsAuthenticated],
     )
-    def imagegallery(self, request):
+    def cover_image_gallery(self, request):
+        if request.user.has_perm(EDIT, Event) is False:
+            raise PermissionDenied()
         queryset = File.objects.filter(
-            file_type=constants.IMAGE,
-            public=True,
+            file_type=IMAGE,
             save_for_use=True,
         )
         serializer = self.get_serializer(queryset, many=True)

lego/apps/files/fixtures/test_files.yaml

@@ -6,6 +6,7 @@
     token: token
     user: 1
     public: true
+    save_for_use: false
 
 - pk: abakus1.png
   model: files.File
@@ -15,6 +16,7 @@
     token: token
     user: 1
     public: true
+    save_for_use: false
 
 - pk: abakus2.png
   model: files.File
@@ -24,15 +26,17 @@
     token: token
     user: 1
     public: true
+    save_for_use: false
 
 - pk: default_male_avatar.png
   model: files.File
   fields:
     state: ready
     file_type: image
-    token: token
+    token: token4
     user: 1
     public: true
+    save_for_use: false
 
 - pk: default_female_avatar.png
   model: files.File
@@ -42,3 +46,4 @@
     token: token
     user: 1
     public: true
+    save_for_use: false

lego/apps/files/migrations/0005_file_save_for_use.py

@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ("files", "0004_auto_20200907_2209"),
     ]

lego/apps/files/serializers.py

@@ -1,6 +1,5 @@
 from rest_framework import serializers
 
-from lego.apps.files.fields import ImageField
 from lego.apps.files.models import File
 
 from .validators import KEY_REGEX
@@ -11,27 +10,6 @@ class FileUploadSerializer(serializers.Serializer):
     public = serializers.BooleanField(required=True)
 
 
-class ImageGalleryCoverSerializer(serializers.ModelSerializer):
-
-    file = ImageField(
-        source="self", required=False, options={"height": 700, "smart": True}
-    )
-
-    thumbnail = ImageField(
-        source="self",
-        read_only=True,
-        options={"height": 300, "width": 300, "smart": True},
-    )
-
-    class Meta:
-        model = File
-        fields = (
-            "thumbnail",
-            "id",
-            "key",
-        )
-
-
 class FileSaveForUseSerializer(serializers.ModelSerializer):
     class Meta:
         model = File

lego/apps/files/tests/test_api.py

@@ -2,7 +2,7 @@
 
 from rest_framework import status
 
-from lego.apps.users.models import User
+from lego.apps.users.models import AbakusGroup, User
 from lego.utils.test_utils import BaseAPITestCase
 
 
@@ -44,3 +44,128 @@ def test_post_create_file_call(self, mock_create_file):
         except Exception:
             pass
         mock_create_file.assert_called_with(key, self.user, False)
+
+
+class SetSaveForUserTest(BaseAPITestCase):
+    fixtures = ["test_users.yaml", "test_files.yaml", "test_abakus_groups.yaml"]
+    key = "abakus.png"
+    token = "token"
+    url = f"/api/v1/files/{key}/set_save_for_use/"
+
+    def setUp(self):
+        self.webkom_user = User.objects.get(pk=9)
+        self.random_user = User.objects.get(pk=1)
+        self.bedkom_user = User.objects.get(pk=2)
+        AbakusGroup.objects.get(name="Webkom").add_user(self.webkom_user)
+        AbakusGroup.objects.get(name="Bedkom").add_user(self.bedkom_user)
+
+    def test_update_file_no_auth(self):
+        res = self.client.patch(f"{self.url}", data={})
+        self.assertEqual(res.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_update_file_no_token(self):
+        self.client.force_authenticate(self.webkom_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": True,
+                "token": "wrgon_token",
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_update_file_success(self):
+        self.client.force_authenticate(self.webkom_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": True,
+                "token": self.token,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_200_OK)
+
+    def test_update_file_success_bedkom(self):
+        self.client.force_authenticate(self.bedkom_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": True,
+                "token": self.token,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_200_OK)
+
+    def test_update_file_bedkom_no_value(self):
+        self.client.force_authenticate(self.bedkom_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "token": self.token,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_update_file_bedkom_bad_value(self):
+        self.client.force_authenticate(self.bedkom_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": "1",
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_update_file_bad_url(self):
+        self.client.force_authenticate(self.webkom_user)
+        res = self.client.patch(
+            "/api/v1/files/error.png/set_save_for_use/",
+            data={
+                "token": self.token,
+                "save_for_use": True,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_update_file_no_event_perm(self):
+        self.client.force_authenticate(self.random_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": True,
+                "token": self.token,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_update_file_no_event_perm_no_token(self):
+        self.client.force_authenticate(self.random_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": True,
+                "token": "wrong_token",
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_update_file_no_auth_correct_token(self):
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": True,
+                "token": self.token,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_update_file_set_false_bedkom(self):
+        self.client.force_authenticate(self.bedkom_user)
+        res = self.client.patch(
+            f"{self.url}",
+            data={
+                "save_for_use": False,
+                "token": self.token,
+            },
+        )
+        self.assertEqual(res.status_code, status.HTTP_200_OK)

lego/apps/files/views.py

@@ -6,9 +6,12 @@
     status,
     viewsets,
 )
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.response import Response
 
+from lego.apps.events.models import Event
 from lego.apps.files.exceptions import UnknownFileType
+from lego.apps.permissions.constants import EDIT
 
 from .models import File
 from .serializers import FileSaveForUseSerializer, FileUploadSerializer
@@ -46,14 +49,29 @@ def create(self, request, *args, **kwargs):
             status=status.HTTP_201_CREATED,
         )
 
-    @decorators.action(detail=True, methods=["PATCH"])
+    @decorators.action(
+        detail=True,
+        methods=["PATCH"],
+        permission_classes=[permissions.IsAuthenticated],
+    )
     def set_save_for_use(self, request, *args, **kwargs):
+        if request.user.has_perm(EDIT, Event) is False:
+            raise PermissionDenied()
         file = self.get_object()
         serializer = FileSaveForUseSerializer(data=request.data)
         if serializer.is_valid():
-            file.save_for_use = serializer.validated_data["save_for_use"]
-            file.save()
-            return Response({"Success"})
+            if file.token != serializer.validated_data["token"]:
+                raise PermissionDenied()
+            try:
+                file.save_for_use = serializer.validated_data["save_for_use"]
+                file.save()
+            except KeyError:
+                return Response(
+                    {"This field is required!"}, status=status.HTTP_400_BAD_REQUEST
+                )
+            except Exception:
+                return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+            return Response(data=serializer.data, status=status.HTTP_200_OK)
         else:
             return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)