Merge remote-tracking branch 'origin/dev' into feature/auth

Author: stolzor

.github/workflows/release-ci.yml

@@ -76,7 +76,6 @@ jobs:
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}
-
       - name: Build and push container
         uses: docker/build-push-action@v3
         with:
@@ -117,14 +116,11 @@ jobs:
               echo "EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" >> .env &&
               echo "EMAIL_HOST=${{ secrets.EMAIL_HOST }}" >> .env &&
               echo "EMAIL_PORT=${{ secrets.EMAIL_PORT }}" >> .env &&
-
               echo "SELECTEL_ACCOUNT_ID=${{ secrets.SELECTEL_ACCOUNT_ID }}" >> .env &&
               echo "SELECTEL_CONTAINER_NAME=${{ secrets.SELECTEL_CONTAINER_NAME }}" >> .env &&
               echo "SELECTEL_CONTAINER_PASSWORD=${{ secrets.SELECTEL_CONTAINER_PASSWORD }}" >> .env &&
               echo "SELECTEL_CONTAINER_USERNAME=${{ secrets.SELECTEL_CONTAINER_USERNAME }}" >> .env &&
-
               
               echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env 
               
-              docker-compose -f docker-compose.prod-ci.yml -p prod up -d
-
+              docker-compose -f docker-compose.prod-ci.yml -p prod up -d

files/serializers.py

@@ -0,0 +1,9 @@
+from rest_framework.serializers import ModelSerializer
+
+from files.models import UserFile
+
+
+class UserFileSerializer(ModelSerializer):
+    class Meta:
+        model = UserFile
+        fields = ["user", "link", "datetime_uploaded"]

files/views.py

@@ -1,17 +1,22 @@
 from django.db import transaction
+from rest_framework import generics
 from rest_framework import permissions, status
+from rest_framework.generics import get_object_or_404
 from rest_framework.response import Response
-from rest_framework.views import APIView
 
 from files.helpers import FileAPI
 from files.models import UserFile
+from files.serializers import UserFileSerializer
 
 
-class FileView(APIView):
-    permission_classes = [permissions.AllowAny]
+class FileView(generics.GenericAPIView):
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
+    serializer_class = UserFileSerializer
+    queryset = UserFile.objects.all()
 
     @transaction.atomic
     def post(self, request):
+        """creates a UserFile object and uploads the file to selectel"""
         file_api = FileAPI(request.FILES["file"], request.user)
         status_code, url = file_api.upload()
 
@@ -20,3 +25,23 @@ def post(self, request):
             return Response({"url": url}, status=status.HTTP_201_CREATED)
 
         return Response("Failed to upload file", status=status.HTTP_409_CONFLICT)
+
+    def delete(self, request, *args, **kwargs):
+        """deletes the file (only if the request is sent by the user who owns it!)
+        The link has to be specified in the JSON body, not in the URL arguments.
+        """
+        if request.data and (request.data.get("link") is not None):
+            link = request.data.get("link")
+        else:
+            return Response(
+                {
+                    "error": "you have to pass the link of the object you want to delete as JSON"
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        instance = get_object_or_404(self.get_queryset(), link=link)
+        if instance.user != request.user:
+            return Response(status=status.HTTP_403_FORBIDDEN)
+        FileAPI.delete(instance.link)  # delete the file via api
+        self.perform_destroy(instance)
+        return Response(status=status.HTTP_204_NO_CONTENT)

invites/filters.py

@@ -17,13 +17,6 @@ class InviteFilter(filters.FilterSet):
         ?is_active=false equals to .filter(is_active=False)
     """
 
-    def __init__(self, *args, **kwargs):
-        """if is_active filter is not passed, default to True"""
-        super().__init__(*args, **kwargs)
-        if self.data.get("is_active") is None:
-            self.data = dict(self.data)
-            self.data["is_active"] = True
-
     is_active = filters.BooleanFilter(field_name="is_active")
 
     class Meta:

invites/views.py

@@ -26,11 +26,13 @@ def create(self, request, *args, **kwargs):
 
 
 class InviteDetail(generics.RetrieveUpdateDestroyAPIView):
+    queryset = Invite.objects.all()
     serializer_class = InviteDetailSerializer
     permission_classes = [permissions.IsAuthenticatedOrReadOnly]
 
 
 class InviteAccept(generics.GenericAPIView):
+    queryset = Invite.objects.all()
     serializer_class = InviteDetailSerializer
     permission_classes = [permissions.IsAuthenticatedOrReadOnly]
 
@@ -44,6 +46,7 @@ def post(self, request, *args, **kwargs):
 
 
 class InviteDecline(generics.GenericAPIView):
+    queryset = Invite.objects.all()
     serializer_class = InviteDetailSerializer
     permission_classes = [permissions.IsAuthenticatedOrReadOnly]
 

users/serializers.py

@@ -17,7 +17,7 @@ class MentorSerializer(serializers.ModelSerializer):
     class Meta:
         model = Mentor
         fields = [
-            "job",
+            # "job",
             "useful_to_project",
         ]