Create API for getting information on all current teachers. Create a separate permission for accessing the API.

sayravai · sayravai · commit 62b906c74ec5 · 2026-05-08T15:51:10.000+03:00
Fixes #1503
diff --git a/course/api/tests.py b/course/api/tests.py
@@ -1,4 +1,5 @@
 from django.test import override_settings
+from django.contrib.auth.models import Permission
 from rest_framework.test import APIClient
 
 from course.models import CourseInstance
@@ -144,3 +145,85 @@ def test_put_course(self):
         t = map(lambda x: x.user.username, course.teachers)
         self.assertIn('staff', t)
         self.assertIn('newteacher', t)
+
+    def test_get_current_teachers(self):
+        self.user.email = 'teacher1@example.com'
+        self.user.save(update_fields=['email'])
+        self.user1.email = 'teacher2@example.com'
+        self.user1.save(update_fields=['email'])
+        self.user2.email = 'pastteacher@example.com'
+        self.user2.save(update_fields=['email'])
+
+        self.current_course_instance.add_teacher(self.user.userprofile)
+        self.current_course_instance.add_teacher(self.user1.userprofile)
+        self.future_course_instance.add_teacher(self.user1.userprofile)
+        self.past_course_instance.add_teacher(self.user2.userprofile)
+
+        client = APIClient()
+        client.force_authenticate(user=self.superuser)
+        response = client.get('/api/v2/courses/current-teachers/')
+
+        self.assertEqual(response.status_code, 200)
+        self.assertIn('count', response.data)
+        self.assertIn('results', response.data)
+
+        results = response.data['results']
+        self.assertEqual(response.data['count'], 2)
+        self.assertEqual(len(results), 2)
+
+        emails = sorted(row['email'] for row in results)
+        self.assertEqual(emails, ['teacher1@example.com', 'teacher2@example.com'])
+
+    def test_get_current_teachers_requires_permission(self):
+        self.current_course_instance.add_teacher(self.user.userprofile)
+
+        client = APIClient()
+        client.force_authenticate(user=self.user)
+        response = client.get('/api/v2/courses/current-teachers/')
+        self.assertEqual(response.status_code, 403)
+
+    def test_get_current_teachers_with_permission(self):
+        self.current_course_instance.add_teacher(self.user1.userprofile)
+        self.user1.email = 'teacher2@example.com'
+        self.user1.save(update_fields=['email'])
+
+        permission = Permission.objects.get(
+            content_type__app_label='course',
+            codename='view_current_teachers',
+        )
+        self.user.user_permissions.add(permission)
+
+        client = APIClient()
+        client.force_authenticate(user=self.user)
+        response = client.get('/api/v2/courses/current-teachers/')
+
+        self.assertEqual(response.status_code, 200)
+        emails = [row['email'] for row in response.data['results']]
+        self.assertIn('teacher2@example.com', emails)
+
+    def test_get_current_teachers_ended_within_days(self):
+        self.user.email = 'teacher1@example.com'
+        self.user.save(update_fields=['email'])
+        self.user2.email = 'pastteacher@example.com'
+        self.user2.save(update_fields=['email'])
+
+        self.current_course_instance.add_teacher(self.user.userprofile)
+        self.past_course_instance.add_teacher(self.user2.userprofile)
+
+        client = APIClient()
+        client.force_authenticate(user=self.superuser)
+        response = client.get('/api/v2/courses/current-teachers/?ended_within_days=365')
+
+        self.assertEqual(response.status_code, 200)
+        emails = sorted(row['email'] for row in response.data['results'])
+        self.assertEqual(emails, ['pastteacher@example.com', 'teacher1@example.com'])
+
+    def test_get_current_teachers_ended_within_days_invalid(self):
+        client = APIClient()
+        client.force_authenticate(user=self.superuser)
+
+        response = client.get('/api/v2/courses/current-teachers/?ended_within_days=abc')
+        self.assertEqual(response.status_code, 400)
+
+        response = client.get('/api/v2/courses/current-teachers/?ended_within_days=-1')
+        self.assertEqual(response.status_code, 400)
diff --git a/course/api/views.py b/course/api/views.py
@@ -45,6 +45,7 @@
 )
 from ..permissions import (
     JWTInstanceWritePermission,
+    CanViewCurrentTeachersPermission,
     OnlyCourseTeacherPermission,
     IsCourseAdminOrUserObjIsSelf,
     OnlyEnrolledStudentOrCourseStaffPermission,
@@ -116,6 +117,13 @@ class CourseViewSet(ListSerializerMixin,
 
     * `subject`: email subject
     * `message`: email body
+
+    `GET /courses/current-teachers/`:
+        returns users who are teachers in at least one currently running course.
+                Optional query parameter:
+
+        * `ended_within_days`: include teachers from courses that ended within
+            the given number of days (and ongoing/future courses). Example: `365`.
     """
     lookup_url_kwarg = 'course_id'
     lookup_value_regex = REGEX_INT
@@ -142,6 +150,65 @@ def get_serializer_class(self):
             return CourseWriteSerializer
         return super().get_serializer_class()
 
+    @action(
+        detail=False,
+        methods=['get'],
+        url_path='current-teachers',
+        url_name='current-teachers',
+        get_permissions=lambda: [CanViewCurrentTeachersPermission()],
+    )
+    def current_teachers(self, request, *args, **kwargs):
+        now = timezone.now()
+        ended_within_days = request.query_params.get('ended_within_days', '').strip()
+
+        course_filter = Q(
+            course_instance__starting_time__lte=now,
+            course_instance__ending_time__gte=now,
+        )
+        if ended_within_days:
+            try:
+                days = int(ended_within_days)
+            except ValueError as exc:
+                raise ParseError('"ended_within_days" must be an integer.') from exc
+            if days < 0:
+                raise ParseError('"ended_within_days" must be a non-negative integer.')
+            course_filter = Q(course_instance__ending_time__gte=now - datetime.timedelta(days=days))
+
+        teacher_rows = (
+            Enrollment.objects
+            .filter(
+                course_filter,
+                role=Enrollment.ENROLLMENT_ROLE.TEACHER,
+                status=Enrollment.ENROLLMENT_STATUS.ACTIVE,
+            )
+            .values(
+                'user_profile__user_id',
+                'user_profile__user__username',
+                'user_profile__user__email',
+                'user_profile__user__first_name',
+                'user_profile__user__last_name',
+            )
+            .distinct()
+            .order_by('user_profile__user_id')
+        )
+
+        results = [
+            {
+                'id': row['user_profile__user_id'],
+                'username': row['user_profile__user__username'],
+                'email': row['user_profile__user__email'],
+                'first_name': row['user_profile__user__first_name'],
+                'last_name': row['user_profile__user__last_name'],
+            }
+            for row in teacher_rows
+            if row['user_profile__user__email']
+        ]
+
+        return Response({
+            'count': len(results),
+            'results': results,
+        })
+
     # get_permissions lambda overwrites the normal version used for the above methods
     @action(detail=True, methods=["post"], get_permissions=lambda: [JWTInstanceWritePermission()])
     def notify_update(self, request, *args, **kwargs):
diff --git a/course/migrations/0064_courseinstance_view_current_teachers_permission.py b/course/migrations/0064_courseinstance_view_current_teachers_permission.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.2.18 on 2026-02-18
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('course', '0063_courseinstance_group_work_allowed'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='courseinstance',
+            options={
+                'verbose_name': 'MODEL_NAME_COURSE_INSTANCE',
+                'verbose_name_plural': 'MODEL_NAME_COURSE_INSTANCE_PLURAL',
+                'permissions': (('view_current_teachers', 'Can view current teachers API endpoint'),),
+            },
+        ),
+    ]
diff --git a/course/models.py b/course/models.py
@@ -801,6 +801,9 @@ class Meta:
         verbose_name = _('MODEL_NAME_COURSE_INSTANCE')
         verbose_name_plural = _('MODEL_NAME_COURSE_INSTANCE_PLURAL')
         unique_together = ("course", "url")
+        permissions = (
+            ('view_current_teachers', 'Can view current teachers API endpoint'),
+        )
 
     def __str__(self):
         return "{}: {}".format(str(self.course), self.instance_name)
diff --git a/course/permissions.py b/course/permissions.py
@@ -271,6 +271,16 @@ def has_object_permission(self, request: HttpRequest, view: Any, module: CourseM
         return True
 
 
+class CanViewCurrentTeachersPermission(Permission):
+    message = _('You do not have permission to access current teachers endpoint.')
+
+    def has_permission(self, request, view):
+        return (
+            request.user.is_authenticated
+            and request.user.has_perm('course.view_current_teachers')
+        )
+
+
 CourseModulePermission = CourseModulePermissionBase | JWTInstanceReadPermission
 
 
