Create an API endpoint and permission for fetching all current teachers

Fixes #1503

Author: sayravai

course/api/tests.py

@@ -1,4 +1,5 @@
 from django.test import override_settings
+from django.contrib.auth.models import Permission
 from rest_framework.test import APIClient
 
 from course.models import CourseInstance
@@ -144,3 +145,85 @@ def test_put_course(self):
         t = map(lambda x: x.user.username, course.teachers)
         self.assertIn('staff', t)
         self.assertIn('newteacher', t)
+
+    def test_get_current_teachers(self):
+        self.user.email = 'teacher1@example.com'
+        self.user.save(update_fields=['email'])
+        self.user1.email = 'teacher2@example.com'
+        self.user1.save(update_fields=['email'])
+        self.user2.email = 'pastteacher@example.com'
+        self.user2.save(update_fields=['email'])
+
+        self.current_course_instance.add_teacher(self.user.userprofile)
+        self.current_course_instance.add_teacher(self.user1.userprofile)
+        self.future_course_instance.add_teacher(self.user1.userprofile)
+        self.past_course_instance.add_teacher(self.user2.userprofile)
+
+        client = APIClient()
+        client.force_authenticate(user=self.superuser)
+        response = client.get('/api/v2/courses/current-teachers/')
+
+        self.assertEqual(response.status_code, 200)
+        self.assertIn('count', response.data)
+        self.assertIn('results', response.data)
+
+        results = response.data['results']
+        self.assertEqual(response.data['count'], 2)
+        self.assertEqual(len(results), 2)
+
+        emails = sorted(row['email'] for row in results)
+        self.assertEqual(emails, ['teacher1@example.com', 'teacher2@example.com'])
+
+    def test_get_current_teachers_requires_permission(self):
+        self.current_course_instance.add_teacher(self.user.userprofile)
+
+        client = APIClient()
+        client.force_authenticate(user=self.user)
+        response = client.get('/api/v2/courses/current-teachers/')
+        self.assertEqual(response.status_code, 403)
+
+    def test_get_current_teachers_with_permission(self):
+        self.current_course_instance.add_teacher(self.user1.userprofile)
+        self.user1.email = 'teacher2@example.com'
+        self.user1.save(update_fields=['email'])
+
+        permission = Permission.objects.get(
+            content_type__app_label='course',
+            codename='view_current_teachers',
+        )
+        self.user.user_permissions.add(permission)
+
+        client = APIClient()
+        client.force_authenticate(user=self.user)
+        response = client.get('/api/v2/courses/current-teachers/')
+
+        self.assertEqual(response.status_code, 200)
+        emails = [row['email'] for row in response.data['results']]
+        self.assertIn('teacher2@example.com', emails)
+
+    def test_get_current_teachers_ended_within_days(self):
+        self.user.email = 'teacher1@example.com'
+        self.user.save(update_fields=['email'])
+        self.user2.email = 'pastteacher@example.com'
+        self.user2.save(update_fields=['email'])
+
+        self.current_course_instance.add_teacher(self.user.userprofile)
+        self.past_course_instance.add_teacher(self.user2.userprofile)
+
+        client = APIClient()
+        client.force_authenticate(user=self.superuser)
+        response = client.get('/api/v2/courses/current-teachers/?ended_within_days=365')
+
+        self.assertEqual(response.status_code, 200)
+        emails = sorted(row['email'] for row in response.data['results'])
+        self.assertEqual(emails, ['pastteacher@example.com', 'teacher1@example.com'])
+
+    def test_get_current_teachers_ended_within_days_invalid(self):
+        client = APIClient()
+        client.force_authenticate(user=self.superuser)
+
+        response = client.get('/api/v2/courses/current-teachers/?ended_within_days=abc')
+        self.assertEqual(response.status_code, 400)
+
+        response = client.get('/api/v2/courses/current-teachers/?ended_within_days=-1')
+        self.assertEqual(response.status_code, 400)

course/api/views.py

@@ -45,6 +45,7 @@
 )
 from ..permissions import (
     JWTInstanceWritePermission,
+    CanViewCurrentTeachersPermission,
     OnlyCourseTeacherPermission,
     IsCourseAdminOrUserObjIsSelf,
     OnlyEnrolledStudentOrCourseStaffPermission,
@@ -116,6 +117,13 @@ class CourseViewSet(ListSerializerMixin,
 
     * `subject`: email subject
     * `message`: email body
+
+    `GET /courses/current-teachers/`:
+        returns users who are teachers in at least one currently running course.
+        Optional query parameter:
+
+    * `ended_within_days`: include teachers from courses that ended within
+        the given number of days (and ongoing/future courses). Example: `365`.
     """
     lookup_url_kwarg = 'course_id'
     lookup_value_regex = REGEX_INT
@@ -142,6 +150,65 @@ def get_serializer_class(self):
             return CourseWriteSerializer
         return super().get_serializer_class()
 
+    @action(
+        detail=False,
+        methods=['get'],
+        url_path='current-teachers',
+        url_name='current-teachers',
+        get_permissions=lambda: [CanViewCurrentTeachersPermission()],
+    )
+    def current_teachers(self, request, *args, **kwargs):
+        now = timezone.now()
+        ended_within_days = request.query_params.get('ended_within_days', '').strip()
+
+        course_filter = Q(
+            course_instance__starting_time__lte=now,
+            course_instance__ending_time__gte=now,
+        )
+        if ended_within_days:
+            try:
+                days = int(ended_within_days)
+            except ValueError as exc:
+                raise ParseError('"ended_within_days" must be an integer.') from exc
+            if days < 0:
+                raise ParseError('"ended_within_days" must be a non-negative integer.')
+            course_filter = Q(course_instance__ending_time__gte=now - datetime.timedelta(days=days))
+
+        teacher_rows = (
+            Enrollment.objects
+            .filter(
+                course_filter,
+                role=Enrollment.ENROLLMENT_ROLE.TEACHER,
+                status=Enrollment.ENROLLMENT_STATUS.ACTIVE,
+            )
+            .values(
+                'user_profile__user_id',
+                'user_profile__user__username',
+                'user_profile__user__email',
+                'user_profile__user__first_name',
+                'user_profile__user__last_name',
+            )
+            .distinct()
+            .order_by('user_profile__user_id')
+        )
+
+        results = [
+            {
+                'id': row['user_profile__user_id'],
+                'username': row['user_profile__user__username'],
+                'email': row['user_profile__user__email'],
+                'first_name': row['user_profile__user__first_name'],
+                'last_name': row['user_profile__user__last_name'],
+            }
+            for row in teacher_rows
+            if row['user_profile__user__email']
+        ]
+
+        return Response({
+            'count': len(results),
+            'results': results,
+        })
+
     # get_permissions lambda overwrites the normal version used for the above methods
     @action(detail=True, methods=["post"], get_permissions=lambda: [JWTInstanceWritePermission()])
     def notify_update(self, request, *args, **kwargs):

course/migrations/0064_courseinstance_view_current_teachers_permission.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.2.14 on 2026-05-26 07:07
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('course', '0063_courseinstance_group_work_allowed'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='courseinstance',
+            options={'permissions': (('view_current_teachers', 'Can view current teachers API endpoint'),), 'verbose_name': 'MODEL_NAME_COURSE_INSTANCE', 'verbose_name_plural': 'MODEL_NAME_COURSE_INSTANCE_PLURAL'},
+        ),
+    ]

course/models.py

@@ -801,6 +801,9 @@ class Meta:
         verbose_name = _('MODEL_NAME_COURSE_INSTANCE')
         verbose_name_plural = _('MODEL_NAME_COURSE_INSTANCE_PLURAL')
         unique_together = ("course", "url")
+        permissions = (
+            ('view_current_teachers', 'Can view current teachers API endpoint'),
+        )
 
     def __str__(self):
         return "{}: {}".format(str(self.course), self.instance_name)

course/permissions.py

@@ -271,6 +271,16 @@ def has_object_permission(self, request: HttpRequest, view: Any, module: CourseM
         return True
 
 
+class CanViewCurrentTeachersPermission(Permission):
+    message = _('COURSE_PERMISSION_MSG_CANNOT_VIEW_CURRENT_TEACHERS')
+
+    def has_permission(self, request, view):
+        return (
+            request.user.is_authenticated
+            and request.user.has_perm('course.view_current_teachers')
+        )
+
+
 CourseModulePermission = CourseModulePermissionBase | JWTInstanceReadPermission
 
 

locale/en/LC_MESSAGES/django.po

@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-02-17 12:43+0200\n"
+"POT-Creation-Date: 2026-05-22 16:08+0300\n"
 "PO-Revision-Date: 2021-05-27 14:47+0300\n"
 "Last-Translator: Jimmy Ihalainen <jimmy.ihalainen@aalto.fi>\n"
 "Language-Team: English<>\n"
@@ -303,7 +303,6 @@ msgid "MODEL_NAME_COURSE_PLURAL"
 msgstr "courses"
 
 #: course/models.py exercise/exercise_models.py
-#, python-brace-format
 msgid "TAKEN_WORDS_INCLUDE -- {}"
 msgstr "Reserved words include: {}"
 
@@ -654,12 +653,10 @@ msgid "MODEL_NAME_COURSE_INSTANCE_PLURAL"
 msgstr "course instances"
 
 #: course/models.py
-#, python-brace-format
 msgid "COURSE_INSTANCE_ERROR_INSTANCE_NAME -- {}"
 msgstr "You cannot use the word '{}' as an instance name."
 
 #: course/models.py
-#, python-brace-format
 msgid "COURSE_INSTANCE_ERROR_URL -- {}"
 msgstr "You cannot use the word '{}' in the URL."
 
@@ -890,17 +887,21 @@ msgstr "The module is not currently visible."
 msgid "MODULE_PERMISSION_ERROR_NOT_OPEN_YET -- {date}"
 msgstr "The module will open for submissions at {date}."
 
+#: course/permissions.py
+msgid "COURSE_PERMISSION_MSG_CANNOT_VIEW_CURRENT_TEACHERS"
+msgstr "You do not have permission to access current teachers endpoint."
+
 #: course/permissions.py
 msgid "COURSE_PERMISSION_MSG_ONLY_TEACHER"
-msgstr "Only course teacher is allowed"
+msgstr "Only course teacher is allowed."
 
 #: course/permissions.py
 msgid "COURSE_PERMISSION_MSG_ONLY_COURSE_STAFF"
-msgstr "Only course staff is allowed"
+msgstr "Only course staff are allowed."
 
 #: course/permissions.py
 msgid "COURSE_PERMISSION_MSG_ONLY_ENROLLED_STUDENTS_OR_COURSE_STAFF"
-msgstr "Only enrolled students or course staff are allowed"
+msgstr "Only enrolled students or course staff are allowed."
 
 #: course/staff_views.py edit_course/views.py exercise/staff_views.py
 msgid "SUCCESS_SAVING_CHANGES"
@@ -3498,7 +3499,6 @@ msgid "ALONE"
 msgstr "alone"
 
 #: exercise/exercise_models.py
-#, python-brace-format
 msgid "WITH -- {}"
 msgstr "with {}"
 
@@ -3768,7 +3768,6 @@ msgid "EXERCISE_VISIBILITY_ERROR_NOT_VISIBLE"
 msgstr "The assignment is not currently visible."
 
 #: exercise/permissions.py
-#, python-brace-format
 msgid "EXERCISE_VISIBILITY_ERROR_NOT_OPEN_YET -- {}"
 msgstr "The assignment opens for submissions at {}."
 
@@ -3896,7 +3895,6 @@ msgid "MODEL_NAME_REVEAL_RULE_PLURAL"
 msgstr "Reveal rules"
 
 #: exercise/staff_views.py
-#, python-brace-format
 msgid "GRADING_MODE_TITLE -- {}"
 msgstr "Grading mode: {}"
 
@@ -6057,7 +6055,6 @@ msgid "MODEL_NAME_THRESHOLD_POINTS_PLURAL"
 msgstr "threshold points"
 
 #: threshold/models.py
-#, python-brace-format
 msgid "POINTS -- {:d}"
 msgstr "{:d} points"
 
@@ -6253,15 +6250,3 @@ msgstr "No system-wide accessibility statement found."
 #: userprofile/views.py
 msgid "NO_SUPPORT_PAGE"
 msgstr "No support page. Please notify administration!"
-
-#~ msgid "NUMBER_OF_ENROLLED_STUDENTS"
-#~ msgstr "Enrolled active students:"
-
-#~ msgid "PENDING_STUDENTS"
-#~ msgstr "Pending:"
-
-#~ msgid "REMOVED_STUDENTS"
-#~ msgstr "Removed:"
-
-#~ msgid "BANNED_STUDENTS"
-#~ msgstr "Banned:"