From f16340e0d5a9bbf8b8f6547bed96973a783e5a82 Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Sun, 30 Jul 2023 20:15:51 +0500 Subject: [PATCH 1/2] don't show user's email in collaborators --- src/apps/profiles/models.py | 2 +- src/static/riot/competitions/detail/participant_manager.tag | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/apps/profiles/models.py b/src/apps/profiles/models.py index a6b92e944..7c18e21bf 100644 --- a/src/apps/profiles/models.py +++ b/src/apps/profiles/models.py @@ -89,7 +89,7 @@ def get_full_name(self): return self.name def __str__(self): - return f'{self.username} | {self.email}' + return self.username @property def slug_url(self): diff --git a/src/static/riot/competitions/detail/participant_manager.tag b/src/static/riot/competitions/detail/participant_manager.tag index e894735c4..5485469cf 100644 --- a/src/static/riot/competitions/detail/participant_manager.tag +++ b/src/static/riot/competitions/detail/participant_manager.tag @@ -148,7 +148,11 @@ self._update_status = (id, status) => { CODALAB.api.update_participant_status(id, {status: status}) .done(() => { - toastr.success('success') + if(status === 'denied'){ + toastr.success('Revoked successfully') + }else{ + toastr.success('Approved successfully') + } self.update_participants() }) } From 40ff4dd3d1907b8906117d395617720e3531e4ed Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Sun, 30 Jul 2023 21:13:48 +0500 Subject: [PATCH 2/2] participants list protected --- src/apps/api/views/competitions.py | 41 +++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/src/apps/api/views/competitions.py b/src/apps/api/views/competitions.py index 4dc0e4b30..7b2ff5a02 100644 --- a/src/apps/api/views/competitions.py +++ b/src/apps/api/views/competitions.py @@ -643,12 +643,41 @@ class CompetitionParticipantViewSet(ModelViewSet): search_fields = ('user__username', 'user__email',) def get_queryset(self): - qs = super().get_queryset() - user = self.request.user - if not user.is_superuser: - qs = qs.filter(competition__in=user.competitions.all() | user.collaborations.all()) - qs = qs.select_related('user').order_by('user__username') - return qs + + # a boolean set to true if the request is considered valid + # i.e. it is either GET request with `competition`` + # or patch request with `status` + # or post request with `message` + is_valid_request = False + + if self.request.method == "PATCH": + # PATCH request is considered valid if it has `status` + if 'status' in self.request.data: + is_valid_request = True + + if self.request.method == "POST": + # POST request is considered valid if it has `message` + if 'message' in self.request.data: + is_valid_request = True + + if self.request.method == "GET": + # GET request is considered valid if it has `competition`` + # if there is no competition then it si called from /api/participants/ + # URL which is not considered valid + if 'competition' in self.request.GET: + is_valid_request = True + + if is_valid_request: + # API to act normally i.e return participants + qs = super().get_queryset() + user = self.request.user + if not user.is_superuser: + qs = qs.filter(competition__in=user.competitions.all() | user.collaborations.all()) + qs = qs.select_related('user').order_by('user__username') + return qs + else: + # API will work but will return empty participants list + return CompetitionParticipant.objects.none() def update(self, request, *args, **kwargs): if request.method == 'PATCH':