From 10fd59106b113d1bf5c390ce828f8ed5404ad9b5 Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Sun, 11 Jun 2023 01:13:38 +0500 Subject: [PATCH 1/4] leaked users fixed --- src/apps/api/serializers/competitions.py | 2 -- src/apps/profiles/models.py | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/apps/api/serializers/competitions.py b/src/apps/api/serializers/competitions.py index 0314d831d..d2a822555 100644 --- a/src/apps/api/serializers/competitions.py +++ b/src/apps/api/serializers/competitions.py @@ -262,7 +262,6 @@ class Meta: class CompetitionParticipantSerializer(serializers.ModelSerializer): username = serializers.CharField(source='user.username') is_bot = serializers.BooleanField(source='user.is_bot') - email = serializers.CharField(source='user.email') class Meta: model = CompetitionParticipant @@ -270,7 +269,6 @@ class Meta: 'id', 'username', 'is_bot', - 'email', 'status', ) diff --git a/src/apps/profiles/models.py b/src/apps/profiles/models.py index a6b92e944..caa064d5e 100644 --- a/src/apps/profiles/models.py +++ b/src/apps/profiles/models.py @@ -89,7 +89,8 @@ def get_full_name(self): return self.name def __str__(self): - return f'{self.username} | {self.email}' + # return f'{self.username} | {self.email}' + return self.username @property def slug_url(self): From e822a79480433818ec9def883ad03e62526f29d9 Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Sun, 11 Jun 2023 12:55:04 +0500 Subject: [PATCH 2/4] separate serializer added for participants with email --- src/apps/api/serializers/competitions.py | 16 ++++++++++++++++ src/apps/api/views/competitions.py | 10 +++++++++- .../competitions/detail/participant_manager.tag | 1 + 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/apps/api/serializers/competitions.py b/src/apps/api/serializers/competitions.py index d2a822555..f074f9ddd 100644 --- a/src/apps/api/serializers/competitions.py +++ b/src/apps/api/serializers/competitions.py @@ -273,6 +273,22 @@ class Meta: ) +class CompetitionParticipantWithEmailSerializer(serializers.ModelSerializer): + username = serializers.CharField(source='user.username') + is_bot = serializers.BooleanField(source='user.is_bot') + email = serializers.CharField(source='user.email') + + class Meta: + model = CompetitionParticipant + fields = ( + 'id', + 'username', + 'is_bot', + 'email', + 'status', + ) + + class FrontPageCompetitionsSerializer(serializers.Serializer): popular_comps = CompetitionSerializerSimple(many=True) featured_comps = CompetitionSerializerSimple(many=True) diff --git a/src/apps/api/views/competitions.py b/src/apps/api/views/competitions.py index d27a3fe5e..cf9353009 100644 --- a/src/apps/api/views/competitions.py +++ b/src/apps/api/views/competitions.py @@ -25,6 +25,7 @@ from rest_framework.viewsets import ModelViewSet from api.serializers.competitions import CompetitionSerializerSimple, PhaseSerializer, \ CompetitionCreationTaskStatusSerializer, CompetitionDetailSerializer, CompetitionParticipantSerializer, \ + CompetitionParticipantWithEmailSerializer,\ FrontPageCompetitionsSerializer, PhaseResultsSerializer, CompetitionUpdateSerializer, CompetitionCreateSerializer from api.serializers.leaderboards import LeaderboardPhaseSerializer, LeaderboardSerializer from competitions.emails import send_participation_requested_emails, send_participation_accepted_emails, \ @@ -575,7 +576,6 @@ def get_leaderboard(self, request, pk): class CompetitionParticipantViewSet(ModelViewSet): queryset = CompetitionParticipant.objects.all() - serializer_class = CompetitionParticipantSerializer filter_backends = (DjangoFilterBackend, SearchFilter) filter_fields = ('user__username', 'user__email', 'status', 'competition') search_fields = ('user__username', 'user__email',) @@ -588,6 +588,14 @@ def get_queryset(self): qs = qs.select_related('user').order_by('user__username') return qs + def get_serializer_class(self): + + participants_with_email = self.request.query_params.get('participants_with_email', None) + if participants_with_email: + return CompetitionParticipantWithEmailSerializer + else: + return CompetitionParticipantSerializer + def update(self, request, *args, **kwargs): if request.method == 'PATCH': if 'status' in request.data: diff --git a/src/static/riot/competitions/detail/participant_manager.tag b/src/static/riot/competitions/detail/participant_manager.tag index e894735c4..58bf48422 100644 --- a/src/static/riot/competitions/detail/participant_manager.tag +++ b/src/static/riot/competitions/detail/participant_manager.tag @@ -134,6 +134,7 @@ if (status && status !== '-') { filters.status = status } + filters.participants_with_email = true CODALAB.api.get_participants(filters) .done(participants => { From 3d8f1101159978d06b0b6f59cbc8ecde3ec2e083 Mon Sep 17 00:00:00 2001 From: Ihsan Ullah Date: Thu, 15 Jun 2023 20:48:36 +0500 Subject: [PATCH 3/4] participants id and status hidden --- src/apps/api/serializers/competitions.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/apps/api/serializers/competitions.py b/src/apps/api/serializers/competitions.py index f074f9ddd..3b442826f 100644 --- a/src/apps/api/serializers/competitions.py +++ b/src/apps/api/serializers/competitions.py @@ -266,10 +266,8 @@ class CompetitionParticipantSerializer(serializers.ModelSerializer): class Meta: model = CompetitionParticipant fields = ( - 'id', 'username', 'is_bot', - 'status', ) From 51a668bf12e40d72aa22e8e0ce79e92a674cf8e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrien=20Pav=C3=A3o?= Date: Wed, 21 Jun 2023 16:05:54 +0200 Subject: [PATCH 4/4] Update models.py --- src/apps/profiles/models.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/apps/profiles/models.py b/src/apps/profiles/models.py index caa064d5e..7c18e21bf 100644 --- a/src/apps/profiles/models.py +++ b/src/apps/profiles/models.py @@ -89,7 +89,6 @@ def get_full_name(self): return self.name def __str__(self): - # return f'{self.username} | {self.email}' return self.username @property