From 3503003744c181b35ab4e9e8667b170d652c4037 Mon Sep 17 00:00:00 2001
From: Manish <msn07082005@gmail.com>
Date: Wed, 20 Nov 2024 00:58:27 +0530
Subject: [PATCH] remove alumni access to placement blog

---
 placements/views.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/placements/views.py b/placements/views.py
index 518abea5..8582356a 100644
--- a/placements/views.py
+++ b/placements/views.py
@@ -6,6 +6,8 @@
 from roles.helpers import login_required_ajax
 from helpers.misc import query_from_num
 from helpers.misc import query_search
+from alumni.models import AlumniUser
+from users.models import UserProfile
 
 
 class PlacementBlogViewset(viewsets.ViewSet):
@@ -13,6 +15,12 @@ class PlacementBlogViewset(viewsets.ViewSet):
     @login_required_ajax
     def placement_blog(cls, request):
         """Get Placement Blog."""
+        # Retrieve the UserProfile of the logged-in user
+        user_profile = UserProfile.objects.get(user=request.user)
+
+        # Check if the ldap of the UserProfile exists in the AlumniUser model
+        if AlumniUser.objects.filter(ldap=user_profile.ldap_id).exists():
+            return Response({"error": "Alumni cannot access this page."}, status=403)
         queryset = BlogEntry.objects.filter(blog_url=settings.PLACEMENTS_URL_VAL)
         queryset = query_search(request, 3, queryset, ["title", "content"], "placement")
         # queryset = queryset.order_by('-pinned', "-published")