def create(self, validated_data):
validated_data['shipment_id'] = self.context['view'].kwargs[
'shipment_pk']
if settings.PROFILES_ENABLED:
validated_data['requester_id'] = get_user(
self.context['request'])[0]
return AccessRequest.objects.create(**validated_data)
def create(self, validated_data):
validated_data['shipment_id'] = self.context['view'].kwargs[
'shipment_pk']
if settings.PROFILES_ENABLED:
validated_data['organization_name'] = get_organization_name(
self.context['request'])
validated_data['user_id'] = get_user(self.context['request'])[0]
validated_data['username'] = get_requester_username(
self.context['request']).split('@')[0]
return ShipmentNote.objects.create(**validated_data)
def get_queryset(self):
queryset = self.queryset.filter(route__id=self.kwargs['route_pk'])
if settings.PROFILES_ENABLED:
user_id, organization_id = get_user(self.request)
queryset_filter = Q(route__owner_id=user_id)
if organization_id:
queryset_filter |= Q(route__owner_id=organization_id)
queryset = queryset.filter(queryset_filter)
return queryset
def has_permission(self, request, view):
"""
If the user is not the owner of the Route (or not in the owning org), or if the Route does not exist,
then views using this permission will return a 404.
"""
from apps.routes.models import Route # Avoid circular import
queryset_filter = Q(pk=view.kwargs['route_pk'])
if settings.PROFILES_ENABLED:
user_id, organization_id = get_user(request)
queryset_filter &= Q(owner_id__in=[organization_id, user_id] if organization_id else [user_id])
if not Route.objects.filter(queryset_filter).exists():
raise Route.DoesNotExist("Route matching query does not exist.")
return True
def __call__(self, value):
instance = getattr(self.serializer, 'instance', None)
approved = instance.approved if instance else self.serializer.initial_data.get(
'approved', None)
value_changed = getattr(
instance, self.field_name) != value if instance else False
if approved:
raise serializers.ValidationError(
'Cannot modify the permission level of an approved access request'
)
if value_changed:
(user_id, _) = get_user(self.serializer.context['request'])
if str(instance.requester_id) != user_id:
raise serializers.ValidationError(
'Only the requester can modify permissions in a pending or denied '
'access request')
if approved is False:
# Modifying a denied access request changes it back to pending
instance.approved = None