Beispiel #1
0
 def put(self, request, pk, format=None):
     params = request.query_params if len(
         request.data) == 0 else request.data
     obj = self.get_object(pk)
     if (request.user.role == "ADMIN" or request.user.is_superuser
             or request.user == obj.commented_by):
         serializer = CommentSerializer(obj, data=params)
         if params.get("comment"):
             if serializer.is_valid():
                 serializer.save()
                 return Response(
                     {
                         "error": False,
                         "message": "Comment Submitted"
                     },
                     status=status.HTTP_200_OK,
                 )
             return Response(
                 {
                     "error": True,
                     "errors": serializer.errors
                 },
                 status=status.HTTP_400_BAD_REQUEST,
             )
     else:
         return Response(
             {
                 "error": True,
                 "errors":
                 "You don't have Permission to perform this action",
             },
             status=status.HTTP_403_FORBIDDEN,
         )
Beispiel #2
0
    def post(self, request, pk, **kwargs):
        params = (self.request.query_params
                  if len(self.request.data) == 0 else self.request.data)
        context = {}
        self.opportunity_obj = Opportunity.objects.get(pk=pk)
        if self.opportunity_obj.company != request.company:
            return Response({
                "error":
                True,
                "errors":
                "User company doesnot match with header...."
            })

        comment_serializer = CommentSerializer(data=params)
        if self.request.user.role != "ADMIN" and not self.request.user.is_superuser:
            if not (
                (self.request.user == self.opportunity_obj.created_by) or
                (self.request.user in self.opportunity_obj.assigned_to.all())):
                return Response(
                    {
                        "error":
                        True,
                        "errors":
                        "You don't have Permission to perform this action",
                    },
                    status=status.HTTP_401_UNAUTHORIZED,
                )
        if comment_serializer.is_valid():
            if params.get("comment"):
                comment_serializer.save(
                    opportunity_id=self.opportunity_obj.id,
                    commented_by_id=self.request.user.id,
                )

            if self.request.FILES.get("opportunity_attachment"):
                attachment = Attachments()
                attachment.created_by = self.request.user
                attachment.file_name = self.request.FILES.get(
                    "opportunity_attachment").name
                attachment.opportunity = self.opportunity_obj
                attachment.attachment = self.request.FILES.get(
                    "opportunity_attachment")
                attachment.save()

        comments = Comment.objects.filter(
            opportunity=self.opportunity_obj).order_by("-id")
        attachments = Attachments.objects.filter(
            opportunity=self.opportunity_obj).order_by("-id")
        context.update({
            "opportunity_obj":
            OpportunitySerializer(self.opportunity_obj).data,
            "attachments":
            AttachmentsSerializer(attachments, many=True).data,
            "comments":
            CommentSerializer(comments, many=True).data,
        })
        return Response(context)
Beispiel #3
0
    def post(self, request, pk, **kwargs):
        params = (self.request.query_params
                  if len(self.request.data) == 0 else self.request.data)
        context = {}
        self.account_obj = Account.objects.get(pk=pk)
        if self.account_obj.org != request.org:
            return Response(
                {
                    "error": True,
                    "errors": "User company does not match with header...."
                },
                status=status.HTTP_403_FORBIDDEN)
        if self.request.profile.role != "ADMIN" and not self.request.profile.is_admin:
            if not (
                (self.request.profile == self.account_obj.created_by) or
                (self.request.profile in self.account_obj.assigned_to.all())):
                return Response(
                    {
                        "error":
                        True,
                        "errors":
                        "You do not have Permission to perform this action",
                    },
                    status=status.HTTP_403_FORBIDDEN,
                )
        comment_serializer = CommentSerializer(data=params)
        if comment_serializer.is_valid():
            if params.get("comment"):
                comment_serializer.save(
                    account_id=self.account_obj.id,
                    commented_by=self.request.profile,
                )

        if self.request.FILES.get("account_attachment"):
            attachment = Attachments()
            attachment.created_by = self.request.profile
            attachment.file_name = self.request.FILES.get(
                "account_attachment").name
            attachment.account = self.account_obj
            attachment.attachment = self.request.FILES.get(
                "account_attachment")
            attachment.save()

        comments = Comment.objects.filter(
            account__id=self.account_obj.id).order_by("-id")
        attachments = Attachments.objects.filter(
            account__id=self.account_obj.id).order_by("-id")
        context.update({
            "account_obj":
            AccountSerializer(self.account_obj).data,
            "attachments":
            AttachmentsSerializer(attachments, many=True).data,
            "comments":
            CommentSerializer(comments, many=True).data,
        })
        return Response(context)
Beispiel #4
0
    def post(self, request, pk, **kwargs):
        params = (self.request.query_params
                  if len(self.request.data) == 0 else self.request.data)
        context = {}
        self.lead_obj = Lead.objects.get(pk=pk)
        if self.request.user.role != "ADMIN" and not self.request.user.is_superuser:
            if not ((self.request.user == self.lead_obj.created_by) or
                    (self.request.user in self.lead_obj.assigned_to.all())):
                return Response(
                    {
                        "error":
                        True,
                        "errors":
                        "You do not have Permission to perform this action",
                    },
                    status=status.HTTP_403_FORBIDDEN,
                )
        comment_serializer = CommentSerializer(data=params)
        if comment_serializer.is_valid():
            if params.get("comment"):
                comment_serializer.save(
                    lead_id=self.lead_obj.id,
                    commented_by_id=self.request.user.id,
                )

            if self.request.FILES.get("lead_attachment"):
                attachment = Attachments()
                attachment.created_by = self.request.user
                attachment.file_name = self.request.FILES.get(
                    "lead_attachment").name
                attachment.lead = self.lead_obj
                attachment.attachment = self.request.FILES.get(
                    "lead_attachment")
                attachment.save()

        comments = Comment.objects.filter(
            lead__id=self.lead_obj.id).order_by("-id")
        attachments = Attachments.objects.filter(
            lead__id=self.lead_obj.id).order_by("-id")
        context.update({
            "lead_obj":
            LeadSerializer(self.lead_obj).data,
            "attachments":
            AttachmentsSerializer(attachments, many=True).data,
            "comments":
            LeadCommentSerializer(comments, many=True).data,
        })
        return Response(context)