def create(self, request):
comment_creation_fields = {
'course_uuid': request.data.get('course_uuid'),
'comment': request.data.get('comment'),
}
missing_values = [k for k, v in comment_creation_fields.items() if v is None]
error_message = ''
if missing_values:
error_message += ''.join([_('Missing value for: [{name}]. ').format(name=name) for name in missing_values])
if error_message:
return Response((_('Incorrect data sent. ') + error_message).strip(), status=status.HTTP_400_BAD_REQUEST)
partner = self.request.site.partner
course = self._get_course_or_404(partner, comment_creation_fields.get('course_uuid'))
if not CourseEditor.is_course_editable(request.user, course):
raise PermissionDenied
util = self._get_salesforce_util_or_404(partner)
try:
comment = util.create_comment_for_course_case(
course,
request.user,
comment_creation_fields.get('comment'),
course_run_key=request.data.get('course_run_key')
)
send_email_for_comment(comment, course, request.user)
return Response(comment, status=status.HTTP_201_CREATED)
except SalesforceMissingCaseException as ex:
return Response(ex.message, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return True
else:
course = request.data.get('course')
if not course:
# Fail happily because OPTIONS goes down this path too with a fake POST.
# If this is a real POST, we'll complain about the missing course in the view.
return True
# We could do a lookup on the course from the request above, but the logic already exists in the view so we
# use that to avoid writing it twice
return CourseEditor.is_course_editable(request.user, view.course)
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
else:
return CourseEditor.is_course_editable(request.user, obj.course)