Beispiel #1
0
    def get(self):
        """
        API endpoint for get resource (get-detail).
        """
        if self._meta.authentication.is_authenticated(self.request):
            # get the object to view
            obj_id = self.request.matchdict['id']
            obj = self.get_obj(obj_id)
            bundle = self.build_bundle(obj=obj)

            # check if we have read access to this object first
            if self._meta.authorization.read_detail(obj, bundle):
                if obj is not None:
                    bundle = self.dehydrate(bundle)
                    return bundle
                else:
                    raise HTTPNotFound(RESOURCE_NOT_FOUND.format(self.get_obj_url(obj_id)))
            else:
                raise HTTPForbidden(NOT_AUTHORIZED)
        else:
            raise HTTPForbidden(NOT_AUTHENTICATED)
Beispiel #2
0
    def put(self):
        """
        API endpoint for update resource (update-detail).

        Note that TastyPie will actually create the object if it didn't
        exist first, we don't do this and return HTTPNotFound instead.
        """
        if self._meta.authentication.is_authenticated(self.request):
            # get the current object to update, build a bundle with the data
            obj_id = self.request.matchdict['id']
            obj = self.get_obj(obj_id)
            bundle = self.build_bundle(obj=obj, data=self.request.validated)

            # now we can check if we are allowed to update this object
            if self._meta.authorization.update_detail(obj, bundle):
                if obj is not None:
                    # hydrate and save the object
                    bundle = self.hydrate(bundle)

                    # if there are errors, don't call save_obj and return
                    # this results in a 400 Bad Request, which is what we want
                    if self.request.errors:
                        return

                    self.save_obj(bundle.obj)

                    # returning the data is optional and is done per-resource.
                    if self._meta.always_return_data:
                        # return the data that was saved during hydrate
                        bundle = self.dehydrate(bundle)
                        return bundle
                    else:
                        # returns 204 no content
                        return HTTPNoContent()
                else:
                    raise HTTPNotFound(RESOURCE_NOT_FOUND.format(self.get_obj_url(obj_id)))
            else:
                raise HTTPForbidden(NOT_AUTHORIZED)
        else:
            raise HTTPForbidden(NOT_AUTHENTICATED)
Beispiel #3
0
    def delete(self):
        """
        API endpoint to delete a resource (delete-detail).
        """
        if self._meta.authentication.is_authenticated(self.request):
            # get the current object to delete
            obj_id = self.request.matchdict['id']
            obj = self.get_obj(obj_id)
            bundle = self.build_bundle(obj=obj)

            # now we can check if we are allowed to delete this object
            if self._meta.authorization.delete_detail(obj, bundle):
                if obj is not None:
                    # delete the object
                    self.delete_obj(obj)

                    # returns 204 no content
                    return HTTPNoContent()
                else:
                    raise HTTPNotFound(RESOURCE_NOT_FOUND.format(self.get_obj_url(obj_id)))
            else:
                raise HTTPForbidden(NOT_AUTHORIZED)
        else:
            raise HTTPForbidden(NOT_AUTHENTICATED)