def has_create_permission(self, request, view, validated_serializer):
import mreg.api.v1.views
if user_is_superuser(request.user):
return True
hostname = None
ips = []
data = validated_serializer.validated_data
if '*' in data.get('name', ''):
return False
if 'ipaddress' in data:
if self.is_reserved_ip(data['ipaddress']):
if request_in_settings_group(request, NETWORK_ADMIN_GROUP):
return True
return False
if user_is_adminuser(request.user):
return True
if isinstance(
view,
(mreg.api.v1.views.HostList, mreg.api.v1.views.IpaddressList,
mreg.api.v1.views.PtrOverrideList)):
# HostList does not require ipaddress, but if none, the permissions
# will not match, so just refuse it.
ip = data.get('ipaddress', None)
if ip is None:
return False
ips.append(ip)
hostname = data['host'].name
elif 'host' in data:
hostname, ips = self._get_hostname_and_ips(data['host'])
else:
raise exceptions.PermissionDenied(f"Unhandled view: {view}")
if ips and hostname:
return self.has_perm(request.user, hostname, ips)
return False
def create(self, validated_data):
auth = get_user_auth(self.context['request'])
if not auth.user:
raise exceptions.PermissionDenied
try:
node = self.context['view'].get_target()
except exceptions.PermissionDenied:
node = self.context['view'].get_target(
check_object_permissions=False)
if auth.user in node.contributors:
raise exceptions.PermissionDenied(
'You cannot request access to a node you contribute to.')
raise
comment = validated_data.pop('comment', '')
request_type = validated_data.pop('request_type', None)
if request_type != RequestTypes.ACCESS.value:
raise exceptions.ValidationError(
'You must specify a valid request_type.')
try:
node_request = NodeRequest.objects.create(
target=node,
creator=auth.user,
comment=comment,
machine_state=DefaultStates.INITIAL.value,
request_type=request_type,
)
node_request.save()
except IntegrityError:
raise Conflict(
'Users may not have more than one {} request per node.'.format(
request_type))
node_request.run_submit(auth.user)
return node_request
def to_internal_value(self, data):
if 'player' in data:
data['player'] = user_or_validationerror('player',
data['player']).pk
if 'game' in data:
try:
game = models.Game.objects.get(pk=data['game'])
if game.is_finished():
raise serializers.ValidationError(
{'detail': 'game is finished'})
players = (
game.player_a.id,
game.player_b.id,
)
if data['player'] not in players:
raise exceptions.PermissionDenied(
{'player': 'player otside of game'})
moves = game.move_set.order_by('-timestamp').values()
if (len(moves) == 0 and data['player'] == game.player_a
) or (len(moves) > 0
and data['player'] == moves[0]['player_id']):
raise serializers.ValidationError(
{'player': 'Second player is taking turn'})
except models.Game.DoesNotExist:
raise serializers.ValidationError(
{'detail': 'game with given id does not exist'})
if 'position' in data and data['position'] not in range(9):
raise serializers.ValidationError(
{'position': 'position index shoud be in range 0..8'})
return super(MoveSerializer, self).to_internal_value(data)
def get(self, request, pk):
group = self.request.user.groups.values_list('name', flat=True)
if 'Club' in group:
queryset = sorted(list(
itertools.chain(
BioAge.objects.filter(
player__id=pk,
player__club=self.request.user.club,
),
PredictedHeight.objects.filter(
player__id=pk, player__club=self.request.user.club),
PHV.objects.filter(player__id=pk,
player__club=self.request.user.club),
)),
key=lambda instance: instance.created,
reverse=True)
elif 'Coach' in group:
queryset = sorted(list(
itertools.chain(
BioAge.objects.filter(
player__id=pk,
player__club=self.request.user.coach.club),
PredictedHeight.objects.filter(
player__id=pk,
player__club=self.request.user.coach.club),
PHV.objects.filter(
player__id=pk,
player__club=self.request.user.coach.club),
)),
key=lambda instance: instance.created,
reverse=True)
else:
raise exceptions.PermissionDenied(
'User has no permission to access user data of player.')
serializer = FeedDashboardSerializer(queryset, many=True)
return JSONResponse(serializer.data)
def retrieve(self, request, pk, format=None):
'''
It will return specific user data.
ADMIN can retrieve any account. STAFF can retrieve itself only.
API: /users/id/
Request type: GET
Headers:
Authorization: JWT <token>
Response data:
{
"id": int,
"username": "******",
"email": "string",
"firstname": "string",
"lastname": "string",
"designation": "string"
}
'''
designation = request.user.designation
# Allowed for itself for staff
if (designation == strings.STAFF):
if not (pk == str(request.user.id)):
raise exceptions.PermissionDenied(detail= strings.INVALID_CLIENT)
user = self.get_object(pk)
try:
serializer = UsersSerializerList(user)
return Response(serializer.data)
except Exception as e:
log.error(strings.SERIALIZATION_ERROR_MSG)
return Response(serializer.errors)
def my_global_curriculum(self, request):
user = get_user_from_request(request)
if not isinstance(user, Student):
raise exceptions.PermissionDenied()
course_spec = user.course.last().specification
subjects = Subject.objects.filter(students=user)
subject_specs = list(set(map(lambda subj: subj.subject_spec,
subjects)))
curriculum = []
for subject_spec in subject_specs:
subject = {}
latest_subject = subjects.filter(
subject_spec=subject_spec).latest('lective_year')
course_subject = CourseSubject.objects.get(
subject=latest_subject, course__specification=course_spec)
subject['course_subject'] = CourseSubjectSerializer(
course_subject).data
subject['subject'] = RestrictedSubjectSerializer(
latest_subject).data
subject['subject_spec'] = SubjectSpecificationSerializer(
subject_spec).data
final_grade = FinalGrade.objects.filter(
student=user,
subject__subject_spec=subject_spec).order_by("-grade").first()
if final_grade is not None and final_grade.grade >= settings.PASSING_GRADE:
subject['grade'] = FinalGradeSerializer(final_grade).data
curriculum.append(subject)
return Response(curriculum)
def exception_handler(exc, context):
if isinstance(exc, Http404):
exc = exceptions.NotFound()
elif isinstance(exc, PermissionDenied):
exc = exceptions.PermissionDenied()
if isinstance(exc, exceptions.APIException):
headers = {}
if getattr(exc, 'auth_header', None):
headers['WWW-Authenticate'] = exc.auth_header
if getattr(exc, 'wait', None):
headers['Retry-After'] = '%d' % exc.wait
if isinstance(exc.detail, (list, dict)):
data = exc.detail
else:
data = {'message': exc.detail}
set_rollback()
return Response({
'status': exc.status_code * 1000,
'body': data
},
status=exc.status_code,
headers=headers)
view = context.get('view')
logger.error(f'Exception in view {view}: ' f'{exc}')
return Response({
'status': 500000,
'body': {
'message': 'Unknown error.'
}
},
status=500)
def exception_handler(exc, context):
"""
Returns the response that should be used for any given exception.
By default we handle the REST framework `APIException`, and also
Django's built-in `Http404` and `PermissionDenied` exceptions.
Any unhandled exceptions may return `None`, which will cause a 500 error
to be raised.
"""
if isinstance(exc, Http404):
exc = exceptions.NotFound()
elif isinstance(exc, PermissionDenied):
exc = exceptions.PermissionDenied()
if isinstance(exc, exceptions.APIException):
headers = {}
if getattr(exc, 'auth_header', None):
headers['WWW-Authenticate'] = exc.auth_header
if getattr(exc, 'wait', None):
headers['Retry-After'] = '%d' % exc.wait
if isinstance(exc.detail, (list, dict)):
data = exc.detail
else:
data = {'detail': exc.detail}
data = {
'status': exc.status_code,
'msj': None,
'extra': data.get('detail') or data
}
set_rollback()
return Response(data, status=exc.status_code, headers=headers)
return None
def exception_handler(exc, context):
"""
Returns the response that should be used for any given exception.
By default we handle the REST framework `APIException`, and also
Django's built-in `Http404` and `PermissionDenied` exceptions.
Any unhandled exceptions may return `None`, which will cause a 500 error
to be raised.
"""
if isinstance(exc, Http404):
exc = exceptions.NotFound()
elif isinstance(exc, _PermissionDenied):
exc = exceptions.PermissionDenied()
headers = {}
if isinstance(exc, exceptions.ValidationError):
data = {"code": exc.status_code, 'message': exc.default_code, 'data': exc.detail}
elif isinstance(exc, exceptions.APIException):
# DRF异常处理
code = exc.status_code
if getattr(exc, 'auth_header', None):
headers['WWW-Authenticate'] = exc.auth_header
if getattr(exc, 'wait', None):
headers['Retry-After'] = '%d' % exc.wait
data = {"code": code, 'message': str(exc.detail), 'data': exc.detail}
elif isinstance(exc, BaseError):
# 自定义异常处理
data = {"code": exc.code, "message": exc.message}
else:
data = {"code": HTTP_500_INTERNAL_SERVER_ERROR, "message": "Internal Error", "data": getattr(exc, 'message', repr(exc))}
set_rollback()
if settings.DEBUG:
traceback.print_exc()
data.update(traceback=traceback.format_exc())
return Response(data, status=HTTP_200_OK, headers=headers)
def modify(self, request, pk=None):
xg_request = get_object_or_404(ShiftExchangeRequest, id=pk)
user = get_user_from_request(request)
if not isinstance(user,
Professor) or xg_request.shift.professor != user:
raise exceptions.PermissionDenied()
acceptance = request.query_params.get("acceptance", None)
if acceptance is not None:
acceptance = acceptance == "true"
xg_request.acceptance = acceptance
xg_request.save()
if acceptance:
enrolled_shifts = Shift.objects.filter(
subject=xg_request.shift.subject,
student=xg_request.student,
)
shift_ctype = LessonSpecification.objects.filter(
shift=xg_request.shift)[0].c_type
old_shift = None
for shift in enrolled_shifts:
_c_type = LessonSpecification.objects.filter(
shift=shift)[0].c_type
if _c_type == shift_ctype:
old_shift = shift
break
if old_shift is not None:
old_shift.student.remove(xg_request.student)
xg_request.shift.student.add(xg_request.student)
return Response(status=200)
def update(self, instance, validated_data):
user = self.context['request'].user
if self.partial:
allowed_fields = {'state', 'valid_from', 'valid_to'}
data = {
field: validated_data[field]
for field in allowed_fields if field in validated_data
}
if not data:
return instance
data['modified_by'] = user
# ignore other fields than state, valid_from and valid_to
# and do an actual update instead of a new version
new_function = super().update(instance, data)
new_function.create_metadata_version()
return new_function
if not user.has_perm(Function.CAN_EDIT):
raise exceptions.PermissionDenied(_('No permission to edit.'))
if instance.state in (Function.SENT_FOR_REVIEW,
Function.WAITING_FOR_APPROVAL):
raise exceptions.ValidationError(
_('Cannot edit while in state "sent_for_review" or "waiting_for_approval"'
))
if not validated_data.get('classification'):
validated_data['classification'] = instance.classification
validated_data['modified_by'] = user
new_function = self._create_new_version(validated_data)
new_function.create_metadata_version()
return new_function
def allow_access_user(current, user, raise_exception=True):
"""
Check current user can access user data
:param current: int user id or User object
:param user: int manager id or User object
:param raise_exception: set to True to raise exception
:return: boolean allowed or not
"""
return True
# TODO: change this logic, since user.manager_id has not set
allowed = False
if not isinstance(current, int):
user_id = current.manager_id
else:
user_id = current
if not isinstance(user, int):
manager_id = user.manager_id
else:
manager_id = user
if manager_id == user_id:
allowed = True
if not allowed and raise_exception:
raise exceptions.PermissionDenied()
return allowed
def new(self, request, *args, **kwargs):
"""
Create a brand new basket object
"""
self.process_request(with_basket=False)
basket_class = cached_load("SHUUP_BASKET_CLASS_SPEC")
basket = basket_class(request._request)
customer_id = request.POST.get("customer_id")
if not customer_id:
customer_id = request.data.get("customer_id")
if customer_id:
is_staff = (self.request.shop and self.request.user.is_staff and
self.request.user.pk in self.request.shop.staff_members.all().values_list("pk", flat=True))
is_superuser = self.request.user.is_superuser
if int(customer_id) in self._get_controlled_contacts_by_user(self.request.user) or is_superuser or is_staff:
basket.customer = Contact.objects.get(pk=int(customer_id))
else:
raise exceptions.PermissionDenied("No permission")
stored_basket = basket.save()
return Response(data={"uuid": "%s-%s" % (request.shop.pk, stored_basket.key)}, status=status.HTTP_201_CREATED)
def create_group(request):
id_institution = request.user.instit_id
id_matriz = search_matriz(id_institution)
user_id = request.user.id
if not verify_permission(8, user_id):
raise exceptions.PermissionDenied(
'Você não tem permissões para realizar esta operação.')
try:
group = ProdGrp(instit=id_matriz,
niv=1,
nv1=request.data.get('nv1'),
data=timezone.now())
group.save()
all_groups = ProdGrp.objects.filter(instit=id_matriz)
all_groups_serialized = GrupoProdutoSerializer(all_groups, many=True)
return Response(all_groups_serialized.data)
except:
raise exceptions.APIException(
'Não foi possível criar o grupo, tente novamente.')
def list(self, request, *args, **kwargs):
filter_qs = GuestPost.objects.order_by('created_at').reverse()
if request.GET.get('showUserPosts', False):
try:
filter_qs = filter_qs.filter(owner=self.request.user)
except:
raise exceptions.PermissionDenied('Not authorized!')
else:
filter_qs = filter_qs.filter(
is_active=True,
created_at__gte=datetime.now() -
timedelta(days=DAYS_TILL_POST_EXPIRATION))
queryset = self.filter_queryset(filter_qs)
try:
page = self.paginate_queryset(queryset)
except Exception as e:
raise exceptions.ParseError(
'Guest posts for requested pages could not be paginated.')
if page is not None:
serializer = self.get_serializer(page, many=True)
data = serializer.data
return self.get_paginated_response(data)
raise exceptions.NotFound(
'This page of guest postings could not be found.')
def get(self, request, version=None):
regions = Region.objects.all()
project = request.GET.get('project')
if project:
project = Project.objects.get(id=project)
if not project.can_get(request.user):
raise exceptions.PermissionDenied()
regions = regions.filter(project=project)
regions = regions.distinct()
result = {}
for region in regions:
result[str(region.id)] = [{
'label':
'{} / {}'.format(geo_area.admin_level.title, geo_area.title),
'title':
geo_area.title,
'key':
str(geo_area.id),
'admin_level':
geo_area.admin_level.level,
'admin_level_title':
geo_area.admin_level.title,
'region':
geo_area.admin_level.region.id,
'region_title':
geo_area.admin_level.region.title,
} for geo_area in GeoArea.objects.select_related(
'admin_level',
'admin_level__region',
).filter(admin_level__region=region).order_by(
'admin_level__level').distinct()]
return response.Response(result)
def customExceptionHandler(exc, context):
"""
重写rest_framework.views.exception_handler
"""
if isinstance(exc, Http404):
exc = exceptions.NotFound()
elif isinstance(exc, PermissionDenied):
exc = exceptions.PermissionDenied()
# 接口异常
if isinstance(exc, exceptions.APIException):
headers = {}
if getattr(exc, 'auth_header', None):
headers['WWW-Authenticate'] = exc.auth_header
if getattr(exc, 'wait', None):
headers['Retry-After'] = '%d' % exc.wait
if isinstance(exc.detail, (list, dict)):
if isinstance(exc.detail, list):
errors = exc.detail
else:
errors = {k: v[0] for k, v in exc.detail.items()}
else:
errors = exc.detail
set_rollback()
data = {'code': -1, 'msg': '失败', 'errors': errors, 'data': []}
return Response(data, status=exc.status_code, headers=headers)
# 如果是数据库异常
if isinstance(exc, DatabaseError):
errors = '数据库异常,请联系管理员'
data = {'code': -2, 'msg': '失败', 'errors': errors, 'data': []}
return Response(data)
return None
def authenticate(self, request):
ret = super(ShoutitPageAuthenticationMixin, self).authenticate(request)
if ret is None:
return ret
self.set_api_client(request, ret[1])
page_id_auth = get_authorization_header(request).split()
if not page_id_auth:
return ret
if len(page_id_auth) != 1:
msg = _('Invalid page id header. No credentials provided')
raise exceptions.AuthenticationFailed(msg)
try:
page_id = page_id_auth[0].decode()
uuid.UUID(page_id)
except (UnicodeError, ValueError):
raise exceptions.AuthenticationFailed(_('Invalid page id'))
try:
page = Page.objects.select_related('user').get(id=page_id)
except Page.DoesNotExist:
raise exceptions.AuthenticationFailed(_('Page does not exist'))
if not page.user.is_active:
raise exceptions.AuthenticationFailed(
_('Page inactive or deleted'))
if not page.is_admin(ret[0]):
raise exceptions.PermissionDenied(
_("You can't act as an admin of the provided page"))
setattr(request, '_user', page.user)
setattr(request, 'page_admin_user', ret[0])
return page.user, ret[1]
def inner_func(self, request, pk=None, **kwargs):
object = self.get_object()
transition_method = getattr(object, transition_name)
if can_proceed(transition_method, self.request.user):
# Perform the requested transition
if isinstance(self.request.user, User):
transition_method(by=self.request.user)
else:
transition_method()
if self.save_after_transition:
object.save()
else:
raise exceptions.PermissionDenied(
'User {user} cannot perform transition {transition} from {state}'
.format(user=self.request.user,
transition=transition_name,
state=getattr(
object,
transition_method._django_fsm.field.attname)))
serializer = self.get_serializer(object)
return Response(serializer.data)
def admin_edit(request, id):
user_id = request.user.id
if not verify_permission(132, user_id):
raise exceptions.PermissionDenied(
'Você não tem permissões para realizar esta operação.')
"""
FUNCTION FOR THE ADMINISTRATOR TO EDIT THE USER DATA OF THEIR RESPECTIVE INSTITUTION
"""
User = get_user_model()
username = request.data.get('username')
first_name = request.data.get('firstName')
last_name = request.data.get('lastName')
email = request.data.get('email')
acess = request.data.get('access')
idgrp_id = request.data.get('idGroupUser')
idpescod_id = request.data.get('idPerson')
try:
user = User.objects.get(pk=id)
user.first_name = first_name
user.last_name = last_name
user.email = email
user.username = username
user.idgrp_id = idgrp_id
user.idpescod_id = idpescod_id
user.acess = acess
user.save()
user_serialized = UsersSerializers(user)
return Response({
'detail': 'Os dados foram alterados com sucesso!',
'user': user_serialized.data
})
except:
raise exceptions.APIException
def register_superuser(request):
User = get_user_model()
user_id = request.user.id
if not verify_permission(15, user_id):
raise exceptions.PermissionDenied(
'Você não tem permissões para realizar esta operação.')
username = request.data.get('username')
password = request.data.get('password')
first_name = request.data.get('firstName')
last_name = request.data.get('lastName')
email = request.data.get('email')
person_id = request.data.get('idPerson')
institution_id = request.data.get('idInstitution')
group_id = request.data.get('idGroup')
active = request.data.get('active')
access = request.data.get('access')
response = Response()
try:
user = User.objects.create_superuser(username=username,
password=password,
first_name=first_name,
last_name=last_name,
email=email,
idpescod=person_id,
instit=institution_id,
idgrp=group_id,
ativo=active,
acess=access)
user.save()
serialized_user = UsersSerializers(user)
return Response({'user': serialized_user.data})
except:
raise exceptions.APIException('Não foi possível cadastrar o usuário')
def post(self, request, af_id, version=None):
if not AnalysisFramework.objects.filter(
id=af_id
).exists():
raise exceptions.NotFound()
analysis_framework = AnalysisFramework.objects.get(
id=af_id
)
if not analysis_framework.can_get(request.user):
raise exceptions.PermissionDenied()
new_af = analysis_framework.clone(
request.user,
request.data or {},
)
serializer = AnalysisFrameworkSerializer(
new_af,
context={'request': request},
)
project = request.data.get('project')
if project:
project = Project.objects.get(id=project)
if not project.can_modify(request.user):
raise exceptions.ValidationError({
'project': 'Invalid project',
})
project.analysis_framework = new_af
project.modified_by = request.user
project.save()
return response.Response(
serializer.data,
status=status.HTTP_201_CREATED,
)
def delete(self, request, *args, **kwargs):
"""
Deletes a private topic to which the authenticated member participates.
---
parameters:
- name: Authorization
description: Bearer token to make an authenticated request.
required: true
paramType: header
- name: pk
description: To remove several private topics, specify this parameter several times.
required: true
paramType: form
responseMessages:
- code: 401
message: Not Authenticated
"""
topics = self.get_queryset()
if topics.count() == 0:
raise exceptions.PermissionDenied()
for topic in topics:
self.perform_destroy(topic)
return Response(status=status.HTTP_204_NO_CONTENT)
def add(self, request, pk=None):
unsrz = AddStockItemSerializer(data=request.data)
unsrz.is_valid(raise_exception=True)
stockitem = unsrz.validated_data['stockitem']
unit_factor = unsrz.validated_data['unit_factor']
try:
sellitem = SellItem.objects.get(pk=pk)
except SellItem.DoesNotExist:
raise Http404('SellItem (id=%d) does not exist' % pk)
if sellitem.bar != request.bar or stockitem.bar != sellitem.bar or stockitem.bar != request.bar:
raise exceptions.PermissionDenied('Cannot operate across bars')
old_sellitem = stockitem.sellitem
stockitem.sellitem = sellitem
stockitem.unit_factor *= unit_factor
stockitem.save()
if old_sellitem.stockitems.count() == 0:
old_sellitem.delete()
srz = SellItemSerializer(sellitem)
return Response(srz.data, 200)
def get_leads(self, request, pk=None, version=None):
connector = self.get_object()
if not connector.can_get(request.user):
raise exceptions.PermissionDenied()
project_id = request.data.pop('project', None)
project = project_id and Project.objects.get(id=project_id)
offset = request.data.pop('offset', None)
limit = request.data.pop('limit', None)
params = {
**(connector.params or {}),
**(request.data or {}),
}
source = source_store[connector.source]()
data, count = source.fetch(params, offset, limit)
serializer = SourceDataSerializer(
data,
many=True,
context={
'request': request,
'project': project
},
)
results = serializer.data
return response.Response({
'count':
count,
'count_per_page':
getattr(source, 'count_per_page', None),
'results':
results
})
def create(self, request, *args, **kwargs):
"""Create a resource."""
collections = request.data.get('collections', [])
# check that user has permissions on all collections that Data
# object will be added to
for collection_id in collections:
try:
collection = Collection.objects.get(pk=collection_id)
except Collection.DoesNotExist:
return Response(
{
'collections': [
'Invalid pk "{}" - object does not exist.'.format(
collection_id)
]
},
status=status.HTTP_400_BAD_REQUEST)
if not request.user.has_perm('add_collection', obj=collection):
if request.user.has_perm('view_collection', obj=collection):
raise exceptions.PermissionDenied(
"You don't have `ADD` permission on collection (id: {})."
.format(collection_id))
else:
raise exceptions.NotFound(
"Collection not found (id: {}).".format(collection_id))
self.define_contributor(request)
if kwargs.pop('get_or_create', False):
response = self.perform_get_or_create(request, *args, **kwargs)
if response:
return response
return super().create(request, *args, **kwargs)
def validate(self, attrs):
attrs = super(AllocationSerializer, self).validate(attrs)
# Skip validation on update
if self.instance:
return attrs
correct_name_regex = '^([%s]{1,63})$' % models.SLURM_ALLOCATION_REGEX
name = attrs.get('name')
if not re.match(correct_name_regex, name):
raise core_serializers.ValidationError(
_(
"Name '%s' must be 1-63 characters long, each of "
"which can only be alphanumeric or a hyphen"
)
% name
)
spl = attrs['service_project_link']
user = self.context['request'].user
if not _has_owner_access(user, spl.project.customer):
raise rf_exceptions.PermissionDenied(
_('You do not have permissions to create allocation for given project.')
)
return attrs
def get(self, request, format=None):
if not self.request.user.is_staff and not request.user.is_support:
raise exceptions.PermissionDenied()
customers = structure_models.Customer.objects.all()
customers = structure_filters.AccountingStartDateFilter(
).filter_queryset(request, customers, self)
name = request.query_params.get('name', '')
if name:
customers = customers.filter(name__icontains=name)
year, month = invoice_utils.parse_period(request.query_params)
invoices = invoices_models.Invoice.objects.filter(
customer__in=customers)
invoices = invoices.filter(year=year, month=month)
total = sum(invoice.total for invoice in invoices)
price = sum(invoice.price for invoice in invoices)
return response.Response({
'total': total,
'price': price
},
status=status.HTTP_200_OK)
def clone(self, request, *args, **kwargs):
self.object = self.get_object()
data = {'xform': self.object.pk, 'username': request.data['username']}
serializer = CloneXFormSerializer(data=data)
if serializer.is_valid():
clone_to_user = User.objects.get(username=data['username'])
if not request.user.has_perm(
'can_add_xform',
UserProfile.objects.get_or_create(user=clone_to_user)[0]):
raise exceptions.PermissionDenied(
detail=_(u"User %(user)s has no permission to add "
"xforms to account %(account)s" % {
'user': request.user.username,
'account': data['username']
}))
xform = serializer.save()
serializer = XFormSerializer(xform.cloned_form,
context={'request': request})
return Response(data=serializer.data,
status=status.HTTP_201_CREATED)
return Response(data=serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
def common_exception_handler(exc, context):
if isinstance(exc, Http404):
exc = JMSObjectDoesNotExist(object_name=extract_object_name(exc, 1))
elif isinstance(exc, PermissionDenied):
exc = exceptions.PermissionDenied()
elif isinstance(exc, DJObjectDoesNotExist):
exc = JMSObjectDoesNotExist(object_name=extract_object_name(exc, 0))
if isinstance(exc, exceptions.APIException):
headers = {}
if getattr(exc, 'auth_header', None):
headers['WWW-Authenticate'] = exc.auth_header
if getattr(exc, 'wait', None):
headers['Retry-After'] = '%d' % exc.wait
if isinstance(exc.detail, (list, dict)):
data = exc.detail
else:
data = {'detail': exc.detail}
set_rollback()
return Response(data, status=exc.status_code, headers=headers)
return None
