def to_internal_value(self, data):
request = self.context['request']
if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(request):
id_field = getattr(self.root.instance, self.source, '_id')
if id_field != data:
raise Conflict()
return super(IDField, self).to_internal_value(data)
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
auth = get_user_auth(self.request)
registrations = Registration.objects.filter(guids___id__in=[
registration['id'] for registration in self.request.data
])
# If skip_uneditable=True in query_params, skip nodes for which the user
# does not have EDIT permissions.
if is_truthy(
self.request.query_params.get('skip_uneditable', False)):
return Registration.objects.get_nodes_for_user(
auth.user, WRITE_NODE, registrations)
for registration in registrations:
if not registration.can_edit(auth):
raise PermissionDenied
return registrations
blacklisted = self.is_blacklisted()
registrations = self.get_queryset_from_request()
# If attempting to filter on a blacklisted field, exclude withdrawals.
if blacklisted:
registrations = registrations.exclude(retraction__isnull=False)
return registrations.select_related(
'root',
'root__embargo',
'root__embargo_termination_approval',
'root__retraction',
'root__registration_approval',
)
def parse(self, stream, media_type=None, parser_context=None):
"""
Parses the incoming bytestream as JSON and returns the resulting data.
"""
result = super(JSONAPIParser, self).parse(stream, media_type=media_type, parser_context=parser_context)
if not isinstance(result, dict):
raise ParseError()
data = result.get('data', {})
if data:
if is_bulk_request(parser_context['request']):
if not isinstance(data, list):
raise ParseError('Expected a list of items but got type "dict".')
data_collection = []
data_collection.extend([self.flatten_data(data_object, parser_context, is_list=True) for data_object in data])
return data_collection
else:
if not isinstance(data, collections.Mapping):
raise ParseError('Expected a dictionary of items.')
return self.flatten_data(data, parser_context, is_list=False)
else:
raise JSONAPIException(source={'pointer': '/data'}, detail=NO_DATA_ERROR)
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
auth = get_user_auth(self.request)
registrations = Registration.objects.filter(guids___id__in=[
registration['id'] for registration in self.request.data
])
# If skip_uneditable=True in query_params, skip nodes for which the user
# does not have EDIT permissions.
if is_truthy(
self.request.query_params.get('skip_uneditable', False)):
has_permission = registrations.filter(
contributor__user_id=auth.user.id,
contributor__write=True).values_list('guids___id',
flat=True)
return Registration.objects.filter(
guids___id__in=has_permission)
for registration in registrations:
if not registration.can_edit(auth):
raise PermissionDenied
return registrations
blacklisted = self.is_blacklisted()
registrations = self.get_queryset_from_request()
# If attempting to filter on a blacklisted field, exclude withdrawals.
if blacklisted:
return registrations.exclude(retraction__isnull=False)
return registrations
def parse(self, stream, media_type=None, parser_context=None):
"""
Parses the incoming bytestream as JSON and returns the resulting data.
"""
result = super(JSONAPIParser, self).parse(stream, media_type=media_type, parser_context=parser_context)
if not isinstance(result, dict):
raise ParseError()
data = result.get('data', {})
if data:
if is_bulk_request(parser_context['request']):
if not isinstance(data, list):
raise ParseError('Expected a list of items but got type "dict".')
data_collection = []
data_collection.extend([self.flatten_data(data_object, parser_context, is_list=True) for data_object in data])
return data_collection
else:
if not isinstance(data, collections.Mapping):
raise ParseError('Expected a dictionary of items.')
return self.flatten_data(data, parser_context, is_list=False)
else:
raise JSONAPIException(source={'pointer': '/data'}, detail=NO_DATA_ERROR)
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
auth = get_user_auth(self.request)
registrations = Registration.objects.filter(guids___id__in=[registration['id'] for registration in self.request.data])
# If skip_uneditable=True in query_params, skip nodes for which the user
# does not have EDIT permissions.
if is_truthy(self.request.query_params.get('skip_uneditable', False)):
has_permission = registrations.filter(contributor__user_id=auth.user.id, contributor__write=True).values_list('guids___id', flat=True)
return Registration.objects.filter(guids___id__in=has_permission)
for registration in registrations:
if not registration.can_edit(auth):
raise PermissionDenied
return registrations
blacklisted = self.is_blacklisted()
registrations = self.get_queryset_from_request()
# If attempting to filter on a blacklisted field, exclude withdrawals.
if blacklisted:
registrations = registrations.exclude(retraction__isnull=False)
return registrations.select_related(
'root',
'root__embargo',
'root__embargo_termination_approval',
'root__retraction',
'root__registration_approval',
)
def to_internal_value(self, data):
request = self.context.get('request')
if request:
if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(request):
id_field = getattr(self.root.instance, self.source, '_id')
if id_field != data:
raise Conflict(detail=('The id you used in the URL, "{}", does not match the id you used in the json body\'s id field, "{}". The object "{}" exists, otherwise you\'d get a 404, so most likely you need to change the id field to match.'.format(id_field, data, id_field)))
return super(IDField, self).to_internal_value(data)
def to_internal_value(self, data):
request = self.context['request']
if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(
request):
id_field = getattr(self.root.instance, self.source, '_id')
if id_field != data:
raise Conflict()
return super(IDField, self).to_internal_value(data)
def to_internal_value(self, data):
request = self.context.get('request')
if request:
if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(request):
id_field = self.get_id(self.root.instance)
if id_field != data:
raise Conflict(detail=('The id you used in the URL, "{}", does not match the id you used in the json body\'s id field, "{}". The object "{}" exists, otherwise you\'d get a 404, so most likely you need to change the id field to match.'.format(id_field, data, id_field)))
return super(IDField, self).to_internal_value(data)
def get_serializer(self, *args, **kwargs):
"""
Adds many=True to serializer if bulk operation.
"""
if is_bulk_request(self.request):
kwargs['many'] = True
return super(ListBulkCreateJSONAPIView, self).get_serializer(*args, **kwargs)
def get_serializer(self, *args, **kwargs):
"""
Adds many=True to serializer if bulk operation.
"""
if is_bulk_request(self.request):
kwargs['many'] = True
return super(ListBulkCreateJSONAPIView, self).get_serializer(*args, **kwargs)
def create(self, request, *args, **kwargs):
"""
Correctly formats both bulk and single POST response
"""
if is_bulk_request(request):
if not request.data:
raise ValidationError('Request must contain array of resource identifier objects.')
response = super(ListBulkCreateJSONAPIView, self).create(request, *args, **kwargs)
if 'data' not in response.data:
response.data = {'data': response.data}
return response
def create(self, request, *args, **kwargs):
"""
Correctly formats both bulk and single POST response
"""
if is_bulk_request(request):
if not request.data:
raise ValidationError('Request must contain array of resource identifier objects.')
response = super(ListBulkCreateJSONAPIView, self).create(request, *args, **kwargs)
if 'data' not in response.data:
response.data = {'data': response.data}
return response
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
auth = get_user_auth(self.request)
collection_ids = [coll['id'] for coll in self.request.data]
collections = Collection.objects.filter(guids___id__in=collection_ids)
for collection in collections:
if not collection.can_edit(auth):
raise PermissionDenied
return collections
else:
return self.get_queryset_from_request()
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
auth = get_user_auth(self.request)
collection_ids = [coll['id'] for coll in self.request.data]
collections = Collection.objects.filter(guids___id__in=collection_ids)
checker = ObjectPermissionChecker(auth.user)
for collection in collections:
if not checker.has_perm('write_collection', collection):
raise PermissionDenied
return collections
else:
return self.get_queryset_from_request()
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
auth = get_user_auth(self.request)
collection_ids = [coll['id'] for coll in self.request.data]
collections = Collection.objects.filter(guids___id__in=collection_ids)
checker = ObjectPermissionChecker(auth.user)
for collection in collections:
if not checker.has_perm('write_collection', collection):
raise PermissionDenied
return collections
else:
return self.get_queryset_from_request()
def get_queryset(self):
queryset = self.get_queryset_from_request()
# If bulk request, queryset only contains contributors in request
if is_bulk_request(self.request):
contrib_ids = []
for item in self.request.data:
try:
contrib_ids.append(item['id'].split('-')[1])
except AttributeError:
raise ValidationError('Contributor identifier not provided.')
except IndexError:
raise ValidationError('Contributor identifier incorrectly formatted.')
queryset[:] = [contrib for contrib in queryset if contrib._id in contrib_ids]
return queryset
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
query = Q('_id', 'in', [coll['id'] for coll in self.request.data])
auth = get_user_auth(self.request)
collections = Collection.find(query)
for collection in collections:
if not collection.can_edit(auth):
raise PermissionDenied
return collections
else:
query = self.get_query_from_request()
return Collection.find(query)
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
query = Q("_id", "in", [node["id"] for node in self.request.data])
auth = get_user_auth(self.request)
nodes = Node.find(query)
for node in nodes:
if not node.can_edit(auth):
raise PermissionDenied
return nodes
else:
query = self.get_query_from_request()
return Node.find(query)
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
query = Q('_id', 'in', [coll['id'] for coll in self.request.data])
auth = get_user_auth(self.request)
collections = Collection.find(query)
for collection in collections:
if not collection.can_edit(auth):
raise PermissionDenied
return collections
else:
query = self.get_query_from_request()
return Collection.find(query)
def get_queryset(self):
queryset = self.get_queryset_from_request()
# If bulk request, queryset only contains contributors in request
if is_bulk_request(self.request):
contrib_ids = []
for item in self.request.data:
try:
contrib_ids.append(item['id'].split('-')[1])
except AttributeError:
raise ValidationError('Contributor identifier not provided.')
except IndexError:
raise ValidationError('Contributor identifier incorrectly formatted.')
queryset[:] = [contrib for contrib in queryset if contrib._id in contrib_ids]
return queryset
def get_queryset(self):
# For bulk requests, queryset is formed from request body.
if is_bulk_request(self.request):
query = Q('_id', 'in', [node['id'] for node in self.request.data])
auth = get_user_auth(self.request)
nodes = Node.find(query)
for node in nodes:
if not node.can_edit(auth):
raise PermissionDenied
return nodes
else:
query = self.get_query_from_request()
return Node.find(query)
def get_queryset(self):
queryset = self.get_queryset_from_request()
if is_bulk_request(self.request):
user_ids = []
for user in self.request.data:
try:
user_id = user['id'].split('-')[1]
except AttributeError:
raise ValidationError('Member identifier not provided.')
except IndexError:
raise ValidationError(
'Member identifier incorrectly formatted.')
else:
user_ids.append(user_id)
queryset = queryset.filter(guids___id__in=user_ids)
return queryset
