def create(self, data): request = self.context['request'] bar = request.bar if bar is None: raise Http404() if request.user.has_perm('bars_transactions.add_' + data["type"] + 'transaction', bar): fields = Transaction._meta.get_all_field_names() attrs = {k: v for k, v in data.items() if k in fields} t = Transaction(**attrs) t.author = request.user t.bar = bar t.save() return t else: raise exceptions.PermissionDenied()