Example #1
0
    def update(self, request, *args, **kwargs):
        """
        Update object
        """
        try:
            self.require_data(request)

            org_key = get_org_key_from_request(request)
            user_key = get_user_key_from_request(request)

            with reversion.create_revision():
                if request.user and request.user.is_authenticated:
                    reversion.set_user(request.user)
                if org_key:
                    reversion.set_comment(f"API-key: {org_key.prefix}")
                if user_key:
                    reversion.set_comment(f"API-key: {user_key.prefix}")

                r = super().update(request, *args, **kwargs)
                if "_grainy" in r.data:
                    del r.data["_grainy"]
                return r

        except PermissionDenied as inst:
            return Response(status=status.HTTP_403_FORBIDDEN)
        except TypeError as inst:
            return Response(status=status.HTTP_400_BAD_REQUEST,
                            data={"detail": str(inst)})
        except ValueError as inst:
            return Response(status=status.HTTP_400_BAD_REQUEST,
                            data={"detail": str(inst)})
        finally:
            self.get_serializer().finalize_update(request)
Example #2
0
    def destroy(self, request, pk, format=None):
        """
        Delete object
        """
        try:
            try:
                obj = self.model.objects.get(pk=pk)
            except ValueError:
                return Response(status=status.HTTP_400_BAD_REQUEST,
                                data={"extra": "Invalid id"})
            except self.model.DoesNotExist:
                return Response(status=status.HTTP_204_NO_CONTENT)

            user_key = get_user_key_from_request(request)
            org_key = get_org_key_from_request(request)
            if check_permissions_from_request(request, obj, "d"):
                with reversion.create_revision():
                    if request.user and request.user.is_authenticated:
                        reversion.set_user(request.user)
                    if org_key:
                        reversion.set_comment(f"API-key: {org_key.prefix}")
                    if user_key:
                        reversion.set_comment(f"API-key: {user_key.prefix}")
                    obj.delete()
                return Response(status=status.HTTP_204_NO_CONTENT)
            else:
                return Response(status=status.HTTP_403_FORBIDDEN)
        except ProtectedAction as exc:
            exc_message = f"{exc} - " + _(
                "Please contact {} to help with the deletion of this object"
            ).format(settings.DEFAULT_FROM_EMAIL)

            ticket_queue_deletion_prevented(request, exc.protected_object)

            return Response(status=status.HTTP_403_FORBIDDEN,
                            data={"detail": exc_message})
        finally:
            self.get_serializer().finalize_delete(request)