def put(self, request, pk, format=None): card = self.get_object(pk) # User must be able to edit the containing deck if deck_edit_forbidden(card.deck, request.user): return Response(status=status.HTTP_403_FORBIDDEN) if u"deck" in request.data: del request.data[u"deck"] serializer = CardSerializer(card, data=request.data) if serializer.is_valid(): serializer.save() return Response(serializer.data) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def create_card(request): """ # Request format: ## /api/cards # Methods supported: ## post * Create a new card given request information, request must have 'deck' field in JSON with integer id referring to the deck that the card will be added to * The card will only be created if the user has edit permissions to the given deck """ print "Entered this piece of shit!" # Card must have deck if u'deck' not in request.data: return Response(status=status.HTTP_400_BAD_REQUEST) print request.data deck_id = request.data[u'deck'] # Attempt to fetch the deck try: deck = Deck.objects.get(pk=deck_id) except Deck.DoesNotExist: raise Http404 # Ensure that the user has edit permissions for the deck if deck_edit_forbidden(deck, request.user): print "Failed here!" print "User: " print deck.created_by.id print request.user.id return Response(status=status.HTTP_403_FORBIDDEN) # Now create the card serializer = CardSerializer(data=request.data) if serializer.is_valid(): serializer.save(deck=deck) return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, pk, format=None): card = self.get_object(pk) # User must be able to view the containing deck if deck_view_forbidden(card.deck, request.user): return Response(status=status.HTTP_403_FORBIDDEN) serializer = CardSerializer(card) return Response(serializer.data)