def create(self, validated_data): user = validated_data['user'] contact_user_id = validated_data['contact_user_id'] try: contact_user = User.objects.get(pk=validated_data['contact_user_id']) except User.DoesNotExist: raise exceptions.FamilySpaceException(**errorcodes.ERR_USER_NOT_FOUND) if UserContactList.objects.filter(user=user, contact_user=contact_user_id): raise exceptions.FamilySpaceException(**errorcodes.ERR_USER_ALREADY_IN_CONTACT_LIST) return super().create(validated_data)
def create(self, validated_data): # проверяю права пользователя на добавление участника группы if not (GroupUser.objects.filter(user=self.context['request'].user, group=validated_data['group_id'], role=RoleChoice.ADM.name)): raise exceptions.FamilySpaceException( **errorcodes.ERR_NO_RIGHTS_FOR_ACTION) # проверяю есть ли уже пользователь в группе if GroupUser.objects.filter(user=validated_data['user_id'], group=validated_data['group_id']): raise exceptions.FamilySpaceException( **errorcodes.ERR_USER_ALREADY_IN_GROUP) return super().create(validated_data)
def perform_destroy(self, instance): # проверка наличия прав if not GroupUser.objects.filter(user=self.request.user, group=instance.group_id, role=RoleChoice.ADM.name): raise exceptions.FamilySpaceException(**errorcodes.ERR_NO_RIGHTS_FOR_ACTION) super().perform_destroy(instance)
def update(self, instance, validated_data): # проверяю права пользователя на изменение прав участника группы if not (GroupUser.objects.filter(user=self.context['request'].user, group=instance.group, role=RoleChoice.ADM.name)): raise exceptions.FamilySpaceException( **errorcodes.ERR_NO_RIGHTS_FOR_ACTION) return super().update(instance, validated_data)
def permission_denied(self, request, message=None): if not request.successful_authenticator: raise exceptions.FamilySpaceException(**errorcodes.ERR_WRONG_TOKEN) super().permission_denied(request, message=None)
def permission_denied(self, request, message=None): if not request.successful_authenticator: raise exceptions.FamilySpaceException(**errorcodes.ERR_WRONG_TOKEN) if not request.user.is_staff: raise exceptions.FamilySpaceException(**errorcodes.ERR_NO_RIGHTS_FOR_ACTION) super().permission_denied(request, message=None)