Exemple #1
0
 def meter_en_la_lista_negra(self, request, motivo):
     if not es_admin(request.user):
         raise ImmediateHttpResponse(HttpUnauthorized())
     try:
         modelo = self._meta.object_class.objects.get(pk=request.api['pk'])
         ElementoDeLaListaNegra.objects.create(modelo=modelo, motivo=motivo)
         return self.create_response(request, {}, HttpOK)
     except Exception:
         raise ImmediateHttpResponse(HttpBadRequest())
Exemple #2
0
 def quitar_de_la_lista_negra(self, request, motivo):
     if not es_admin(request.user):
         raise ImmediateHttpResponse(HttpUnauthorized())
     try:
         modelo = self._meta.object_class.objects.get(pk=request.api['pk'])
         modelo.entrada_en_la_lista_negra.all().delete()
         return self.create_response(request, {}, HttpOK)
     except Exception:
         raise ImmediateHttpResponse(HttpBadRequest())
Exemple #3
0
 def descartar_denuncias(self, request):
     if not es_admin(request.user):
         raise ImmediateHttpResponse(HttpUnauthorized())
     try:
         modelo = self._meta.object_class.objects.get(pk=request.api['pk'])
         modelo.denuncias.filter(estado='pendiente').update(estado='desestimada')
         return self.create_response(request, {}, HttpOK)
     except Exception:
         raise ImmediateHttpResponse(HttpBadRequest())
Exemple #4
0
 def read_list(self, object_list, bundle):
     # El administrador puede ver cualquier denuncia. Un denunciante puede ver solo las que ha emitido
     if es_admin(bundle.request.user):
         return object_list
     else:
         allowed = []
         for obj in object_list:
             if resolver_usuario(bundle.obj.denunciante) == bundle.request.user:
                 allowed.append(obj)
         return allowed
Exemple #5
0
 def read_list(self, object_list, bundle):
     # Un administrador puede ver todas las congelaciones; Un usuario solo las que le afectan
     if es_admin(bundle.request.user):
         return object_list
     else:
         allowed = []
         for obj in object_list:
             if (resolver_usuario(bundle.obj.modelo) == bundle.request.user):
                 allowed.append(obj)
         return allowed
Exemple #6
0
 def update_detail(self, object_list, bundle):
     # Solo los administradores pueden modificar denuncias (para cambiar el estado)
     return es_admin(bundle.request.user)
Exemple #7
0
 def read_detail(self, object_list, bundle):
     return es_admin(bundle.request.user) or resolver_usuario(bundle.obj.denunciante) == bundle.request.user
Exemple #8
0
 def read_list(self, object_list, bundle):
     if es_admin(bundle.request.user):
         return object_list
     else:
         raise Unauthorized()
Exemple #9
0
 def delete_detail(self, object_list, bundle):
     return es_admin(bundle.request.user)
Exemple #10
0
 def delete_list(self, object_list, bundle):
     return object_list if es_admin(bundle.request.user) else []
Exemple #11
0
 def update_detail(self, object_list, bundle):
     # Solo los administradores pueden modificar el estado de las congelaciones
     return es_admin(bundle.request.user)
Exemple #12
0
 def create_list(self, object_list, bundle):
     # Solo los administradores pueden crear congelaciones
     if es_admin(bundle.request.user):
         return object_list
     else:
         raise Unauthorized()
Exemple #13
0
 def read_detail(self, object_list, bundle):
     return es_admin(bundle.request.user) or (resolver_usuario(bundle.obj.modelo) == bundle.request.user)
Exemple #14
0
    def rechazar(self, request):
        if not es_admin(request.user):
            raise ImmediateHttpResponse(HttpUnauthorized())

        self._meta.object_class.objects.get(pk=request.api['pk']).rechazar()
        return self.create_response(request, {}, HttpOK)