def meter_en_la_lista_negra(self, request, motivo): if not es_admin(request.user): raise ImmediateHttpResponse(HttpUnauthorized()) try: modelo = self._meta.object_class.objects.get(pk=request.api['pk']) ElementoDeLaListaNegra.objects.create(modelo=modelo, motivo=motivo) return self.create_response(request, {}, HttpOK) except Exception: raise ImmediateHttpResponse(HttpBadRequest())
def quitar_de_la_lista_negra(self, request, motivo): if not es_admin(request.user): raise ImmediateHttpResponse(HttpUnauthorized()) try: modelo = self._meta.object_class.objects.get(pk=request.api['pk']) modelo.entrada_en_la_lista_negra.all().delete() return self.create_response(request, {}, HttpOK) except Exception: raise ImmediateHttpResponse(HttpBadRequest())
def descartar_denuncias(self, request): if not es_admin(request.user): raise ImmediateHttpResponse(HttpUnauthorized()) try: modelo = self._meta.object_class.objects.get(pk=request.api['pk']) modelo.denuncias.filter(estado='pendiente').update(estado='desestimada') return self.create_response(request, {}, HttpOK) except Exception: raise ImmediateHttpResponse(HttpBadRequest())
def read_list(self, object_list, bundle): # El administrador puede ver cualquier denuncia. Un denunciante puede ver solo las que ha emitido if es_admin(bundle.request.user): return object_list else: allowed = [] for obj in object_list: if resolver_usuario(bundle.obj.denunciante) == bundle.request.user: allowed.append(obj) return allowed
def read_list(self, object_list, bundle): # Un administrador puede ver todas las congelaciones; Un usuario solo las que le afectan if es_admin(bundle.request.user): return object_list else: allowed = [] for obj in object_list: if (resolver_usuario(bundle.obj.modelo) == bundle.request.user): allowed.append(obj) return allowed
def update_detail(self, object_list, bundle): # Solo los administradores pueden modificar denuncias (para cambiar el estado) return es_admin(bundle.request.user)
def read_detail(self, object_list, bundle): return es_admin(bundle.request.user) or resolver_usuario(bundle.obj.denunciante) == bundle.request.user
def read_list(self, object_list, bundle): if es_admin(bundle.request.user): return object_list else: raise Unauthorized()
def delete_detail(self, object_list, bundle): return es_admin(bundle.request.user)
def delete_list(self, object_list, bundle): return object_list if es_admin(bundle.request.user) else []
def update_detail(self, object_list, bundle): # Solo los administradores pueden modificar el estado de las congelaciones return es_admin(bundle.request.user)
def create_list(self, object_list, bundle): # Solo los administradores pueden crear congelaciones if es_admin(bundle.request.user): return object_list else: raise Unauthorized()
def read_detail(self, object_list, bundle): return es_admin(bundle.request.user) or (resolver_usuario(bundle.obj.modelo) == bundle.request.user)
def rechazar(self, request): if not es_admin(request.user): raise ImmediateHttpResponse(HttpUnauthorized()) self._meta.object_class.objects.get(pk=request.api['pk']).rechazar() return self.create_response(request, {}, HttpOK)