def create(self, validated_data):
request = self.context.get('request')
# If a Server Admin declares another user as creator, set it to that other user. Otherwise, use request.user
user = validated_data.pop('cached_creator', None)
if user:
validated_data['created_by'] = user
potential_email = validated_data['email']
if validated_data.get('badgrapp') is None:
validated_data['badgrapp'] = BadgrApp.objects.get_current(request)
# Server admins are exempt from email verification requirement. They will enforce it themselves.
if not request_authenticated_with_server_admin_token(
request) and not validated_data[
'created_by'].is_email_verified(potential_email):
raise serializers.ValidationError(
"Issuer email must be one of your verified addresses. Add this email to your profile and try again."
)
staff = validated_data.pop('staff_items', [])
new_issuer = super(IssuerSerializerV2, self).create(validated_data)
# update staff after issuer is created
new_issuer.staff_items = staff
return new_issuer
def validate(self, data):
if data.get('badgrapp'
) and not request_authenticated_with_server_admin_token(
self.context.get('request')):
data.pop('badgrapp')
return data
def validate_createdBy(self, val):
if not request_authenticated_with_server_admin_token(
self.context.get('request')):
return None
return val
