def post(self, request, format=None):
ser = self.serializer_class(data=request.data)
if ser.is_valid():
anonymous_basket = operations.get_anonymous_basket(request)
user = ser.instance
# refuse to login logged in users, to avoid attaching sessions to
# multiple users at the same time.
if request.user.is_authenticated:
return Response(
{'detail': 'Session is in use, log out first'},
status=status.HTTP_405_METHOD_NOT_ALLOWED)
request.user = user
login_and_upgrade_session(request._request, user)
# merge anonymous basket with authenticated basket.
basket = operations.get_user_basket(user)
if anonymous_basket is not None:
self.merge_baskets(anonymous_basket, basket)
operations.store_basket_in_session(basket, request.session)
return Response("")
return Response(ser.errors, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request, format=None):
ser = serializers.LoginSerializer(data=request.data)
if ser.is_valid():
anonymous_basket = operations.get_anonymous_basket(request)
user = ser.object
# refuse to login logged in users, to avoid attaching sessions to
# multiple users at the same time.
if request.user.is_authenticated():
return Response(
{'detail': 'Session is in use, log out first'},
status=status.HTTP_405_METHOD_NOT_ALLOWED)
request.user = user
login_and_upgrade_session(request._request, user)
# merge anonymous basket with authenticated basket.
basket = operations.get_user_basket(user)
if anonymous_basket is not None:
self.merge_baskets(anonymous_basket, basket)
operations.store_basket_in_session(basket, request.session)
return Response()
return Response(ser.errors, status=status.HTTP_401_UNAUTHORIZED)
def get_queryset(self):
qs = super(BasketList, self).get_queryset()
if self.request.user.is_authenticated:
qs = qs.filter(owner=self.request.user)
mapped_with_baskets = list(
map(
functools.partial(assign_basket_strategy,
request=self.request), qs))
else: # anonymous users have max 1 basket.
basket = get_anonymous_basket(self.request)
mapped_with_baskets = [prepare_basket(basket, self.request)]
return QuerySetList(mapped_with_baskets, qs)
def delete(self, request, format=None):
"""
Destroy the session.
for anonymous users that means having their basket destroyed as well,
because there is no way to reach it otherwise.
"""
request = request._request
if request.user.is_anonymous:
basket = operations.get_anonymous_basket(request)
if basket:
operations.flush_and_delete_basket(basket)
request.session.clear()
request.session.delete()
request.session = None
return Response("")
def delete(self, request, format=None):
"""
Destroy the session.
for anonymous users that means having their basket destroyed as well,
because there is no way to reach it otherwise.
"""
request = request._request
if request.user.is_anonymous():
basket = operations.get_anonymous_basket(request)
if basket:
operations.flush_and_delete_basket(basket)
request.session.clear()
request.session.delete()
request.session = None
return Response()