def update(self, request, *args, **kwargs): """ Update object """ try: self.require_data(request) org_key = get_org_key_from_request(request) user_key = get_user_key_from_request(request) with reversion.create_revision(): if request.user and request.user.is_authenticated: reversion.set_user(request.user) if org_key: reversion.set_comment(f"API-key: {org_key.prefix}") if user_key: reversion.set_comment(f"API-key: {user_key.prefix}") r = super().update(request, *args, **kwargs) if "_grainy" in r.data: del r.data["_grainy"] return r except PermissionDenied as inst: return Response(status=status.HTTP_403_FORBIDDEN) except TypeError as inst: return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": str(inst)}) except ValueError as inst: return Response(status=status.HTTP_400_BAD_REQUEST, data={"detail": str(inst)}) finally: self.get_serializer().finalize_update(request)
def destroy(self, request, pk, format=None): """ Delete object """ try: try: obj = self.model.objects.get(pk=pk) except ValueError: return Response(status=status.HTTP_400_BAD_REQUEST, data={"extra": "Invalid id"}) except self.model.DoesNotExist: return Response(status=status.HTTP_204_NO_CONTENT) user_key = get_user_key_from_request(request) org_key = get_org_key_from_request(request) if check_permissions_from_request(request, obj, "d"): with reversion.create_revision(): if request.user and request.user.is_authenticated: reversion.set_user(request.user) if org_key: reversion.set_comment(f"API-key: {org_key.prefix}") if user_key: reversion.set_comment(f"API-key: {user_key.prefix}") obj.delete() return Response(status=status.HTTP_204_NO_CONTENT) else: return Response(status=status.HTTP_403_FORBIDDEN) except ProtectedAction as exc: exc_message = f"{exc} - " + _( "Please contact {} to help with the deletion of this object" ).format(settings.DEFAULT_FROM_EMAIL) ticket_queue_deletion_prevented(request, exc.protected_object) return Response(status=status.HTTP_403_FORBIDDEN, data={"detail": exc_message}) finally: self.get_serializer().finalize_delete(request)