def create(self, request, *args, **kwargs): if self.request.data.get('about_type') == "mission": mission = Mission.get(self.kwargs[self.lookup_field]) quest = Quest.get(mission.owner_username) if quest is None: return Response( { "status_code": status.HTTP_404_NOT_FOUND, "detail": "Sorry we couldn't find the Quest you were " "attempting to create an update for." }, status=status.HTTP_404_NOT_FOUND) if quest.owner_username == request.user.username: return super(UpdateListCreate, self).create(request, *args, **kwargs) if request.user.username not in \ Quest.get_quest_helpers(self.kwargs[self.lookup_field]): return Response( { "status_code": status.HTTP_403_FORBIDDEN, "detail": "You are not authorized to access " "this page." }, status=status.HTTP_403_FORBIDDEN) return super(UpdateListCreate, self).create(request, *args, **kwargs)
def test_get_quest_helpers(self): self.quest.editors.connect(self.owner) self.quest.moderators.connect(self.owner) res = Quest.get_quest_helpers(self.owner.username) self.assertIn(self.owner.username, res)