def patch(self, request, provider_uuid, identity_uuid, allocation_request_uuid): """ Paritally update the AllocationRequest Users are only allowed to update description or request, all other fields will be ignored. A super user or staff user can end date or close out a request and provide an admin message. """ data = request.DATA allocation_request = self.get_object(allocation_request_uuid) if not allocation_request.can_modify(request.user): return Response(status=status.HTTP_403_FORBIDDEN) if request.user.is_staff or request.user.is_superuser: whitelist = AllocationRequestDetail.admin_whitelist else: whitelist = AllocationRequestDetail.user_whitelist #: Select fields that are in white list fields = {field: data[field] for field in whitelist if field in data} serializer = AllocationRequestSerializer(allocation_request, data=fields, partial=True) if serializer.is_valid(): serializer.save() return Response(serializer.data) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, provider_uuid, identity_uuid): """ Creates a new AllocationRequest for a specific identity """ try: identity = Identity.objects.get(uuid=identity_uuid) membership = IdentityMembership.objects.get(identity=identity) except Identity.DoesNotExist: return failure_response(status.HTTP_400_BAD_REQUEST, "Identity not found.") except IdentityMembership.DoesNotExist: return failure_response(status.HTTP_400_BAD_REQUEST, "IdentityMembership not found.") data = request.DATA status_type = get_status_type() new_allocation = AllocationRequest(membership=membership, created_by=request.user, status=status_type) serializer = AllocationRequestSerializer(new_allocation, data=data, partial=True) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, provider_uuid, identity_uuid, allocation_request_uuid): """ Returns an AllocationRequest with the matching uuid """ allocation_request = self.get_object(allocation_request_uuid) serialized_data = AllocationRequestSerializer(allocation_request).data return Response(serialized_data)
def get(self, request, provider_uuid, identity_uuid): """ Fetches all AllocationRequests for a specific identity """ try: identity = Identity.objects.get(uuid=identity_uuid) membership = IdentityMembership.objects.get(identity=identity) except Identity.DoesNotExist: return failure_response(status.HTTP_400_BAD_REQUEST, "Identity not found.") except IdentityMembership.DoesNotExist: return failure_response(status.HTTP_400_BAD_REQUEST, "IdentityMembership not found.") allocation_requests = AllocationRequest.objects.filter( membership=membership) serializer = AllocationRequestSerializer(allocation_requests, many=True) return Response(serializer.data)
def post(self, request, provider_uuid, identity_uuid): """ Creates a new AllocationRequest for a specific identity """ try: identity = Identity.objects.get(uuid=identity_uuid) membership = IdentityMembership.objects.get(identity=identity) except Identity.DoesNotExist: return failure_response(status.HTTP_400_BAD_REQUEST, "Identity not found.") except IdentityMembership.DoesNotExist: return failure_response(status.HTTP_400_BAD_REQUEST, "IdentityMembership not found.") # Determine if the user is a member of the identity if not membership.is_member(request.user): return Response(status=status.HTTP_403_FORBIDDEN) # Only allow 1 active request at a time if AllocationRequest.is_active(membership): return failure_response( status.HTTP_400_BAD_REQUEST, "An existing allocation request is already open.") data = request.DATA status_type = get_status_type() new_allocation = AllocationRequest(membership=membership, created_by=request.user, status=status_type) serializer = AllocationRequestSerializer(new_allocation, data=data, partial=True) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)