def delete(self, request, issuerSlug, badgeSlug, assertionSlug):
"""
Revoke an issued badge assertion.
Limited to Issuer owner and editors (not staff)
---
parameters:
- name: revocation_reason
description: A short description of why the badge is to be revoked
required: true
type: string
paramType: form
responseMessages:
- code: 200
message: Assertion has been revoked.
- code: 400
message: Assertion is already revoked
- code: 404
message: Assertion not found or user has inadequate permissions.
"""
if request.data.get('revocation_reason') is None:
raise ValidationError(
"The parameter revocation_reason is required \
to revoke a badge assertion")
current_assertion = self.get_object(assertionSlug)
if current_assertion is None:
return Response(status=status.HTTP_404_NOT_FOUND)
if current_assertion.revoked is True:
return Response("Assertion is already revoked.",
status=status.HTTP_400_BAD_REQUEST)
current_assertion.revoked = True
current_assertion.revocation_reason = \
request.data.get('revocation_reason')
current_assertion.image.delete()
current_assertion.save()
if apps.is_installed('badgebook'):
try:
from badgebook.models import BadgeObjectiveAward, LmsCourseInfo
try:
award = BadgeObjectiveAward.cached.get(
badge_instance_id=current_assertion.id)
except BadgeObjectiveAward.DoesNotExist:
pass
else:
award.delete()
except ImportError:
pass
logger.event(
badgrlog.BadgeAssertionRevokedEvent(current_assertion,
request.user))
return Response("Assertion {} has been revoked.".format(
current_assertion.slug),
status=status.HTTP_200_OK)
def delete(self, request, **kwargs):
# verify the user has permission to the assertion
assertion = self.get_object(request, **kwargs)
if not self.has_object_permissions(request, assertion):
return Response(status=HTTP_404_NOT_FOUND)
revocation_reason = request.data.get('revocation_reason', None)
if not revocation_reason:
raise ValidationError({'revocation_reason': "This field is required"})
try:
assertion.revoke(revocation_reason)
except DjangoValidationError as e:
raise ValidationError(e.message)
serializer = self.get_serializer_class()(assertion, context={'request': request})
logger.event(badgrlog.BadgeAssertionRevokedEvent(assertion, request.user))
return Response(status=HTTP_200_OK, data=serializer.data)