def put(self, request, pk, format=None):
params = request.query_params if len(
request.data) == 0 else request.data
obj = self.get_object(pk)
if (request.user.role == "ADMIN" or request.user.is_superuser
or request.user == obj.commented_by):
serializer = CommentSerializer(obj, data=params)
if params.get("comment"):
if serializer.is_valid():
serializer.save()
return Response(
{
"error": False,
"message": "Comment Submitted"
},
status=status.HTTP_200_OK,
)
return Response(
{
"error": True,
"errors": serializer.errors
},
status=status.HTTP_400_BAD_REQUEST,
)
else:
return Response(
{
"error": True,
"errors":
"You don't have Permission to perform this action",
},
status=status.HTTP_403_FORBIDDEN,
)
def post(self, request, pk, **kwargs):
params = (self.request.query_params
if len(self.request.data) == 0 else self.request.data)
context = {}
self.opportunity_obj = Opportunity.objects.get(pk=pk)
if self.opportunity_obj.company != request.company:
return Response({
"error":
True,
"errors":
"User company doesnot match with header...."
})
comment_serializer = CommentSerializer(data=params)
if self.request.user.role != "ADMIN" and not self.request.user.is_superuser:
if not (
(self.request.user == self.opportunity_obj.created_by) or
(self.request.user in self.opportunity_obj.assigned_to.all())):
return Response(
{
"error":
True,
"errors":
"You don't have Permission to perform this action",
},
status=status.HTTP_401_UNAUTHORIZED,
)
if comment_serializer.is_valid():
if params.get("comment"):
comment_serializer.save(
opportunity_id=self.opportunity_obj.id,
commented_by_id=self.request.user.id,
)
if self.request.FILES.get("opportunity_attachment"):
attachment = Attachments()
attachment.created_by = self.request.user
attachment.file_name = self.request.FILES.get(
"opportunity_attachment").name
attachment.opportunity = self.opportunity_obj
attachment.attachment = self.request.FILES.get(
"opportunity_attachment")
attachment.save()
comments = Comment.objects.filter(
opportunity=self.opportunity_obj).order_by("-id")
attachments = Attachments.objects.filter(
opportunity=self.opportunity_obj).order_by("-id")
context.update({
"opportunity_obj":
OpportunitySerializer(self.opportunity_obj).data,
"attachments":
AttachmentsSerializer(attachments, many=True).data,
"comments":
CommentSerializer(comments, many=True).data,
})
return Response(context)
def post(self, request, pk, **kwargs):
params = (self.request.query_params
if len(self.request.data) == 0 else self.request.data)
context = {}
self.account_obj = Account.objects.get(pk=pk)
if self.account_obj.org != request.org:
return Response(
{
"error": True,
"errors": "User company does not match with header...."
},
status=status.HTTP_403_FORBIDDEN)
if self.request.profile.role != "ADMIN" and not self.request.profile.is_admin:
if not (
(self.request.profile == self.account_obj.created_by) or
(self.request.profile in self.account_obj.assigned_to.all())):
return Response(
{
"error":
True,
"errors":
"You do not have Permission to perform this action",
},
status=status.HTTP_403_FORBIDDEN,
)
comment_serializer = CommentSerializer(data=params)
if comment_serializer.is_valid():
if params.get("comment"):
comment_serializer.save(
account_id=self.account_obj.id,
commented_by=self.request.profile,
)
if self.request.FILES.get("account_attachment"):
attachment = Attachments()
attachment.created_by = self.request.profile
attachment.file_name = self.request.FILES.get(
"account_attachment").name
attachment.account = self.account_obj
attachment.attachment = self.request.FILES.get(
"account_attachment")
attachment.save()
comments = Comment.objects.filter(
account__id=self.account_obj.id).order_by("-id")
attachments = Attachments.objects.filter(
account__id=self.account_obj.id).order_by("-id")
context.update({
"account_obj":
AccountSerializer(self.account_obj).data,
"attachments":
AttachmentsSerializer(attachments, many=True).data,
"comments":
CommentSerializer(comments, many=True).data,
})
return Response(context)
def post(self, request, pk, **kwargs):
params = (self.request.query_params
if len(self.request.data) == 0 else self.request.data)
context = {}
self.lead_obj = Lead.objects.get(pk=pk)
if self.request.user.role != "ADMIN" and not self.request.user.is_superuser:
if not ((self.request.user == self.lead_obj.created_by) or
(self.request.user in self.lead_obj.assigned_to.all())):
return Response(
{
"error":
True,
"errors":
"You do not have Permission to perform this action",
},
status=status.HTTP_403_FORBIDDEN,
)
comment_serializer = CommentSerializer(data=params)
if comment_serializer.is_valid():
if params.get("comment"):
comment_serializer.save(
lead_id=self.lead_obj.id,
commented_by_id=self.request.user.id,
)
if self.request.FILES.get("lead_attachment"):
attachment = Attachments()
attachment.created_by = self.request.user
attachment.file_name = self.request.FILES.get(
"lead_attachment").name
attachment.lead = self.lead_obj
attachment.attachment = self.request.FILES.get(
"lead_attachment")
attachment.save()
comments = Comment.objects.filter(
lead__id=self.lead_obj.id).order_by("-id")
attachments = Attachments.objects.filter(
lead__id=self.lead_obj.id).order_by("-id")
context.update({
"lead_obj":
LeadSerializer(self.lead_obj).data,
"attachments":
AttachmentsSerializer(attachments, many=True).data,
"comments":
LeadCommentSerializer(comments, many=True).data,
})
return Response(context)