def update(self, request, *args, **kwargs): new_data = request.data new_data['user'] = new_data['user']['id'] new_data['project'] = new_data['project']['id'] new_data['permission'] = new_data['permission']['id'] new_data['given_by'] = request.user.id partial = kwargs.pop('partial', False) instance = self.get_object() if not has_permission_to_edit(instance.project, request.user): return HttpResponseForbidden("No permission to edit that project") serializer = self.get_serializer(instance, data=new_data, partial=partial) serializer.is_valid(raise_exception=True) self.perform_update(serializer) if getattr(instance, '_prefetched_objects_cache', None): # If 'prefetch_related' has been applied to a queryset, we need to # forcibly invalidate the prefetch cache on the instance. instance._prefetched_objects_cache = {} return Response(serializer.data)
def create(self, request, *args, **kwargs): new_data = request.data new_data['category'] = new_data['category']['id'] category = new_data['category'] order_in_category = new_data['order_in_category'] new_data['created_by'] = request.user.id new_data['modified_by'] = request.user.id new_data['calendar_date_start'] = None new_data['calendar_date_end'] = None if not Category.objects.filter(id=category).exists(): return HttpResponseForbidden('You cant edit that project!!') project = Category.objects.get(pk=category).project if not has_permission_to_edit(project, request.user): return HttpResponseForbidden('You cant edit that project!!') self.increment_order_for_new_category(category, order_in_category) # increment order for cards in new category #Card.objects.filter(category_id=category, order_in_category__gte=order_in_category) \ # .update(order_in_category=F('order_in_category') + 1) serializer = self.get_serializer(data=new_data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def has_permission(request): project_id = request.body token = request.META['HTTP_AUTHORIZATION'].replace('Token ', '') user = Token.objects.filter(key=token).first().user project = Project.objects.get(pk=project_id) if has_permission_to_edit(project, user): return HttpResponse('True') else: return HttpResponseForbidden('False')
def create(self, request, *args, **kwargs): new_data = request.data print(new_data['user']) new_data['user'] = new_data['user']['id'] new_data['project'] = new_data['project']['id'] new_data['permission'] = 1 new_data['given_by'] = request.user.id project = Project.objects.get(pk=new_data['project']) if not has_permission_to_edit(project, request.user): return HttpResponseForbidden("No permission to edit that project") serializer = self.get_serializer(data=new_data) serializer.is_valid(raise_exception=True) self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)