def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) if not serializer.is_valid(): msg = str(serializer.errors) return Response({'ok': False, 'msg': msg}, status=401) user_id = serializer.validated_data['user_id'] session_id = serializer.validated_data['session_id'] with tmp_to_root_org(): session = get_object_or_none(Session, pk=session_id) if not session: msg = _('Session does not exist: {}'.format(session_id)) return Response({'ok': False, 'msg': msg}, status=401) if not session.can_join: msg = _('Session is finished or the protocol not supported') return Response({'ok': False, 'msg': msg}, status=401) user = get_object_or_none(User, pk=user_id) if not user: msg = _('User does not exist: {}'.format(user_id)) return Response({'ok': False, 'msg': msg}, status=401) with tmp_to_org(session.org): if is_session_approver(session_id, user_id): return Response({'ok': True, 'msg': ''}, status=200) if not user.admin_or_audit_orgs: msg = _('User does not have permission') return Response({'ok': False, 'msg': msg}, status=401) return Response({'ok': True, 'msg': ''}, status=200)
def post(self, request, *args, **kwargs): session_ids = request.data user_id = request.user.id for session_id in session_ids: if not is_session_approver(session_id, user_id): return Response({}, status=status.HTTP_403_FORBIDDEN) with tmp_to_root_org(): validated_session = kill_sessions(session_ids, request.user) return Response({"ok": validated_session})