def destroy(self, request, *args, **kwargs):
registration = self.get_object()
if is_admin_user(request) and self._is_own_registration():
return self._unregister(registration)
if is_admin_user(request):
return self._admin_unregister(registration)
if self._is_not_own_registration():
raise PermissionDenied("Du kan kun melde av deg selv")
return self._unregister(registration)
def create(self, request, *args, **kwargs):
"""Creates a new cheatsheet """
if is_admin_user(request):
serializer = CheatsheetSerializer(data=self.request.data,
context={"request": request})
if serializer.is_valid():
serializer.save()
return Response(serializer.data,
status=status.HTTP_201_CREATED)
return Response({"detail": serializer.errors},
status=status.HTTP_400_BAD_REQUEST)
return Response(
{"detail": "Du har ikke tillatelse til å lage en oppskrift"},
status=status.HTTP_403_FORBIDDEN,
)
def retrieve(self, request, pk):
"""Return detailed information about the event with the specified pk."""
try:
event = self.get_object()
if is_admin_user(request):
serializer = EventAdminSerializer(event,
context={"request": request},
many=False)
else:
serializer = EventSerializer(event,
context={"request": request},
many=False)
return Response(serializer.data, status=status.HTTP_200_OK)
except Event.DoesNotExist as event_not_exist:
capture_exception(event_not_exist)
return Response(
{"detail": "Fant ikke arrangementet"},
status=status.HTTP_404_NOT_FOUND,
)
def update(self, request, pk, *args, **kwargs):
""" Updates fields passed in request """
try:
self.check_object_permissions(self.request, User.objects.get(user_id=pk))
if is_admin_user(request):
serializer = UserAdminSerializer(
User.objects.get(user_id=pk),
context={"request": request},
many=False,
data=request.data,
)
else:
if self.request.id == pk:
serializer = UserMemberSerializer(
User.objects.get(user_id=pk),
context={"request": request},
many=False,
data=request.data,
)
else:
return Response(
{"detail": ("Du har ikke tillatelse til å oppdatere brukeren")},
status=status.HTTP_400_BAD_REQUEST,
)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
else:
return Response(
{"detail": ("Kunne ikke oppdatere brukeren")},
status=status.HTTP_400_BAD_REQUEST,
)
except ObjectDoesNotExist as object_not_exist:
capture_exception(object_not_exist)
return Response(
{"detail": "Kunne ikke finne brukeren"},
status=status.HTTP_404_NOT_FOUND,
)
def destroy(self, request, *args, **kwargs):
"""Deletes a cheatsheet retrieved by UserClass and UserStudy"""
try:
cheatsheet = self.get_object()
if is_admin_user(request):
super().destroy(cheatsheet)
return Response(
{"detail": "Oppskriften har blitt slettet"},
status=status.HTTP_200_OK,
)
return Response(
{
"detail":
"Du har ikke riktig tilatelser for å slette en oppskrift"
},
status=status.HTTP_403_FORBIDDEN,
)
except Cheatsheet.DoesNotExist as cheatsheet_not_exist:
capture_exception(cheatsheet_not_exist)
return Response(
{"details": "Oppskriften ble ikke funnet"},
status=status.HTTP_404_NOT_FOUND,
)
def update(self, request, *args, **kwargs):
"""Updates a cheatsheet retrieved by UserClass and UserStudy and pk"""
try:
cheatsheet = self.get_object()
if is_admin_user(request):
serializer = CheatsheetSerializer(cheatsheet,
data=request.data,
context={"request": request})
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
return Response(
{
"detail":
"Du har ikke tillatelse til å oppdatere oppskriften"
},
status=status.HTTP_400_BAD_REQUEST,
)
except Cheatsheet.DoesNotExist as cheatsheet_not_exist:
capture_exception(cheatsheet_not_exist)
return Response(
{"details": "Oppskriften ble ikke funnet"},
status=status.HTTP_404_NOT_FOUND,
)
def get_serializer_class(self):
if is_admin_user(self.request):
return MembershipLeaderSerializer
if IsLeader().has_permission(request=self.request, view=self):
return MembershipLeaderSerializer
return super().get_serializer_class()
def get_queryset(self):
if is_admin_user(self.request):
return self.queryset
return self.queryset.filter(type__in=GroupType.public_groups())
def _non_admin_tries_to_access_another_registration(self):
return self._is_not_own_registration() and not is_admin_user(
self.request)