def destroy(self, request, *args, **kwargs): registration = self.get_object() if is_admin_user(request) and self._is_own_registration(): return self._unregister(registration) if is_admin_user(request): return self._admin_unregister(registration) if self._is_not_own_registration(): raise PermissionDenied("Du kan kun melde av deg selv") return self._unregister(registration)
def create(self, request, *args, **kwargs): """Creates a new cheatsheet """ if is_admin_user(request): serializer = CheatsheetSerializer(data=self.request.data, context={"request": request}) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED) return Response({"detail": serializer.errors}, status=status.HTTP_400_BAD_REQUEST) return Response( {"detail": "Du har ikke tillatelse til å lage en oppskrift"}, status=status.HTTP_403_FORBIDDEN, )
def retrieve(self, request, pk): """Return detailed information about the event with the specified pk.""" try: event = self.get_object() if is_admin_user(request): serializer = EventAdminSerializer(event, context={"request": request}, many=False) else: serializer = EventSerializer(event, context={"request": request}, many=False) return Response(serializer.data, status=status.HTTP_200_OK) except Event.DoesNotExist as event_not_exist: capture_exception(event_not_exist) return Response( {"detail": "Fant ikke arrangementet"}, status=status.HTTP_404_NOT_FOUND, )
def update(self, request, pk, *args, **kwargs): """ Updates fields passed in request """ try: self.check_object_permissions(self.request, User.objects.get(user_id=pk)) if is_admin_user(request): serializer = UserAdminSerializer( User.objects.get(user_id=pk), context={"request": request}, many=False, data=request.data, ) else: if self.request.id == pk: serializer = UserMemberSerializer( User.objects.get(user_id=pk), context={"request": request}, many=False, data=request.data, ) else: return Response( {"detail": ("Du har ikke tillatelse til å oppdatere brukeren")}, status=status.HTTP_400_BAD_REQUEST, ) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_200_OK) else: return Response( {"detail": ("Kunne ikke oppdatere brukeren")}, status=status.HTTP_400_BAD_REQUEST, ) except ObjectDoesNotExist as object_not_exist: capture_exception(object_not_exist) return Response( {"detail": "Kunne ikke finne brukeren"}, status=status.HTTP_404_NOT_FOUND, )
def destroy(self, request, *args, **kwargs): """Deletes a cheatsheet retrieved by UserClass and UserStudy""" try: cheatsheet = self.get_object() if is_admin_user(request): super().destroy(cheatsheet) return Response( {"detail": "Oppskriften har blitt slettet"}, status=status.HTTP_200_OK, ) return Response( { "detail": "Du har ikke riktig tilatelser for å slette en oppskrift" }, status=status.HTTP_403_FORBIDDEN, ) except Cheatsheet.DoesNotExist as cheatsheet_not_exist: capture_exception(cheatsheet_not_exist) return Response( {"details": "Oppskriften ble ikke funnet"}, status=status.HTTP_404_NOT_FOUND, )
def update(self, request, *args, **kwargs): """Updates a cheatsheet retrieved by UserClass and UserStudy and pk""" try: cheatsheet = self.get_object() if is_admin_user(request): serializer = CheatsheetSerializer(cheatsheet, data=request.data, context={"request": request}) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_200_OK) return Response( { "detail": "Du har ikke tillatelse til å oppdatere oppskriften" }, status=status.HTTP_400_BAD_REQUEST, ) except Cheatsheet.DoesNotExist as cheatsheet_not_exist: capture_exception(cheatsheet_not_exist) return Response( {"details": "Oppskriften ble ikke funnet"}, status=status.HTTP_404_NOT_FOUND, )
def get_serializer_class(self): if is_admin_user(self.request): return MembershipLeaderSerializer if IsLeader().has_permission(request=self.request, view=self): return MembershipLeaderSerializer return super().get_serializer_class()
def get_queryset(self): if is_admin_user(self.request): return self.queryset return self.queryset.filter(type__in=GroupType.public_groups())
def _non_admin_tries_to_access_another_registration(self): return self._is_not_own_registration() and not is_admin_user( self.request)