def post(self, request, format=None): ser = self.serializer_class(data=request.data) if ser.is_valid(): anonymous_basket = operations.get_anonymous_basket(request) user = ser.instance # refuse to login logged in users, to avoid attaching sessions to # multiple users at the same time. if request.user.is_authenticated: return Response( {'detail': 'Session is in use, log out first'}, status=status.HTTP_405_METHOD_NOT_ALLOWED) request.user = user login_and_upgrade_session(request._request, user) # merge anonymous basket with authenticated basket. basket = operations.get_user_basket(user) if anonymous_basket is not None: self.merge_baskets(anonymous_basket, basket) operations.store_basket_in_session(basket, request.session) return Response("") return Response(ser.errors, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request, format=None): ser = serializers.LoginSerializer(data=request.data) if ser.is_valid(): anonymous_basket = operations.get_anonymous_basket(request) user = ser.object # refuse to login logged in users, to avoid attaching sessions to # multiple users at the same time. if request.user.is_authenticated(): return Response( {'detail': 'Session is in use, log out first'}, status=status.HTTP_405_METHOD_NOT_ALLOWED) request.user = user login_and_upgrade_session(request._request, user) # merge anonymous basket with authenticated basket. basket = operations.get_user_basket(user) if anonymous_basket is not None: self.merge_baskets(anonymous_basket, basket) operations.store_basket_in_session(basket, request.session) return Response() return Response(ser.errors, status=status.HTTP_401_UNAUTHORIZED)
def get_queryset(self): qs = super(BasketList, self).get_queryset() if self.request.user.is_authenticated: qs = qs.filter(owner=self.request.user) mapped_with_baskets = list( map( functools.partial(assign_basket_strategy, request=self.request), qs)) else: # anonymous users have max 1 basket. basket = get_anonymous_basket(self.request) mapped_with_baskets = [prepare_basket(basket, self.request)] return QuerySetList(mapped_with_baskets, qs)
def delete(self, request, format=None): """ Destroy the session. for anonymous users that means having their basket destroyed as well, because there is no way to reach it otherwise. """ request = request._request if request.user.is_anonymous: basket = operations.get_anonymous_basket(request) if basket: operations.flush_and_delete_basket(basket) request.session.clear() request.session.delete() request.session = None return Response("")
def delete(self, request, format=None): """ Destroy the session. for anonymous users that means having their basket destroyed as well, because there is no way to reach it otherwise. """ request = request._request if request.user.is_anonymous(): basket = operations.get_anonymous_basket(request) if basket: operations.flush_and_delete_basket(basket) request.session.clear() request.session.delete() request.session = None return Response()