def get(self): """ API endpoint for get resource (get-detail). """ if self._meta.authentication.is_authenticated(self.request): # get the object to view obj_id = self.request.matchdict['id'] obj = self.get_obj(obj_id) bundle = self.build_bundle(obj=obj) # check if we have read access to this object first if self._meta.authorization.read_detail(obj, bundle): if obj is not None: bundle = self.dehydrate(bundle) return bundle else: raise HTTPNotFound(RESOURCE_NOT_FOUND.format(self.get_obj_url(obj_id))) else: raise HTTPForbidden(NOT_AUTHORIZED) else: raise HTTPForbidden(NOT_AUTHENTICATED)
def put(self): """ API endpoint for update resource (update-detail). Note that TastyPie will actually create the object if it didn't exist first, we don't do this and return HTTPNotFound instead. """ if self._meta.authentication.is_authenticated(self.request): # get the current object to update, build a bundle with the data obj_id = self.request.matchdict['id'] obj = self.get_obj(obj_id) bundle = self.build_bundle(obj=obj, data=self.request.validated) # now we can check if we are allowed to update this object if self._meta.authorization.update_detail(obj, bundle): if obj is not None: # hydrate and save the object bundle = self.hydrate(bundle) # if there are errors, don't call save_obj and return # this results in a 400 Bad Request, which is what we want if self.request.errors: return self.save_obj(bundle.obj) # returning the data is optional and is done per-resource. if self._meta.always_return_data: # return the data that was saved during hydrate bundle = self.dehydrate(bundle) return bundle else: # returns 204 no content return HTTPNoContent() else: raise HTTPNotFound(RESOURCE_NOT_FOUND.format(self.get_obj_url(obj_id))) else: raise HTTPForbidden(NOT_AUTHORIZED) else: raise HTTPForbidden(NOT_AUTHENTICATED)
def delete(self): """ API endpoint to delete a resource (delete-detail). """ if self._meta.authentication.is_authenticated(self.request): # get the current object to delete obj_id = self.request.matchdict['id'] obj = self.get_obj(obj_id) bundle = self.build_bundle(obj=obj) # now we can check if we are allowed to delete this object if self._meta.authorization.delete_detail(obj, bundle): if obj is not None: # delete the object self.delete_obj(obj) # returns 204 no content return HTTPNoContent() else: raise HTTPNotFound(RESOURCE_NOT_FOUND.format(self.get_obj_url(obj_id))) else: raise HTTPForbidden(NOT_AUTHORIZED) else: raise HTTPForbidden(NOT_AUTHENTICATED)