def put(self, request, pk, format=None):
card = self.get_object(pk)
# User must be able to edit the containing deck
if deck_edit_forbidden(card.deck, request.user):
return Response(status=status.HTTP_403_FORBIDDEN)
if u"deck" in request.data:
del request.data[u"deck"]
serializer = CardSerializer(card, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def put(self, request, pk, format=None):
card = self.get_object(pk)
# User must be able to edit the containing deck
if deck_edit_forbidden(card.deck, request.user):
return Response(status=status.HTTP_403_FORBIDDEN)
if u"deck" in request.data:
del request.data[u"deck"]
serializer = CardSerializer(card, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def create_card(request):
"""
# Request format:
## /api/cards
# Methods supported:
## post
* Create a new card given request information, request must have 'deck' field in JSON with integer id
referring to the deck that the card will be added to
* The card will only be created if the user has edit permissions to the given deck
"""
print "Entered this piece of shit!"
# Card must have deck
if u'deck' not in request.data:
return Response(status=status.HTTP_400_BAD_REQUEST)
print request.data
deck_id = request.data[u'deck']
# Attempt to fetch the deck
try:
deck = Deck.objects.get(pk=deck_id)
except Deck.DoesNotExist:
raise Http404
# Ensure that the user has edit permissions for the deck
if deck_edit_forbidden(deck, request.user):
print "Failed here!"
print "User: "
print deck.created_by.id
print request.user.id
return Response(status=status.HTTP_403_FORBIDDEN)
# Now create the card
serializer = CardSerializer(data=request.data)
if serializer.is_valid():
serializer.save(deck=deck)
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def create_card(request):
"""
# Request format:
## /api/cards
# Methods supported:
## post
* Create a new card given request information, request must have 'deck' field in JSON with integer id
referring to the deck that the card will be added to
* The card will only be created if the user has edit permissions to the given deck
"""
print "Entered this piece of shit!"
# Card must have deck
if u'deck' not in request.data:
return Response(status=status.HTTP_400_BAD_REQUEST)
print request.data
deck_id = request.data[u'deck']
# Attempt to fetch the deck
try:
deck = Deck.objects.get(pk=deck_id)
except Deck.DoesNotExist:
raise Http404
# Ensure that the user has edit permissions for the deck
if deck_edit_forbidden(deck, request.user):
print "Failed here!"
print "User: "
print deck.created_by.id
print request.user.id
return Response(status=status.HTTP_403_FORBIDDEN)
# Now create the card
serializer = CardSerializer(data=request.data)
if serializer.is_valid():
serializer.save(deck=deck)
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, pk, format=None):
card = self.get_object(pk)
# User must be able to view the containing deck
if deck_view_forbidden(card.deck, request.user):
return Response(status=status.HTTP_403_FORBIDDEN)
serializer = CardSerializer(card)
return Response(serializer.data)
