def put(self, request, *args, **kwargs):
"""
Service To update a time
:param request: with the time information an time_id
:return: the time updated
"""
if int(request.user.id) != request.data.get("user") and not is_admin_group(request.user):
return HttpResponseBadRequest("Permission denied")
return self.update(request, *args, **kwargs)
def get(self, request, format=None):
"""
Retrive all the times. A user can only retrieve his times.
Only Admin users can view other users times.
:param request: optionally with userid query param
:param format:
:return: The list of times, or HttpResponseBadRequest if the user has no
permission to query
"""
if "userid" in request.query_params.iterkeys():
userid = int(request.query_params.get("userid"))
if int(request.user.id) == userid or is_admin_group(request.user):
times = Time.objects.filter(user__pk=userid)
else:
return HttpResponseBadRequest("Permission denied")
else:
if is_admin_group(request.user):
times = Time.objects.all()
else:
return HttpResponseBadRequest("Permission denied")
serializer = TimeSerializer(times, many=True)
return Response(serializer.data)
