def to_internal_value(self, data): request = self.context['request'] if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(request): id_field = getattr(self.root.instance, self.source, '_id') if id_field != data: raise Conflict() return super(IDField, self).to_internal_value(data)
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): auth = get_user_auth(self.request) registrations = Registration.objects.filter(guids___id__in=[ registration['id'] for registration in self.request.data ]) # If skip_uneditable=True in query_params, skip nodes for which the user # does not have EDIT permissions. if is_truthy( self.request.query_params.get('skip_uneditable', False)): return Registration.objects.get_nodes_for_user( auth.user, WRITE_NODE, registrations) for registration in registrations: if not registration.can_edit(auth): raise PermissionDenied return registrations blacklisted = self.is_blacklisted() registrations = self.get_queryset_from_request() # If attempting to filter on a blacklisted field, exclude withdrawals. if blacklisted: registrations = registrations.exclude(retraction__isnull=False) return registrations.select_related( 'root', 'root__embargo', 'root__embargo_termination_approval', 'root__retraction', 'root__registration_approval', )
def parse(self, stream, media_type=None, parser_context=None): """ Parses the incoming bytestream as JSON and returns the resulting data. """ result = super(JSONAPIParser, self).parse(stream, media_type=media_type, parser_context=parser_context) if not isinstance(result, dict): raise ParseError() data = result.get('data', {}) if data: if is_bulk_request(parser_context['request']): if not isinstance(data, list): raise ParseError('Expected a list of items but got type "dict".') data_collection = [] data_collection.extend([self.flatten_data(data_object, parser_context, is_list=True) for data_object in data]) return data_collection else: if not isinstance(data, collections.Mapping): raise ParseError('Expected a dictionary of items.') return self.flatten_data(data, parser_context, is_list=False) else: raise JSONAPIException(source={'pointer': '/data'}, detail=NO_DATA_ERROR)
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): auth = get_user_auth(self.request) registrations = Registration.objects.filter(guids___id__in=[ registration['id'] for registration in self.request.data ]) # If skip_uneditable=True in query_params, skip nodes for which the user # does not have EDIT permissions. if is_truthy( self.request.query_params.get('skip_uneditable', False)): has_permission = registrations.filter( contributor__user_id=auth.user.id, contributor__write=True).values_list('guids___id', flat=True) return Registration.objects.filter( guids___id__in=has_permission) for registration in registrations: if not registration.can_edit(auth): raise PermissionDenied return registrations blacklisted = self.is_blacklisted() registrations = self.get_queryset_from_request() # If attempting to filter on a blacklisted field, exclude withdrawals. if blacklisted: return registrations.exclude(retraction__isnull=False) return registrations
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): auth = get_user_auth(self.request) registrations = Registration.objects.filter(guids___id__in=[registration['id'] for registration in self.request.data]) # If skip_uneditable=True in query_params, skip nodes for which the user # does not have EDIT permissions. if is_truthy(self.request.query_params.get('skip_uneditable', False)): has_permission = registrations.filter(contributor__user_id=auth.user.id, contributor__write=True).values_list('guids___id', flat=True) return Registration.objects.filter(guids___id__in=has_permission) for registration in registrations: if not registration.can_edit(auth): raise PermissionDenied return registrations blacklisted = self.is_blacklisted() registrations = self.get_queryset_from_request() # If attempting to filter on a blacklisted field, exclude withdrawals. if blacklisted: registrations = registrations.exclude(retraction__isnull=False) return registrations.select_related( 'root', 'root__embargo', 'root__embargo_termination_approval', 'root__retraction', 'root__registration_approval', )
def to_internal_value(self, data): request = self.context.get('request') if request: if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(request): id_field = getattr(self.root.instance, self.source, '_id') if id_field != data: raise Conflict(detail=('The id you used in the URL, "{}", does not match the id you used in the json body\'s id field, "{}". The object "{}" exists, otherwise you\'d get a 404, so most likely you need to change the id field to match.'.format(id_field, data, id_field))) return super(IDField, self).to_internal_value(data)
def to_internal_value(self, data): request = self.context['request'] if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request( request): id_field = getattr(self.root.instance, self.source, '_id') if id_field != data: raise Conflict() return super(IDField, self).to_internal_value(data)
def to_internal_value(self, data): request = self.context.get('request') if request: if request.method in utils.UPDATE_METHODS and not utils.is_bulk_request(request): id_field = self.get_id(self.root.instance) if id_field != data: raise Conflict(detail=('The id you used in the URL, "{}", does not match the id you used in the json body\'s id field, "{}". The object "{}" exists, otherwise you\'d get a 404, so most likely you need to change the id field to match.'.format(id_field, data, id_field))) return super(IDField, self).to_internal_value(data)
def get_serializer(self, *args, **kwargs): """ Adds many=True to serializer if bulk operation. """ if is_bulk_request(self.request): kwargs['many'] = True return super(ListBulkCreateJSONAPIView, self).get_serializer(*args, **kwargs)
def create(self, request, *args, **kwargs): """ Correctly formats both bulk and single POST response """ if is_bulk_request(request): if not request.data: raise ValidationError('Request must contain array of resource identifier objects.') response = super(ListBulkCreateJSONAPIView, self).create(request, *args, **kwargs) if 'data' not in response.data: response.data = {'data': response.data} return response
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): auth = get_user_auth(self.request) collection_ids = [coll['id'] for coll in self.request.data] collections = Collection.objects.filter(guids___id__in=collection_ids) for collection in collections: if not collection.can_edit(auth): raise PermissionDenied return collections else: return self.get_queryset_from_request()
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): auth = get_user_auth(self.request) collection_ids = [coll['id'] for coll in self.request.data] collections = Collection.objects.filter(guids___id__in=collection_ids) checker = ObjectPermissionChecker(auth.user) for collection in collections: if not checker.has_perm('write_collection', collection): raise PermissionDenied return collections else: return self.get_queryset_from_request()
def get_queryset(self): queryset = self.get_queryset_from_request() # If bulk request, queryset only contains contributors in request if is_bulk_request(self.request): contrib_ids = [] for item in self.request.data: try: contrib_ids.append(item['id'].split('-')[1]) except AttributeError: raise ValidationError('Contributor identifier not provided.') except IndexError: raise ValidationError('Contributor identifier incorrectly formatted.') queryset[:] = [contrib for contrib in queryset if contrib._id in contrib_ids] return queryset
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): query = Q('_id', 'in', [coll['id'] for coll in self.request.data]) auth = get_user_auth(self.request) collections = Collection.find(query) for collection in collections: if not collection.can_edit(auth): raise PermissionDenied return collections else: query = self.get_query_from_request() return Collection.find(query)
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): query = Q("_id", "in", [node["id"] for node in self.request.data]) auth = get_user_auth(self.request) nodes = Node.find(query) for node in nodes: if not node.can_edit(auth): raise PermissionDenied return nodes else: query = self.get_query_from_request() return Node.find(query)
def get_queryset(self): # For bulk requests, queryset is formed from request body. if is_bulk_request(self.request): query = Q('_id', 'in', [node['id'] for node in self.request.data]) auth = get_user_auth(self.request) nodes = Node.find(query) for node in nodes: if not node.can_edit(auth): raise PermissionDenied return nodes else: query = self.get_query_from_request() return Node.find(query)
def get_queryset(self): queryset = self.get_queryset_from_request() if is_bulk_request(self.request): user_ids = [] for user in self.request.data: try: user_id = user['id'].split('-')[1] except AttributeError: raise ValidationError('Member identifier not provided.') except IndexError: raise ValidationError( 'Member identifier incorrectly formatted.') else: user_ids.append(user_id) queryset = queryset.filter(guids___id__in=user_ids) return queryset