def update(self, request, *args, **kwargs):
new_data = request.data
new_data['user'] = new_data['user']['id']
new_data['project'] = new_data['project']['id']
new_data['permission'] = new_data['permission']['id']
new_data['given_by'] = request.user.id
partial = kwargs.pop('partial', False)
instance = self.get_object()
if not has_permission_to_edit(instance.project, request.user):
return HttpResponseForbidden("No permission to edit that project")
serializer = self.get_serializer(instance,
data=new_data,
partial=partial)
serializer.is_valid(raise_exception=True)
self.perform_update(serializer)
if getattr(instance, '_prefetched_objects_cache', None):
# If 'prefetch_related' has been applied to a queryset, we need to
# forcibly invalidate the prefetch cache on the instance.
instance._prefetched_objects_cache = {}
return Response(serializer.data)
def create(self, request, *args, **kwargs):
new_data = request.data
new_data['category'] = new_data['category']['id']
category = new_data['category']
order_in_category = new_data['order_in_category']
new_data['created_by'] = request.user.id
new_data['modified_by'] = request.user.id
new_data['calendar_date_start'] = None
new_data['calendar_date_end'] = None
if not Category.objects.filter(id=category).exists():
return HttpResponseForbidden('You cant edit that project!!')
project = Category.objects.get(pk=category).project
if not has_permission_to_edit(project, request.user):
return HttpResponseForbidden('You cant edit that project!!')
self.increment_order_for_new_category(category, order_in_category)
# increment order for cards in new category
#Card.objects.filter(category_id=category, order_in_category__gte=order_in_category) \
# .update(order_in_category=F('order_in_category') + 1)
serializer = self.get_serializer(data=new_data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def has_permission(request):
project_id = request.body
token = request.META['HTTP_AUTHORIZATION'].replace('Token ', '')
user = Token.objects.filter(key=token).first().user
project = Project.objects.get(pk=project_id)
if has_permission_to_edit(project, user):
return HttpResponse('True')
else:
return HttpResponseForbidden('False')
def create(self, request, *args, **kwargs):
new_data = request.data
print(new_data['user'])
new_data['user'] = new_data['user']['id']
new_data['project'] = new_data['project']['id']
new_data['permission'] = 1
new_data['given_by'] = request.user.id
project = Project.objects.get(pk=new_data['project'])
if not has_permission_to_edit(project, request.user):
return HttpResponseForbidden("No permission to edit that project")
serializer = self.get_serializer(data=new_data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)