def create(self, request, *args, **kwargs):
if self.request.data.get('about_type') == "mission":
mission = Mission.get(self.kwargs[self.lookup_field])
quest = Quest.get(mission.owner_username)
if quest is None:
return Response(
{
"status_code":
status.HTTP_404_NOT_FOUND,
"detail":
"Sorry we couldn't find the Quest you were "
"attempting to create an update for."
},
status=status.HTTP_404_NOT_FOUND)
if quest.owner_username == request.user.username:
return super(UpdateListCreate,
self).create(request, *args, **kwargs)
if request.user.username not in \
Quest.get_quest_helpers(self.kwargs[self.lookup_field]):
return Response(
{
"status_code": status.HTTP_403_FORBIDDEN,
"detail": "You are not authorized to access "
"this page."
},
status=status.HTTP_403_FORBIDDEN)
return super(UpdateListCreate, self).create(request, *args, **kwargs)
def test_get_quest_helpers(self):
self.quest.editors.connect(self.owner)
self.quest.moderators.connect(self.owner)
res = Quest.get_quest_helpers(self.owner.username)
self.assertIn(self.owner.username, res)