def update(model, full_user, instance, data):
updateable_fields = permissions.get_updateable_fields(model, full_user, instance)
if updateable_fields is None:
return (response_403(), None)
filtered_data = dict_subset(data, updateable_fields)
for f_name, f_val in filtered_data.items():
assert permissions.validate_field(model, f_name, f_val)
setattr(instance, f_name, f_val)
instance.save()
return (HttpResponse(''), instance)
def create(model, full_user, data):
createable_fields = permissions.get_createable_fields(model, full_user, data)
if createable_fields is None:
return (response_403(), None)
filtered_data = dict_subset(data, createable_fields)
m = model(**filtered_data)
permissions.final_data_validation(model, m)
try:
permissions.add_custom_create_data(model, full_user, data, m)
except APIException as e:
response = HttpJsonResponse(serialize_object(e, ('errors', 'message')), status=500)
return (response, None)
m.save()
# Send back `id` so client knows it
fields = permissions.post_create_response_fields(model)
response = HttpJsonResponse(serialize_object(m, fields))
return (response, m)