def user_res(request, pk):
try:
user = User.objects.get(pk=pk)
except User.DoesNotExist:
raise NotFound()
serializer = UserSerializer(user, request.data, partial=True)
if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
if request.method == 'PUT':
if not is_user_in_group(request.user,
"admin") and pk != request.user.pk:
raise PermissionDenied()
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
elif request.method == 'GET':
return Response(serializer.data)
elif request.method == 'DELETE':
if not is_user_in_group(request.user,
"admin") and pk != request.user.pk:
raise PermissionDenied()
user.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
def portfolios_res(request, user_pk, portfolio_pk):
try:
user = User.objects.get(pk=user_pk)
portfolio = user.portfolios.get(pk=portfolio_pk)
except:
raise NotFound()
serializer = PortfolioSerializer(portfolio, request.data, partial=True)
if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
if request.method == 'PUT':
if not is_user_in_group(request.user,
"admin") and user_pk != request.user.pk:
raise PermissionDenied()
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
elif request.method == 'GET':
if not is_user_in_group(
request.user,
"admin") and portfolio.private and user_pk != request.user.pk:
raise PermissionDenied()
return Response(serializer.data)
elif request.method == 'DELETE':
if not is_user_in_group(request.user,
"admin") and user_pk != request.user.pk:
raise PermissionDenied()
portfolio.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
def annotation_res(request, article_pk, annotation_pk):
try:
article = Article.objects.get(pk=article_pk)
ann = article.annotations.get(pk=annotation_pk)
except:
raise NotFound()
serializer = AnnotationSerializer(ann, request.data, partial=True)
if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
if request.method == 'GET':
return Response(serializer.data, status=status.HTTP_200_OK)
else:
if (not is_user_in_group(request.user,
"admin")) and ann.owner.pk != request.user.pk:
raise PermissionDenied()
if request.method == 'PUT':
serializer.save()
return Response(serializer.data, status=status.HTTP_200_OK)
elif request.method == 'DELETE':
ann.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
def create(self, validated_data):
validated_data['password'] = make_password(
validated_data.get('password'))
if len(validated_data.get('groups', [])) != 1:
validated_data['groups'] = Group.objects.filter(name="basic")
created = super(UserSerializer, self).create(validated_data)
if is_user_in_group(created, "trader"):
created.assets.set([
Asset.objects.create(
owner=created,
amount=0,
tr_eq=TradingEquipment.objects.get(sym='USD_USD'))
])
created.save()
return created