def put(self, request, pk, format=None): deck = self.get_object(pk) # The authenticated user can must be able to edit the deck if deck_edit_forbidden(deck, request.user): return Response(status=status.HTTP_403_FORBIDDEN) serializer = DeckSerializer(deck, data=request.data) if serializer.is_valid(): serializer.save() return Response(serializer.data) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None): serializer = DeckSerializer(data=request.data) if serializer.is_valid(): serializer.save(created_by=request.user) return Response(serializer.data, status=status.HTTP_201_CREATED) return Response(serializer.errors, status.HTTP_400_BAD_REQUEST)