ajusté adim.view pour compatibilité avec restframework v3.3

72e0c3f6 · Julien Furrer · 0dbce233 · 72e0c3f6
Commit 72e0c3f6 authored Jan 11, 2016 by Julien Furrer
--- a/adim_project/adim/views.py
+++ b/adim_project/adim/views.py
@@ -25,6 +25,7 @@ class AccessibleAnObj(BasePermission):
    RestFramework Object-level permission to allow access to objects related to an accessible AnObj
    Assumes the model instance has an `annotable` attribute.
    """
    def has_object_permission(self, request, view, obj):
        try:
            return has_anobj_access(request, obj.annotable)
@@ -54,6 +55,7 @@ class IsOwnerOrReadOnly(BasePermission):
        else:
            return False
 class WritableAnObjOrReadonly(BasePermission):
    """
    RestFramework Object-level permission to only allow modification on objects
@@ -90,6 +92,7 @@ class AnObjViewSet(viewsets.ModelViewSet):
    """
    model = AnObj
    serializer_class = AnObjSerializer
    # lookup_field = 'uuid'
    def get_serializer_class(self):
@@ -122,7 +125,7 @@ class AnObjViewSet(viewsets.ModelViewSet):
        if request.method != 'GET':
            user_model = get_user_model()
            members = []
-            for member_data in request.DATA.get('members', []):
+            for member_data in request.data.get('members', []):
                try:
                    q = Q(pk=-1)
                    if member_data.get('id'):
@@ -156,7 +159,7 @@ class AnObjViewSet(viewsets.ModelViewSet):
    def set_publish_mode(self, request, pk=None):
        user = request.user
        anobj = AnObj.objects.get(pk=pk)
-        new_publish_mode = int(request.DATA.get('publish_mode', 0))
+        new_publish_mode = int(request.data.get('publish_mode', 0))
        if new_publish_mode not in xrange(3):
            raise ValueError("Invalid publish mode")
@@ -172,8 +175,8 @@ class AnObjViewSet(viewsets.ModelViewSet):
                raise Http404()
        if new_publish_mode == 2 and not (
-                anobj.allow_public_publishing or anobj.is_owned(user.id)):
+                    anobj.allow_public_publishing or anobj.is_owned(user.id)):
-                # anobj.allow_public_publishing or user in anobj.owners.all()):
+            # anobj.allow_public_publishing or user in anobj.owners.all()):
            raise PermissionDenied
        if membership.publish_mode != new_publish_mode:
@@ -234,27 +237,27 @@ class SharedAnObjViewSet(AnObjViewSet):
        else:
            users = []
        return Response({'users': users})
-    #
+        #
-    # @detail_route(methods=['patch'])
+        # @detail_route(methods=['patch'])
-    # def set_publish_mode(self, request, pk=None):
+        # def set_publish_mode(self, request, pk=None):
-    #     user = request.user
+        #     user = request.user
-    #     anobj = AnObj.objects.get(pk=pk)
+        #     anobj = AnObj.objects.get(pk=pk)
-    #     membership = get_object_or_404(AnObjMembership, anobj__id=pk, user=user)
+        #     membership = get_object_or_404(AnObjMembership, anobj__id=pk, user=user)
-    #
+        #
-    #     new_publish_mode = int(request.DATA.get('publish_mode', 0))
+        #     new_publish_mode = int(request.DATA.get('publish_mode', 0))
-    #     if new_publish_mode not in xrange(3):
+        #     if new_publish_mode not in xrange(3):
-    #         raise ValueError("Invalid publish mode")
+        #         raise ValueError("Invalid publish mode")
-    #
+        #
-    #     if new_publish_mode == 2 and not (
+        #     if new_publish_mode == 2 and not (
-    #             anobj.allow_public_publishing or user == anobj.owner):
+        #             anobj.allow_public_publishing or user == anobj.owner):
-    #         raise PermissionDenied
+        #         raise PermissionDenied
-    #
+        #
-    #     if membership.publish_mode != new_publish_mode:
+        #     if membership.publish_mode != new_publish_mode:
-    #         membership.publish_mode = new_publish_mode
+        #         membership.publish_mode = new_publish_mode
-    #         membership.save()
+        #         membership.save()
-    #
+        #
-    #     return Response({'publish_mode': membership.publish_mode})
+        #     return Response({'publish_mode': membership.publish_mode})
-    #
+        #
 class UserViewSet(viewsets.ReadOnlyModelViewSet):
@@ -301,43 +304,49 @@ class AnnotationViewSet(viewsets.ModelViewSet):
        :param kwargs:
        :return:
        """
-        request.data['owner'] = request.user.id
+        owner_str_id = str(request.user.id)
-        request.data['owner_id'] = request.user.id
+        if (
+            owner_str_id not in request.data['owner'] or
+            owner_str_id not in request.data['owner_id']
+        ):
+            raise AttributeError("Wrong owner for annotation")
+        # request.data['owner'] = request.user.id
+        # request.data['owner_id'] = request.user.id
        return super(AnnotationViewSet, self).create(request, *args, **kwargs)
-    # def list(self, request):
+        # def list(self, request):
-    #     return Response([])
+        #     return Response([])
-    #
+        #
-    # def pre_save(self, obj):
+        # def pre_save(self, obj):
-    #     """
+        #     """
-    #     For new annotation, check annotable access permission
+        #     For new annotation, check annotable access permission
-    #     and set the owner of the annotation
+        #     and set the owner of the annotation
-    #     :param obj:
+        #     :param obj:
-    #     :return:
+        #     :return:
-    #     """
+        #     """
-    #     if obj.annotable.locked:
+        #     if obj.annotable.locked:
-    #         raise Exception("Annotable locked")
+        #         raise Exception("Annotable locked")
-    #
+        #
-    #     # ok
+        #     # ok
-    #     if obj.id:
+        #     if obj.id:
-    #         if obj.owner != self.request.user:
+        #         if obj.owner != self.request.user:
-    #             raise Exception("Annotable access forbidden")
+        #             raise Exception("Annotable access forbidden")
-    #
+        #
-    #     else:
+        #     else:
-    #         # user = self.request.user
+        #         # user = self.request.user
-    #         # anobj_q = Q(pk=obj.annotable_id) & (Q(owner=user) | Q(members=user))
+        #         # anobj_q = Q(pk=obj.annotable_id) & (Q(owner=user) | Q(members=user))
-    #         try:
+        #         try:
-    #             anobj = AnObj.objects.get(pk=obj.annotable_id)
+        #             anobj = AnObj.objects.get(pk=obj.annotable_id)
-    #             if not has_anobj_access(self.request, anobj):
+        #             if not has_anobj_access(self.request, anobj):
-    #                 raise Exception("Annotable access forbidden")
+        #                 raise Exception("Annotable access forbidden")
-    #
+        #
-    #         except AnObj.DoesNotExist:
+        #         except AnObj.DoesNotExist:
-    #             raise Exception("Annotable access forbidden")
+        #             raise Exception("Annotable access forbidden")
-    #         # if not AnObj.objects.filter(anobj_q).exists():
+        #         # if not AnObj.objects.filter(anobj_q).exists():
-    #
+        #
-    #         obj.owner = self.request.user
+        #         obj.owner = self.request.user
-    #
+        #
-    #     super(AnnotationViewSet, self).pre_save(obj)
+        #     super(AnnotationViewSet, self).pre_save(obj)
 class SharedAnnotationViewSet(viewsets.ReadOnlyModelViewSet):