Newer
Older
def create(self, validated_data):
"""Create and return a new Note instance, given the validated data.
A `PermissionDenied` exception will be raised if the user is not privileged or the owner of
the show.
"""
links_data = validated_data.pop("links", [])
# TODO: Once we remove nested routes, this hack should be removed
if "timeslot" not in validated_data:
Ernesto Rico Schmidt
committed
timeslot_pk = TimeSlot.objects.get(pk=self.context["request"].path.split("/")[-3])
validated_data["timeslot"] = validated_data.pop("timeslot", timeslot_pk)
show = validated_data["timeslot"].schedule.show
user = self.context.get("request").user
# user_is_privileged = user.groups.filter(name=settings.PRIVILEGED_GROUP).exists()
user_is_owner = user in show.owners.all()
# Only superusers and owners of a show are allowed to create a note
# Being a superuser overrides the ownership
if not (user.is_superuser or user_is_owner):
raise exceptions.PermissionDenied(
detail="You are not allowed to create a note for this show."
)
# we derive `contributors`, `language` and `topic` from the Show's values if not set
contributors = validated_data.pop("contributors", show.hosts.values_list("id", flat=True))
language = validated_data.pop("language", show.language.values_list("id", flat=True))
topic = validated_data.pop("topic", show.topic.values_list("id", flat=True))
validated_data["image"] = validated_data.pop("image", None)
note = Note.objects.create(
created_by=self.context.get("request").user.username,
**validated_data,
note.contributors.set(contributors)
note.language.set(language)
note.topic.set(topic)
for link_data in links_data:
NoteLink.objects.create(note=note, **link_data)
note.save()
def update(self, instance, validated_data):
"""Update and return an existing Note instance, given the validated data.
A `PermissionDenied` exception will be raised if the user is not privileged or the owner of
a show.
"""
user = self.context.get("request").user
# user_is_privileged = user.groups.filter(name=settings.PRIVILEGED_GROUP).exists()
user_is_owner = user in instance.timeslot.schedule.show.owners.all()
# Only superusers and owners of a show are allowed to update a note
# Being a superuser overrides the ownership
if not (user.is_superuser or user_is_owner):
raise exceptions.PermissionDenied(detail="You are not allowed to update this note.")
if "cba_id" in validated_data:
instance.cba_id = validated_data.get("cba_id")
if "content" in validated_data:
instance.content = validated_data.get("content")
if "image" in validated_data:
instance.image = validated_data.get("image")
if "summary" in validated_data:
instance.summary = validated_data.get("summary")
if "timeslot" in validated_data:
instance.timeslot = validated_data.get("timeslot")
if "tags" in validated_data:
instance.tags = validated_data.get("tags")
if "title" in validated_data:
instance.title = validated_data.get("title")
# optional many-to-many
if "contributors" in validated_data:
instance.contributors.set(validated_data.get("contributors", []))
if "language" in validated_data:
instance.language.set(validated_data.get("language", []))
# Only update this field if the user is superuser, ignore otherwise
if "topic" in validated_data and user.is_superuser:
instance.topic.set(validated_data.get("topic", []))
if links_data := validated_data.get("links"):
for link_data in links_data:
NoteLink.objects.create(note=instance, **link_data)
instance.updated_by = self.context.get("request").user.username
instance.save()
jackie / Andrea Ida Malkah Klaura
committed
return instance