serializers.py

            "slug",
            "summary",
            "tags",
            "timeslot_id",
            "title",
            "topic_ids",
        ) + read_only_fields

    def create(self, validated_data):
        """Create and return a new Note instance, given the validated data.

        A `PermissionDenied` exception will be raised if the user is not privileged or the owner of
        the show.
        """

        links_data = validated_data.pop("links", [])

        # required
        if "timeslot_id" in validated_data:
            validated_data["timeslot"] = validated_data.pop("timeslot_id")
        else:
            # TODO: Once we remove nested routes, this hack should be removed
            timeslot_pk = TimeSlot.objects.get(pk=self.context["request"].path.split("/")[-3])
            validated_data["timeslot"] = validated_data.pop("timeslot_id", timeslot_pk)

        show = validated_data["timeslot"].schedule.show
        user = self.context.get("request").user
        # user_is_privileged = user.groups.filter(name=settings.PRIVILEGED_GROUP).exists()
        user_is_owner = user in show.owners.all()

        # Only superusers and owners of a show are allowed to create a note
        # Being a superuser overrides the ownership
        if not (user.is_superuser or user_is_owner):
            raise exceptions.PermissionDenied(
                detail="You are not allowed to create a note for this show."
            )

        # we derive `contributors`, `language` and `topic` from the Show's values if not set
        contributors = validated_data.pop("contributors", show.hosts.values_list("id", flat=True))
        language = validated_data.pop("language", show.language.values_list("id", flat=True))
        topic = validated_data.pop("topic", show.topic.values_list("id", flat=True))

        # optional foreign key
        validated_data["image"] = validated_data.pop("image_id", None)

        note = Note.objects.create(
            created_by=self.context.get("request").user.username,
            **validated_data,
        )

        note.contributors.set(contributors)
        note.language.set(language)
        note.topic.set(topic)

        # optional nested objects
        for link_data in links_data:
            NoteLink.objects.create(note=note, **link_data)

        note.save()

        return note

    def update(self, instance, validated_data):
        """Update and return an existing Note instance, given the validated data.

        A `PermissionDenied` exception will be raised if the user is not privileged or the owner of
        a show.
        """

        user = self.context.get("request").user
        # user_is_privileged = user.groups.filter(name=settings.PRIVILEGED_GROUP).exists()
        user_is_owner = user in instance.timeslot.schedule.show.owners.all()

        # Only superusers and owners of a show are allowed to update a note
        # Being a superuser overrides the ownership
        if not (user.is_superuser or user_is_owner):
            raise exceptions.PermissionDenied(detail="You are not allowed to update this note.")

        print(validated_data)
        if "cba_id" in validated_data:
            instance.cba_id = validated_data.get("cba_id")

        if "content" in validated_data:
            instance.content = validated_data.get("content")

        if "image" in validated_data:
            instance.image = validated_data.get("image")

        if "slug" in validated_data:
            instance.slug = validated_data.get("slug")

        if "summary" in validated_data:
            instance.summary = validated_data.get("summary")

        if "timeslot" in validated_data:
            instance.timeslot = validated_data.get("timeslot")

        if "tags" in validated_data:
            instance.tags = validated_data.get("tags")

        if "title" in validated_data:
            instance.title = validated_data.get("title")

        # optional many-to-many
        if "contributors" in validated_data:
            instance.contributors.set(validated_data.get("contributors", []))

        if "language" in validated_data:
            instance.language.set(validated_data.get("language", []))

        # Only update this field if the user is superuser, ignore otherwise
        if "topic" in validated_data and user.is_superuser:
            instance.topic.set(validated_data.get("topic", []))

        # optional nested objects
        if links_data := validated_data.get("links"):
            instance = delete_links(instance)

            for link_data in links_data:
                NoteLink.objects.create(note=instance, **link_data)

        instance.updated_by = self.context.get("request").user.username

        instance.save()

        return instance