From 60a791aed9104541fb3e0a94f9d2a468ee14f1ac Mon Sep 17 00:00:00 2001
From: Konrad Mohrfeldt <konrad.mohrfeldt@farbdev.org>
Date: Thu, 17 Mar 2022 00:33:28 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20don=E2=80=99t=20advertise=20prohibited?=
 =?UTF-8?q?=20API=20methods?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There is no point in advertising the methods by inheriting from
the default CRUD viewset, if we donâ€™t actually intend to implement them.
---
 program/views.py | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/program/views.py b/program/views.py
index fbc17335..bb2f1260 100644
--- a/program/views.py
+++ b/program/views.py
@@ -22,7 +22,7 @@ import json
 import logging
 from datetime import date, datetime, time
 
-from rest_framework import permissions, status, viewsets
+from rest_framework import mixins, permissions, status, viewsets
 from rest_framework.pagination import LimitOffsetPagination
 from rest_framework.response import Response
 
@@ -187,7 +187,13 @@ def json_playout(request):
     )
 
 
-class APIUserViewSet(viewsets.ModelViewSet):
+class APIUserViewSet(
+    mixins.CreateModelMixin,
+    mixins.RetrieveModelMixin,
+    mixins.UpdateModelMixin,
+    mixins.ListModelMixin,
+    viewsets.GenericViewSet,
+):
     """
     /users returns oneself. Superusers see all users. Only superusers may create a user (GET, POST)
     /users/{pk} retrieves or updates a single user. Non-superusers may only update certain fields
@@ -257,10 +263,6 @@ class APIUserViewSet(viewsets.ModelViewSet):
 
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
-    def destroy(self, request, *args, **kwargs):
-        """Deleting users is prohibited: Set 'is_active' to False instead"""
-        return Response(status=status.HTTP_400_BAD_REQUEST)
-
 
 class APIShowViewSet(viewsets.ModelViewSet):
     """
@@ -497,7 +499,16 @@ class APIScheduleViewSet(viewsets.ModelViewSet):
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
-class APITimeSlotViewSet(viewsets.ModelViewSet):
+# TODO: Create is currently not implemented because timeslots are supposed to be inserted
+#       by creating or updating a schedule.
+#       There might be a use case for adding a single timeslot without any conflicts though.
+class APITimeSlotViewSet(
+    mixins.RetrieveModelMixin,
+    mixins.UpdateModelMixin,
+    mixins.DestroyModelMixin,
+    mixins.ListModelMixin,
+    viewsets.GenericViewSet,
+):
     """
     Returns a list of timeslots.
 
@@ -536,13 +547,6 @@ class APITimeSlotViewSet(viewsets.ModelViewSet):
         serializer = TimeSlotSerializer(timeslot)
         return Response(serializer.data)
 
-    def create(self, request, *args, **kwargs):
-        """
-        Timeslots may only be created by adding/updating schedules
-        TODO: Adding single timeslot which fits to schedule?
-        """
-        return Response(status=status.HTTP_400_BAD_REQUEST)
-
     def update(self, request, *args, **kwargs):
         """Link a playlist_id to a timeslot"""
 
-- 
GitLab