From 862486a554d3b3bb92ffb045697dc5bd2a68bccf Mon Sep 17 00:00:00 2001
From: ingo <ingo.leindecker@fro.at>
Date: Sat, 10 Aug 2019 19:14:29 +0200
Subject: [PATCH] Don't allow DELETE shows via API for documentation purposes.
Set is_active to False instead. See #28
---
program/views.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/program/views.py b/program/views.py
index bace06fe..4b139d16 100644
--- a/program/views.py
+++ b/program/views.py
@@ -445,7 +445,7 @@ class APIShowViewSet(viewsets.ModelViewSet):
/api/v1/shows/?active=false Returns all inactive shows (= past or upcoming) (GET)
/api/v1/shows/?host=1 Returns shows assigned to a given host (GET)
/api/v1/shows/?owner=1 Returns shows of a given owner (GET)
- /api/v1/shows/1 Used for retrieving a single show or update (if owned) (GET, PUT, DELETE)
+ /api/v1/shows/1 Used for retrieving a single show or update (if owned) (GET, PUT) - DELETE is not allowed via API. Set is_active to False instead.
/api/v1/shows/1/notes Returns all notes to the show (GET) - POST not allowed at this level, use /shows/1/schedules/1/timeslots/1/note instead
/api/v1/shows/1/notes/1 Returns the note of the show by its ID (GET) - PUT/DELETE not allowed at this level, use /shows/1/schedules/1/timeslots/1/note/1/ instead
/api/v1/shows/1/schedules Returns all schedules of the show (GET, POST)
@@ -554,6 +554,7 @@ class APIShowViewSet(viewsets.ModelViewSet):
Only superusers may delete shows
"""
+ """
if not request.user.is_superuser:
return Response(status=status.HTTP_401_UNAUTHORIZED)
@@ -561,7 +562,9 @@ class APIShowViewSet(viewsets.ModelViewSet):
Show.objects.get(pk=pk).delete()
return Response(status=status.HTTP_204_NO_CONTENT)
+ """
+ return Response(status=status.HTTP_401_UNAUTHORIZED)
class APIScheduleViewSet(viewsets.ModelViewSet):
--
GitLab