planetstack/xosapibase.py - xos - Gitiles

 from rest_framework.response import Response
 from rest_framework import serializers
 from rest_framework import generics
 from rest_framework import status
 from rest_framework.exceptions import PermissionDenied as RestFrameworkPermissionDenied
 from django.core.exceptions import PermissionDenied as DjangoPermissionDenied

 class XOSRetrieveUpdateDestroyAPIView(generics.RetrieveUpdateDestroyAPIView):

     # To handle fine-grained field permissions, we have to check can_update
     # the object has been updated but before it has been saved.

     def update(self, request, *args, **kwargs):
         partial = kwargs.pop('partial', False)
         self.object = self.get_object_or_none()

         if self.object is None:
             raise Exception("Use the List API for creating objects")

         serializer = self.get_serializer(self.object, data=request.DATA,
                                          files=request.FILES, partial=partial)

         assert(serializer.object is not None)

         serializer.object.caller = request.user

         if not serializer.is_valid():
             response = {"error": "validation",
                         "specific_error": "not serializer.is_valid()",
                         "reasons": serializer.errors}
             return Response(response, status=status.HTTP_400_BAD_REQUEST)

         try:
             self.pre_save(serializer.object)
         except ValidationError as err:
             # full_clean on model instance may be called in pre_save,
             # so we have to handle eventual errors.
             response = {"error": "validation",
                          "specific_error": "ValidationError in pre_save",
                          "reasons": err.message_dict}
             return Response(response, status=status.HTTP_400_BAD_REQUEST)

         if not serializer.object.can_update(request.user):
             return Response(status=status.HTTP_400_BAD_REQUEST)

         self.object = serializer.save(force_update=True)
         self.post_save(self.object, created=False)
         return Response(serializer.data, status=status.HTTP_200_OK)

     def destroy(self, request, *args, **kwargs):
         obj = self.get_object()
         obj.caller = request.user
         if obj.can_update(request.user):
             # this is the guts of DestroyModelMixin, copied here so that we
             # can use the obj with caller set in it,
             self.pre_delete(obj)
             obj.delete()
             self.post_delete(obj)
             return Response(status=status.HTTP_204_NO_CONTENT)
         else:
             return Response(status=status.HTTP_400_BAD_REQUEST)

     def handle_exception(self, exc):
         # REST API drops the string attached to Django's PermissionDenied
         # exception, and replaces it with a generic "Permission Denied"
         if isinstance(exc, DjangoPermissionDenied):
             response=Response({'detail': str(exc)}, status=status.HTTP_403_FORBIDDEN)
             response.exception=True
             return response
         else:
             return super(XOSRetrieveUpdateDestroyAPIView, self).handle_exception(exc)

 class XOSListCreateAPIView(generics.ListCreateAPIView):
     def create(self, request, *args, **kwargs):
         serializer = self.get_serializer(data=request.DATA, files=request.FILES)
         if not (serializer.is_valid()):
             response = {"error": "validation",
                         "specific_error": "not serializer.is_valid()",
                         "reasons": serializer.errors}
             return Response(response, status=status.HTTP_400_BAD_REQUEST)

         # now do XOS can_update permission checking

         obj = serializer.object
         obj.caller = request.user
         if not obj.can_update(request.user):
             response = {"error": "validation",
                         "specific_error": "failed can_update",
                         "reasons": []}
             return Response(response, status=status.HTTP_400_BAD_REQUEST)

         # stuff below is from generics.ListCreateAPIView

         if (hasattr(self, "pre_save")):
             # rest_framework 2.x
             self.pre_save(serializer.object)
             self.object = serializer.save(force_insert=True)
             self.post_save(self.object, created=True)
         else:
             # rest_framework 3.x
             self.perform_create(serializer)

         headers = self.get_success_headers(serializer.data)
         return Response(serializer.data, status=status.HTTP_201_CREATED,
                         headers=headers)

     def handle_exception(self, exc):
         # REST API drops the string attached to Django's PermissionDenied
         # exception, and replaces it with a generic "Permission Denied"
         if isinstance(exc, DjangoPermissionDenied):
             response=Response({'detail': str(exc)}, status=status.HTTP_403_FORBIDDEN)
             response.exception=True
             return response
         else:
             return super(XOSListCreateAPIView, self).handle_exception(exc)
	from rest_framework.response import Response
	from rest_framework import serializers
	from rest_framework import generics
	from rest_framework import status
	from rest_framework.exceptions import PermissionDenied as RestFrameworkPermissionDenied
	from django.core.exceptions import PermissionDenied as DjangoPermissionDenied

	class XOSRetrieveUpdateDestroyAPIView(generics.RetrieveUpdateDestroyAPIView):

	# To handle fine-grained field permissions, we have to check can_update
	# the object has been updated but before it has been saved.

	def update(self, request, args, *kwargs):
	partial = kwargs.pop('partial', False)
	self.object = self.get_object_or_none()

	if self.object is None:
	raise Exception("Use the List API for creating objects")

	serializer = self.get_serializer(self.object, data=request.DATA,
	files=request.FILES, partial=partial)

	assert(serializer.object is not None)

	serializer.object.caller = request.user

	if not serializer.is_valid():
	response = {"error": "validation",
	"specific_error": "not serializer.is_valid()",
	"reasons": serializer.errors}
	return Response(response, status=status.HTTP_400_BAD_REQUEST)

	try:
	self.pre_save(serializer.object)
	except ValidationError as err:
	# full_clean on model instance may be called in pre_save,
	# so we have to handle eventual errors.
	response = {"error": "validation",
	"specific_error": "ValidationError in pre_save",
	"reasons": err.message_dict}
	return Response(response, status=status.HTTP_400_BAD_REQUEST)

	if not serializer.object.can_update(request.user):
	return Response(status=status.HTTP_400_BAD_REQUEST)

	self.object = serializer.save(force_update=True)
	self.post_save(self.object, created=False)
	return Response(serializer.data, status=status.HTTP_200_OK)

	def destroy(self, request, args, *kwargs):
	obj = self.get_object()
	obj.caller = request.user
	if obj.can_update(request.user):
	# this is the guts of DestroyModelMixin, copied here so that we
	# can use the obj with caller set in it,
	self.pre_delete(obj)
	obj.delete()
	self.post_delete(obj)
	return Response(status=status.HTTP_204_NO_CONTENT)
	else:
	return Response(status=status.HTTP_400_BAD_REQUEST)

	def handle_exception(self, exc):
	# REST API drops the string attached to Django's PermissionDenied
	# exception, and replaces it with a generic "Permission Denied"
	if isinstance(exc, DjangoPermissionDenied):
	response=Response({'detail': str(exc)}, status=status.HTTP_403_FORBIDDEN)
	response.exception=True
	return response
	else:
	return super(XOSRetrieveUpdateDestroyAPIView, self).handle_exception(exc)

	class XOSListCreateAPIView(generics.ListCreateAPIView):
	def create(self, request, args, *kwargs):
	serializer = self.get_serializer(data=request.DATA, files=request.FILES)
	if not (serializer.is_valid()):
	response = {"error": "validation",
	"specific_error": "not serializer.is_valid()",
	"reasons": serializer.errors}
	return Response(response, status=status.HTTP_400_BAD_REQUEST)

	# now do XOS can_update permission checking

	obj = serializer.object
	obj.caller = request.user
	if not obj.can_update(request.user):
	response = {"error": "validation",
	"specific_error": "failed can_update",
	"reasons": []}
	return Response(response, status=status.HTTP_400_BAD_REQUEST)

	# stuff below is from generics.ListCreateAPIView

	if (hasattr(self, "pre_save")):
	# rest_framework 2.x
	self.pre_save(serializer.object)
	self.object = serializer.save(force_insert=True)
	self.post_save(self.object, created=True)
	else:
	# rest_framework 3.x
	self.perform_create(serializer)

	headers = self.get_success_headers(serializer.data)
	return Response(serializer.data, status=status.HTTP_201_CREATED,
	headers=headers)

	def handle_exception(self, exc):
	# REST API drops the string attached to Django's PermissionDenied
	# exception, and replaces it with a generic "Permission Denied"
	if isinstance(exc, DjangoPermissionDenied):
	response=Response({'detail': str(exc)}, status=status.HTTP_403_FORBIDDEN)
	response.exception=True
	return response
	else:
	return super(XOSListCreateAPIView, self).handle_exception(exc)