consolidate API code for core and plus, fix access/default change in sliceplus, shore up caller arguments in update
diff --git a/planetstack/core/xoslib/methods/plus.py b/planetstack/core/xoslib/methods/plus.py
index a50b064..f753620 100644
--- a/planetstack/core/xoslib/methods/plus.py
+++ b/planetstack/core/xoslib/methods/plus.py
@@ -2,6 +2,7 @@
 from rest_framework import serializers
 from rest_framework.response import Response
 from rest_framework import status
+from xosapibase import XOSRetrieveUpdateDestroyAPIView, XOSListCreateAPIView
 
 """ PlusSerializerMixin
 
@@ -25,87 +26,7 @@
     def getBackendHtml(self, obj):
         return obj.getBackendHtml()
 
-# XXX this was lifted and hacked up a bit from genapi.py
-class PlusListCreateAPIView(generics.ListCreateAPIView):
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.DATA, files=request.FILES)
-        if not (serializer.is_valid()):
-            response = {"error": "validation",
-                        "specific_error": "not serializer.is_valid()",

-                        "reasons": serializer.errors}

-            return Response(response, status=status.HTTP_400_BAD_REQUEST)
 
-        # now do XOS can_update permission checking
 
-        obj = serializer.object
-        obj.caller = request.user
-        if not obj.can_update(request.user):
-            response = {"error": "validation",
-                        "specific_error": "failed can_update",

-                        "reasons": []}

-            return Response(response, status=status.HTTP_400_BAD_REQUEST)
 
-        # stuff below is from generics.ListCreateAPIView
-
-        if (hasattr(self, "pre_save")):
-            # rest_framework 2.x
-            self.pre_save(serializer.object)
-            self.object = serializer.save(force_insert=True)
-            self.post_save(self.object, created=True)
-        else:
-            # rest_framework 3.x
-            self.perform_create(serializer)
-
-        headers = self.get_success_headers(serializer.data)
-        return Response(serializer.data, status=status.HTTP_201_CREATED,

-                        headers=headers)
-
-# XXX this is taken from genapi.py
-# XXX find a better way to re-use the code
-class PlusRetrieveUpdateDestroyAPIView(generics.RetrieveUpdateDestroyAPIView):
-
-    # To handle fine-grained field permissions, we have to check can_update
-    # the object has been updated but before it has been saved.
-
-    def update(self, request, *args, **kwargs):

-        partial = kwargs.pop('partial', False)

-        self.object = self.get_object_or_none()

-

-        serializer = self.get_serializer(self.object, data=request.DATA,

-                                         files=request.FILES, partial=partial)

-

-        if not serializer.is_valid():

-            response = {"error": "validation",

-                        "specific_error": "not serializer.is_valid()",

-                        "reasons": serializer.errors}

-            return Response(response, status=status.HTTP_400_BAD_REQUEST)

-

-        try:

-            self.pre_save(serializer.object)

-        except ValidationError as err:

-            # full_clean on model instance may be called in pre_save,

-            # so we have to handle eventual errors.

-            response = {"error": "validation",

-                         "specific_error": "ValidationError in pre_save",

-                         "reasons": err.message_dict}

-            return Response(response, status=status.HTTP_400_BAD_REQUEST)

-

-        if serializer.object is not None:

-            if not serializer.object.can_update(request.user):

-                return Response(status=status.HTTP_400_BAD_REQUEST)

-

-        if self.object is None:

-            raise Exception("Use the List API for creating objects")

-

-        self.object = serializer.save(force_update=True)

-        self.object.caller = request.user

-        self.post_save(self.object, created=False)

-        return Response(serializer.data, status=status.HTTP_200_OK)
-
-    def destroy(self, request, *args, **kwargs):
-        obj = self.get_object()
-        if obj.can_update(request.user):
-            return super(generics.RetrieveUpdateDestroyAPIView, self).destroy(request, *args, **kwargs)
-        else:
-            return Response(status=status.HTTP_400_BAD_REQUEST)
 
diff --git a/planetstack/core/xoslib/methods/sliceplus.py b/planetstack/core/xoslib/methods/sliceplus.py
index 2af4263..0539e62 100644
--- a/planetstack/core/xoslib/methods/sliceplus.py
+++ b/planetstack/core/xoslib/methods/sliceplus.py
@@ -6,7 +6,8 @@
 from core.models import *

 from django.forms import widgets
 from core.xoslib.objects.sliceplus import SlicePlus
-from plus import PlusSerializerMixin, PlusRetrieveUpdateDestroyAPIView, PlusListCreateAPIView
+from plus import PlusSerializerMixin
+from xosapibase import XOSListCreateAPIView, XOSRetrieveUpdateDestroyAPIView
 from rest_framework.exceptions import PermissionDenied as RestFrameworkPermissionDenied
 
 if hasattr(serializers, "ReadOnlyField"):
@@ -70,7 +71,7 @@
                       'default_image', 'default_flavor',
                       'serviceClass','creator','networks','sliceInfo','network_ports','backendIcon','backendHtml','site_allocation','site_ready','users',"user_names","current_user_can_see")
 
-class SlicePlusList(PlusListCreateAPIView):
+class SlicePlusList(XOSListCreateAPIView):
     queryset = SlicePlus.objects.select_related().all()
     serializer_class = SlicePlusIdSerializer
 
@@ -98,7 +99,7 @@
 
         return slices
 
-class SlicePlusDetail(PlusRetrieveUpdateDestroyAPIView):
+class SlicePlusDetail(XOSRetrieveUpdateDestroyAPIView):
     queryset = SlicePlus.objects.select_related().all()
     serializer_class = SlicePlusIdSerializer
 
@@ -110,16 +111,4 @@
             raise RestFrameworkPermissionDenied("You must be authenticated in order to use this API")
         return SlicePlus.select_by_user(self.request.user)
 
-    def update(self, request, *args, **kwargs):
-        obj = self.get_object()
-        if obj.can_update(request.user):
-            return super(SlicePlusDetail, self).update(request, *args, **kwargs)
-        else:
-            return Response(status=status.HTTP_400_BAD_REQUEST)
 
-    def destroy(self, request, *args, **kwargs):
-        obj = self.get_object()
-        if obj.can_update(request.user):
-            return super(SlicePlusDetail, self).destroy(request, *args, **kwargs)
-        else:
-            return Response(status=status.HTTP_400_BAD_REQUEST)