From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Wed, 5 Feb 2014 15:57:21 +0000 (-0500)
Subject: override create, update and destroy view methods to support rbac
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=9525eba82a4da84752afc3188d862c4b531ec794;p=plstackapi.git

override create, update and destroy view methods to support rbac
---

diff --git a/planetstack/apigen/api.template.py b/planetstack/apigen/api.template.py
index 537a3f0..393f142 100644
--- a/planetstack/apigen/api.template.py
+++ b/planetstack/apigen/api.template.py
@@ -59,11 +59,34 @@ class {{ object.camel }}List(generics.ListCreateAPIView):
     def get_queryset(self):
         return {{ object.camel }}.select_by_user(self.request.user)
 
+    def create(self, request, *args, **kwargs):
+        #obj = {{ object.camel }}().update(request.DATA)
+        obj = self.get_object()
+        if obj.can_update(request.user):
+            return super({{ object.camel }}List, self).create(request, *args, **kwargs)
+        else:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
 class {{ object.camel }}Detail(generics.RetrieveUpdateDestroyAPIView):
     #queryset = {{ object.camel }}.objects.all()
     serializer_class = {{ object.camel }}Serializer
     
     def get_queryset(self):
-        return {{ object.camel }}.select_by_user(self.request.user) 
+        return {{ object.camel }}.select_by_user(self.request.user)
+
+    def update(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_update(request.user):
+            return super({{ object.camel }}Detail, self).update(request, *args, **kwargs)
+        else:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+
+    def destroy(self, request, *args, **kwargs):
+        obj = self.get_object()
+        if obj.can_update(request.user):
+            return super({{ object.camel }}Detail, self).destroy(request, *args, **kwargs)
+        else:
+            return Response(status=status.HTTP_400_BAD_REQUEST)
+     
 
 {% endfor %}