From 9525eba82a4da84752afc3188d862c4b531ec794 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Wed, 5 Feb 2014 10:57:21 -0500 Subject: [PATCH] override create, update and destroy view methods to support rbac --- planetstack/apigen/api.template.py | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/planetstack/apigen/api.template.py b/planetstack/apigen/api.template.py index 537a3f0..393f142 100644 --- a/planetstack/apigen/api.template.py +++ b/planetstack/apigen/api.template.py @@ -59,11 +59,34 @@ class {{ object.camel }}List(generics.ListCreateAPIView): def get_queryset(self): return {{ object.camel }}.select_by_user(self.request.user) + def create(self, request, *args, **kwargs): + #obj = {{ object.camel }}().update(request.DATA) + obj = self.get_object() + if obj.can_update(request.user): + return super({{ object.camel }}List, self).create(request, *args, **kwargs) + else: + return Response(status=status.HTTP_400_BAD_REQUEST) + class {{ object.camel }}Detail(generics.RetrieveUpdateDestroyAPIView): #queryset = {{ object.camel }}.objects.all() serializer_class = {{ object.camel }}Serializer def get_queryset(self): - return {{ object.camel }}.select_by_user(self.request.user) + return {{ object.camel }}.select_by_user(self.request.user) + + def update(self, request, *args, **kwargs): + obj = self.get_object() + if obj.can_update(request.user): + return super({{ object.camel }}Detail, self).update(request, *args, **kwargs) + else: + return Response(status=status.HTTP_400_BAD_REQUEST) + + def destroy(self, request, *args, **kwargs): + obj = self.get_object() + if obj.can_update(request.user): + return super({{ object.camel }}Detail, self).destroy(request, *args, **kwargs) + else: + return Response(status=status.HTTP_400_BAD_REQUEST) + {% endfor %} -- 2.45.2