from api.utils import never_cache
+from django.db.models import Q
from django.http import Http404, JsonResponse
from django.shortcuts import render, get_object_or_404
from django.views.decorators import cache
import re
from rest_framework.generics import ListAPIView, ListCreateAPIView, RetrieveUpdateDestroyAPIView
from rest_framework import serializers
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import SAFE_METHODS, IsAuthenticated, IsAuthenticatedOrReadOnly
from api.fields import AbsoluteURLField
class BookmarkSerializer(serializers.ModelSerializer):
- book = serializers.SlugRelatedField(queryset=catalogue.models.Book.objects.all(), slug_field='slug')
+ book = serializers.SlugRelatedField(
+ queryset=catalogue.models.Book.objects.all(), slug_field='slug',
+ required=False
+ )
href = AbsoluteURLField(view_name='api_bookmark', view_args=['uuid'])
+ timestamp = serializers.IntegerField(required=False)
+ location = serializers.CharField(required=False)
class Meta:
model = models.Bookmark
- fields = ['book', 'anchor', 'note', 'href', 'uuid']
- read_only_fields = ['uuid']
+ fields = ['book', 'anchor', 'audio_timestamp', 'mode', 'note', 'href', 'uuid', 'location', 'timestamp', 'deleted']
+ read_only_fields = ['uuid', 'mode']
@never_cache
class BookmarkView(RetrieveUpdateDestroyAPIView):
- permission_classes = [IsAuthenticated]
+ permission_classes = [IsAuthenticatedOrReadOnly]
serializer_class = BookmarkSerializer
lookup_field = 'uuid'
def get_queryset(self):
- return self.request.user.bookmark_set.all()
+ if self.request.method in SAFE_METHODS:
+ q = Q(deleted=False)
+ if self.request.user.is_authenticated:
+ q |= Q(user=self.request.user)
+ return models.Bookmark.objects.filter(q)
+ else:
+ return self.request.user.bookmark_set.all()
fnp / wolnelektury.git / blobdiff