X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/32e6c086edfca8358646c6699385c91def44159e..37cb52d2e87c491ded0b1f090afd403deaa5e616:/src/bookmarks/api/views.py

diff --git a/src/bookmarks/api/views.py b/src/bookmarks/api/views.py
index a9fb7c5d4..b500a6654 100644
--- a/src/bookmarks/api/views.py
+++ b/src/bookmarks/api/views.py
@@ -1,5 +1,6 @@
 from api.utils import never_cache
 
+from django.db.models import Q
 from django.http import Http404, JsonResponse
 from django.shortcuts import render, get_object_or_404
 from django.views.decorators import cache
@@ -10,17 +11,23 @@ from lxml import html
 import re
 from rest_framework.generics import ListAPIView, ListCreateAPIView, RetrieveUpdateDestroyAPIView
 from rest_framework import serializers
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import SAFE_METHODS, IsAuthenticated, IsAuthenticatedOrReadOnly
 from api.fields import AbsoluteURLField
 
 
 class BookmarkSerializer(serializers.ModelSerializer):
-    book = serializers.SlugRelatedField(queryset=catalogue.models.Book.objects.all(), slug_field='slug')
+    book = serializers.SlugRelatedField(
+        queryset=catalogue.models.Book.objects.all(), slug_field='slug',
+        required=False
+    )
     href = AbsoluteURLField(view_name='api_bookmark', view_args=['uuid'])
+    timestamp = serializers.IntegerField(required=False)
+    location = serializers.CharField(required=False)
     
     class Meta:
         model = models.Bookmark
-        fields = ['book', 'anchor', 'note', 'href']
+        fields = ['book', 'anchor', 'audio_timestamp', 'mode', 'note', 'href', 'uuid', 'location', 'timestamp', 'deleted']
+        read_only_fields = ['uuid', 'mode']
 
 
 
@@ -48,9 +55,15 @@ class BookBookmarksView(ListAPIView):
 
 @never_cache
 class BookmarkView(RetrieveUpdateDestroyAPIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticatedOrReadOnly]
     serializer_class = BookmarkSerializer
     lookup_field = 'uuid'
 
     def get_queryset(self):
-        return self.request.user.bookmark_set.all()
+        if self.request.method in SAFE_METHODS:
+            q = Q(deleted=False)
+            if self.request.user.is_authenticated:
+                q |= Q(user=self.request.user)
+            return models.Bookmark.objects.filter(q)
+        else:
+            return self.request.user.bookmark_set.all()