X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/c07a8fb779699c186417d5435e5b935ef340a3a5..29b00497f9103bb31f9e236bdf5844b9a6fa79ea:/src/social/api/views.py?ds=inline diff --git a/src/social/api/views.py b/src/social/api/views.py index ea8b1287e..9d8fd4a59 100644 --- a/src/social/api/views.py +++ b/src/social/api/views.py @@ -2,11 +2,11 @@ # Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # from datetime import datetime -from pytz import utc +from django.db.models import Q from django.http import Http404 -from django.utils.timezone import now +from django.utils.timezone import now, utc from rest_framework.generics import ListAPIView, ListCreateAPIView, RetrieveAPIView, RetrieveUpdateAPIView, RetrieveUpdateDestroyAPIView, get_object_or_404 -from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly +from rest_framework.permissions import SAFE_METHODS, IsAuthenticated, IsAuthenticatedOrReadOnly from rest_framework.response import Response from rest_framework import serializers from rest_framework.views import APIView @@ -23,6 +23,20 @@ import bookmarks.models from bookmarks.api.views import BookmarkSerializer +class SettingsSerializer(serializers.ModelSerializer): + class Meta: + model = models.UserProfile + fields = ['notifications'] + + +class SettingsView(RetrieveUpdateAPIView): + permission_classes = [IsAuthenticated] + serializer_class = SettingsSerializer + + def get_object(self): + return models.UserProfile.get_for(self.request.user) + + @never_cache class LikeView(APIView): permission_classes = [IsAuthenticated] @@ -203,14 +217,24 @@ class ListsView(ListCreateAPIView): @never_cache class ListView(RetrieveUpdateDestroyAPIView): # TODO: check if can modify - permission_classes = [IsAuthenticated] + permission_classes = [IsAuthenticatedOrReadOnly] serializer_class = UserListSerializer def get_object(self): - return get_object_or_404( - models.UserList, - slug=self.kwargs['slug'], - user=self.request.user) + if self.request.method in SAFE_METHODS: + q = Q(deleted=False) + if self.request.user.is_authenticated: + q |= Q(user=self.request.user) + return get_object_or_404( + models.UserList, + q, + slug=self.kwargs['slug'], + ) + else: + return get_object_or_404( + models.UserList, + slug=self.kwargs['slug'], + user=self.request.user) def perform_update(self, serializer): serializer.save(user=self.request.user) @@ -224,10 +248,9 @@ class ListView(RetrieveUpdateDestroyAPIView): return Response(self.get_serializer(instance).data) def perform_destroy(self, instance): - instance.update( - deleted=True, - updated_at=now() - ) + instance.deleted = True + instance.updated_at = now() + instance.save() @never_cache @@ -404,6 +427,8 @@ class SyncView(ListAPIView): def post(self, request): new_ids = [] data = request.data + if not isinstance(data, list): + raise serializers.ValidationError('Payload should be a list') for item in data: instance = self.get_instance(request.user, item) ser = self.get_serializer( @@ -464,8 +489,9 @@ class BookmarkSyncView(SyncView): sync_id_field = 'uuid' sync_id_serializer_field = 'uuid' - def get_queryset_for_ts(self, timestamp): - return self.model.objects.filter( - user=self.request.user, - created_at__gt=timestamp - ).order_by('created_at') + def get_instance(self, user, data): + ret = super().get_instance(user, data) + if ret is None: + if data.get('location'): + ret = self.model.get_by_location(user, data['location']) + return ret