X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/c07a8fb779699c186417d5435e5b935ef340a3a5..98f221431f6c2ad7331ca11a38d701b33a16be0c:/src/social/api/views.py

diff --git a/src/social/api/views.py b/src/social/api/views.py
index ea8b1287e..f89de2704 100644
--- a/src/social/api/views.py
+++ b/src/social/api/views.py
@@ -2,11 +2,11 @@
 # Copyright Â© Fundacja Wolne Lektury. See NOTICE for more information.
 #
 from datetime import datetime
-from pytz import utc
+from django.db.models import Q
 from django.http import Http404
-from django.utils.timezone import now
+from django.utils.timezone import now, utc
 from rest_framework.generics import ListAPIView, ListCreateAPIView, RetrieveAPIView, RetrieveUpdateAPIView, RetrieveUpdateDestroyAPIView, get_object_or_404
-from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly
+from rest_framework.permissions import SAFE_METHODS, IsAuthenticated, IsAuthenticatedOrReadOnly
 from rest_framework.response import Response
 from rest_framework import serializers
 from rest_framework.views import APIView
@@ -23,6 +23,20 @@ import bookmarks.models
 from bookmarks.api.views import BookmarkSerializer
 
 
+class SettingsSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.UserProfile
+        fields = ['notifications']
+
+
+class SettingsView(RetrieveUpdateAPIView):
+    permission_classes = [IsAuthenticated]
+    serializer_class = SettingsSerializer
+
+    def get_object(self):
+        return models.UserProfile.get_for(self.request.user)
+
+
 @never_cache
 class LikeView(APIView):
     permission_classes = [IsAuthenticated]
@@ -112,7 +126,10 @@ class UserListSerializer(serializers.ModelSerializer):
             'deleted',
             'books',
         ]
-        read_only_fields = ['favorites']
+        read_only_fields = [
+            'favorites',
+            'slug',
+        ]
         extra_kwargs = {
             'slug': {
                 'required': False
@@ -125,17 +142,21 @@ class UserListSerializer(serializers.ModelSerializer):
             validated_data['name'],
             create=True
         )
-        instance.userlistitem_set.all().delete()
-        for book in validated_data['books']:
-            instance.append(book)
+        if 'books' in validated_data:
+            instance.userlistitem_set.all().delete()
+            for book in validated_data['books']:
+                instance.append(book)
         return instance
 
     def update(self, instance, validated_data):
-        instance.userlistitem_set.all().delete()
-        for book in validated_data['books']:
-            instance.append(instance)
+        super().update(instance, validated_data)
+        if 'books' in validated_data:
+            instance.userlistitem_set.all().delete()
+            for book in validated_data['books']:
+                instance.append(instance)
         return instance
 
+
 class UserListBooksSerializer(UserListSerializer):
     class Meta:
         model = models.UserList
@@ -203,14 +224,24 @@ class ListsView(ListCreateAPIView):
 @never_cache
 class ListView(RetrieveUpdateDestroyAPIView):
     # TODO: check if can modify
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticatedOrReadOnly]
     serializer_class = UserListSerializer
 
     def get_object(self):
-        return get_object_or_404(
-            models.UserList,
-            slug=self.kwargs['slug'],
-            user=self.request.user)
+        if self.request.method in SAFE_METHODS:
+            q = Q(deleted=False)
+            if self.request.user.is_authenticated:
+                q |= Q(user=self.request.user)
+            return get_object_or_404(
+                models.UserList,
+                q,
+                slug=self.kwargs['slug'],
+            )
+        else:
+            return get_object_or_404(
+                models.UserList.all_objects.all(),
+                slug=self.kwargs['slug'],
+                user=self.request.user)
 
     def perform_update(self, serializer):
         serializer.save(user=self.request.user)
@@ -224,10 +255,9 @@ class ListView(RetrieveUpdateDestroyAPIView):
         return Response(self.get_serializer(instance).data)
 
     def perform_destroy(self, instance):
-        instance.update(
-            deleted=True,
-            updated_at=now()
-        )
+        instance.deleted = True
+        instance.updated_at = now()
+        instance.save()
 
 
 @never_cache
@@ -404,6 +434,8 @@ class SyncView(ListAPIView):
     def post(self, request):
         new_ids = []
         data = request.data
+        if not isinstance(data, list):
+            raise serializers.ValidationError('Payload should be a list')
         for item in data:
             instance = self.get_instance(request.user, item)
             ser = self.get_serializer(
@@ -446,7 +478,7 @@ class UserListItemSyncView(SyncView):
     sync_user_field = 'list__user'
 
     def get_queryset_for_ts(self, timestamp):
-        qs = self.model.objects.filter(
+        qs = self.model.all_objects.filter(
             updated_at__gt=timestamp,
             **{
                 self.sync_user_field: self.request.user
@@ -464,8 +496,9 @@ class BookmarkSyncView(SyncView):
     sync_id_field = 'uuid'
     sync_id_serializer_field = 'uuid'
 
-    def get_queryset_for_ts(self, timestamp):
-        return self.model.objects.filter(
-            user=self.request.user,
-            created_at__gt=timestamp
-        ).order_by('created_at')
+    def get_instance(self, user, data):
+        ret = super().get_instance(user, data)
+        if ret is None:
+            if data.get('location'):
+                ret = self.model.get_by_location(user, data['location'])
+        return ret