X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/d6c0916e7ff6b39b641133fbc0da659457d890d9..b53c0bf51b8e43e4761b05bd4671b440b0861468:/src/social/api/views.py?ds=sidebyside diff --git a/src/social/api/views.py b/src/social/api/views.py index 402245dc9..f89de2704 100644 --- a/src/social/api/views.py +++ b/src/social/api/views.py @@ -2,10 +2,11 @@ # Copyright © Fundacja Wolne Lektury. See NOTICE for more information. # from datetime import datetime +from django.db.models import Q from django.http import Http404 from django.utils.timezone import now, utc from rest_framework.generics import ListAPIView, ListCreateAPIView, RetrieveAPIView, RetrieveUpdateAPIView, RetrieveUpdateDestroyAPIView, get_object_or_404 -from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly +from rest_framework.permissions import SAFE_METHODS, IsAuthenticated, IsAuthenticatedOrReadOnly from rest_framework.response import Response from rest_framework import serializers from rest_framework.views import APIView @@ -125,7 +126,10 @@ class UserListSerializer(serializers.ModelSerializer): 'deleted', 'books', ] - read_only_fields = ['favorites'] + read_only_fields = [ + 'favorites', + 'slug', + ] extra_kwargs = { 'slug': { 'required': False @@ -138,17 +142,21 @@ class UserListSerializer(serializers.ModelSerializer): validated_data['name'], create=True ) - instance.userlistitem_set.all().delete() - for book in validated_data['books']: - instance.append(book) + if 'books' in validated_data: + instance.userlistitem_set.all().delete() + for book in validated_data['books']: + instance.append(book) return instance def update(self, instance, validated_data): - instance.userlistitem_set.all().delete() - for book in validated_data['books']: - instance.append(instance) + super().update(instance, validated_data) + if 'books' in validated_data: + instance.userlistitem_set.all().delete() + for book in validated_data['books']: + instance.append(instance) return instance + class UserListBooksSerializer(UserListSerializer): class Meta: model = models.UserList @@ -216,14 +224,24 @@ class ListsView(ListCreateAPIView): @never_cache class ListView(RetrieveUpdateDestroyAPIView): # TODO: check if can modify - permission_classes = [IsAuthenticated] + permission_classes = [IsAuthenticatedOrReadOnly] serializer_class = UserListSerializer def get_object(self): - return get_object_or_404( - models.UserList, - slug=self.kwargs['slug'], - user=self.request.user) + if self.request.method in SAFE_METHODS: + q = Q(deleted=False) + if self.request.user.is_authenticated: + q |= Q(user=self.request.user) + return get_object_or_404( + models.UserList, + q, + slug=self.kwargs['slug'], + ) + else: + return get_object_or_404( + models.UserList.all_objects.all(), + slug=self.kwargs['slug'], + user=self.request.user) def perform_update(self, serializer): serializer.save(user=self.request.user) @@ -237,10 +255,9 @@ class ListView(RetrieveUpdateDestroyAPIView): return Response(self.get_serializer(instance).data) def perform_destroy(self, instance): - instance.update( - deleted=True, - updated_at=now() - ) + instance.deleted = True + instance.updated_at = now() + instance.save() @never_cache @@ -461,7 +478,7 @@ class UserListItemSyncView(SyncView): sync_user_field = 'list__user' def get_queryset_for_ts(self, timestamp): - qs = self.model.objects.filter( + qs = self.model.all_objects.filter( updated_at__gt=timestamp, **{ self.sync_user_field: self.request.user