aboutsummaryrefslogtreecommitdiff
path: root/apps/notes/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'apps/notes/views.py')
-rw-r--r--apps/notes/views.py59
1 files changed, 51 insertions, 8 deletions
diff --git a/apps/notes/views.py b/apps/notes/views.py
index ddb72ed..e4b8fda 100644
--- a/apps/notes/views.py
+++ b/apps/notes/views.py
@@ -2,11 +2,16 @@ from django.views.generic import CreateView, ListView, UpdateView, DeleteView
from django.views.generic.detail import DetailView
from django.utils.decorators import method_decorator
from django.contrib.auth.decorators import login_required
+from django.shortcuts import get_object_or_404, render, redirect
+from django.urls import reverse
from rest_framework import viewsets
+from rest_framework.response import Response
+from rest_framework.decorators import list_route
+from rest_framework import permissions
+
from .serializers import NoteSerializer, FolderSerializer
-from .models import Note
-from .forms import NoteForm
+from .models import Note, Folder
@method_decorator(login_required, name='dispatch')
@@ -22,20 +27,58 @@ class NoteListView(ListView):
model = Note
def get_queryset(self):
- return Note.objects.filter(created_by=self.request.user)
+ if not self.request.user.is_anonymous:
+ return Note.objects.filter(created_by=self.request.user)
+ def get_template_names(self):
+ if not self.request.user.is_anonymous:
+ return ['notes/notes_list.html']
+ else:
+ return ['sell.html']
-class NoteCreateView(LoggedInCreateViewWithUser):
- model = Note
- form_class = NoteForm
- template_name = "notes/create.html"
+
+class IsOwnerOrDeny(permissions.BasePermission):
+ """
+ Custom permission to only allow owners to post to their endpoint
+ """
+
+ def has_object_permission(self, request, view, obj):
+ # Write permissions are only allowed to the owner of the snippet.
+ return obj.owner == request.user
class NoteViewSet(viewsets.ModelViewSet):
"""
- API endpoint that allows users to be viewed or edited.
+ API endpoint that allows notes to be viewed or edited.
"""
serializer_class = NoteSerializer
+ permission_classes = (permissions.IsAuthenticated, IsOwnerOrDeny,)
def get_queryset(self):
return Note.objects.filter(created_by=self.request.user).order_by('-date_created')
+
+ @list_route(methods=['post'])
+ def perform_create(self, serializer):
+ serializer.save(created_by=self.request.user)
+ return super(NoteViewSet, self).perform_create(serializer)
+
+ def get_object(self):
+ obj = get_object_or_404(self.get_queryset(), pk=self.kwargs["pk"])
+ if obj.is_public:
+ return obj
+ else:
+ self.check_object_permissions(self.request, obj)
+ return obj
+
+
+class FolderViewSet(viewsets.ModelViewSet):
+ """
+ API endpoint that allows folder to be viewed or edited.
+ """
+ serializer_class = FolderSerializer
+
+ def get_queryset(self):
+ return Folder.objects.filter(created_by=self.request.user).order_by('-date_created')
+
+ def perform_create(self, serializer):
+ serializer.save(created_by=self.request.user)
generated by cgit v1.2.3-70-g09d2 (git 2.47.0) at 2025-02-21 18:20:05 +0000