apps/notes/views.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

from django.views.generic import CreateView, ListView, UpdateView, DeleteView
from django.views.generic.detail import DetailView
from django.utils.decorators import method_decorator
from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404, render, redirect
from django.urls import reverse

from rest_framework import viewsets
from rest_framework.response import Response
from rest_framework.decorators import list_route
from rest_framework import permissions

from .serializers import NoteSerializer, FolderSerializer
from .models import Note, Folder


@method_decorator(login_required, name='dispatch')
class LoggedInCreateViewWithUser(CreateView):

    def get_form_kwargs(self, **kwargs):
        kwargs = super().get_form_kwargs(**kwargs)
        kwargs.update({'user': self.request.user})
        return kwargs


class NoteListView(ListView):
    model = Note

    def get_queryset(self):
        if not self.request.user.is_anonymous:
            return Note.objects.filter(created_by=self.request.user)

    def get_template_names(self):
        if not self.request.user.is_anonymous:
            return ['notes/notes_list.html']
        else:
            return ['sell.html']


class IsOwnerOrDeny(permissions.BasePermission):
    """
    Custom permission to only allow owners to post to their endpoint
    """

    def has_object_permission(self, request, view, obj):
        # Write permissions are only allowed to the owner of the snippet.
        return obj.owner == request.user


class NoteViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows notes to be viewed or edited.
    """
    serializer_class = NoteSerializer
    permission_classes = (permissions.IsAuthenticated, IsOwnerOrDeny,)

    def get_queryset(self):
        return Note.objects.filter(created_by=self.request.user).order_by('-date_created')

    @list_route(methods=['post'])
    def perform_create(self, serializer):
        serializer.save(created_by=self.request.user)
        return super(NoteViewSet, self).perform_create(serializer)

    def get_object(self):
        obj = get_object_or_404(self.get_queryset(), pk=self.kwargs["pk"])
        if obj.is_public:
            return obj
        else:
            self.check_object_permissions(self.request, obj)
            return obj


class FolderViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows folder to be viewed or edited.
    """
    serializer_class = FolderSerializer

    def get_queryset(self):
        return Folder.objects.filter(created_by=self.request.user).order_by('-date_created')

    def perform_create(self, serializer):
        serializer.save(created_by=self.request.user)