Docker/AdventureLog
Docker/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2025-07-31 02:39:38 +02:00
Code Issues Releases Activity

Fix adding and editing adventures in collections when shared

Browse source
This commit is contained in:
Sean Morley 2024-09-02 17:18:18 -04:00
parent 0664d9434c
commit d340934376
1 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

16
backend/server/adventures/views.py
View file

@ -224,13 +224,17 @@ class AdventureViewSet(viewsets.ModelViewSet):
# Check if a collection is provided # Check if a collection is provided
if collection: if collection:
user = self.request.user
# Check if the user is the owner or is in the shared_with list # Check if the user is the owner or is in the shared_with list
if collection.user_id != self.request.user.id and not collection.shared_with.filter(id=self.request.user.id).exists(): if collection.user_id != user and not collection.shared_with.filter(id=user.id).exists():
# Return an error response if the user does not have permission # Return an error response if the user does not have permission
raise PermissionDenied("You do not have permission to use this collection.") raise PermissionDenied("You do not have permission to use this collection.")
# if collection the owner of the adventure is the owner of the collection
serializer.save(user_id=collection.user_id)
return
# Save the adventure with the current user as the owner # Save the adventure with the current user as the owner
serializer.save(user_id=self.request.user.id) serializer.save(user_id=self.request.user)
def paginate_and_respond(self, queryset, request): def paginate_and_respond(self, queryset, request):
paginator = self.pagination_class() paginator = self.pagination_class()
@ -321,6 +325,12 @@ class CollectionViewSet(viewsets.ModelViewSet):
serializer = self.get_serializer(instance, data=request.data, partial=partial) serializer = self.get_serializer(instance, data=request.data, partial=partial)
serializer.is_valid(raise_exception=True) serializer.is_valid(raise_exception=True)
if 'collection' in serializer.validated_data:
new_collection = serializer.validated_data['collection']
# if the new collection is different from the old one and the user making the request is not the owner of the new collection return an error
if new_collection != instance.collection and new_collection.user_id != request.user:
return Response({"error": "User does not own the new collection"}, status=400)
# Check if the 'is_public' field is present in the update data # Check if the 'is_public' field is present in the update data
if 'is_public' in serializer.validated_data: if 'is_public' in serializer.validated_data:
new_public_status = serializer.validated_data['is_public'] new_public_status = serializer.validated_data['is_public']
@ -338,8 +348,6 @@ class CollectionViewSet(viewsets.ModelViewSet):
action = "public" if new_public_status else "private" action = "public" if new_public_status else "private"
print(f"Collection {instance.id} and its adventures were set to {action}") print(f"Collection {instance.id} and its adventures were set to {action}")
self.perform_update(serializer) self.perform_update(serializer)
if getattr(instance, '_prefetched_objects_cache', None): if getattr(instance, '_prefetched_objects_cache', None):