diff --git a/game/api/v1/serializers.py b/game/api/v1/serializers.py index 3305596..acff60f 100644 --- a/game/api/v1/serializers.py +++ b/game/api/v1/serializers.py @@ -1,5 +1,3 @@ -from abc import ABC - from rest_framework import serializers from rest_framework.exceptions import ValidationError @@ -66,17 +64,24 @@ class CreateDeckSerializer(serializers.ModelSerializer): fields = ("hero_ids",) def validate_hero_ids(self, value): - if self.context["request"].method == "POST": - for x in value: - if not (hero := Hero.objects.filter(uuid=x)): - raise ValidationError(f"Hero with uuid {x} doesn't exist") + if len(set(value)) != 16: + raise ValidationError("Some of the uuids are not unique") + for x in value: + if not (hero := Hero.objects.filter(uuid=x)): + raise ValidationError(f"Hero with uuid {x} doesn't exist") + + if hero.first().player.id != self.context["request"].user.id: + raise ValidationError( + f"Attempt to manipulate player with id {hero.first().player.id} hero" + ) + + if self.context["request"].method in ["POST"]: if deck := HeroInDeck.objects.filter(hero=hero.first()): raise ValidationError( f"Hero with uuid {x} is already in deck with id {deck.first().deck.id}" ) - elif self.context["request"].method in ["PUT", "PATCH"]: - print(value) + return value def create(self, validated_data): @@ -86,7 +91,12 @@ class CreateDeckSerializer(serializers.ModelSerializer): return deck def update(self, instance, validated_data): - print(instance, validated_data) + for x in instance.get_heroes(): + HeroInDeck.objects.get(hero=x).delete() + + for x in validated_data["hero_ids"]: + HeroInDeck.objects.create(hero_id=x, deck=instance) + return instance diff --git a/game/api/v1/views.py b/game/api/v1/views.py index bcfcf67..ee3b564 100644 --- a/game/api/v1/views.py +++ b/game/api/v1/views.py @@ -119,31 +119,35 @@ class RetireUpdateDeleteDeckView( def get(self, request, *args, **kwargs): return self.retrieve(request, *args, **kwargs) - def put(self, request, *args, **kwargs): - if not self._check_user_identity(request.user.id, kwargs["id"]): - return Response( - "Attempt to change another user's deck", - status=status.HTTP_403_FORBIDDEN, - ) - return self.update(request, *args, **kwargs) + def perform_update(self, serializer): + return serializer.update(self.get_object(), self.request.data) - def patch(self, request, *args, **kwargs): - if not self._check_user_identity(request.user.id, kwargs["id"]): + def put(self, request, *args, **kwargs): + if not self._check_user_identity(kwargs["id"]): return Response( "Attempt to change another user's deck", status=status.HTTP_403_FORBIDDEN, ) - return self.partial_update(request, *args, **kwargs) + serializer = self.get_serializer(data=request.data) + serializer.is_valid(raise_exception=True) + instance = self.perform_update(serializer) + heroes_list = ListHeroSerializer(instance.get_heroes(), many=True) + return Response(heroes_list.data, status=status.HTTP_200_OK) def delete(self, request, *args, **kwargs): - if not self._check_user_identity(request.user.id, kwargs["id"]): + if not self._check_user_identity(kwargs["id"]): return Response( "Attempt to delete another user's deck", status=status.HTTP_403_FORBIDDEN, ) - return self.destroy(request, *args, **kwargs) - - def _check_user_identity(self, user_id, deck_id) -> bool: - return deck_id in list( - Deck.objects.filter(player_id=user_id).values_list("id", flat=True) + self.destroy(request, *args, **kwargs) + return Response( + f"Destroyed deck with id {kwargs['id']}", status=status.HTTP_200_OK + ) + + def _check_user_identity(self, deck_id) -> bool: + return deck_id in list( + Deck.objects.filter(player_id=self.request.user.id).values_list( + "id", flat=True + ) )