mirror of
https://github.com/evgen-app/chess_rpg_backend.git
synced 2025-07-16 02:52:21 +03:00
added check for hero identity, fixed deck update
This commit is contained in:
parent
ea262c3c98
commit
1bb56c25fe
|
|
@ -1,5 +1,3 @@
|
||||||
from abc import ABC
|
|
||||||
|
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
from rest_framework.exceptions import ValidationError
|
from rest_framework.exceptions import ValidationError
|
||||||
|
|
||||||
|
|
@ -66,17 +64,24 @@ class CreateDeckSerializer(serializers.ModelSerializer):
|
||||||
fields = ("hero_ids",)
|
fields = ("hero_ids",)
|
||||||
|
|
||||||
def validate_hero_ids(self, value):
|
def validate_hero_ids(self, value):
|
||||||
if self.context["request"].method == "POST":
|
if len(set(value)) != 16:
|
||||||
for x in value:
|
raise ValidationError("Some of the uuids are not unique")
|
||||||
if not (hero := Hero.objects.filter(uuid=x)):
|
|
||||||
raise ValidationError(f"Hero with uuid {x} doesn't exist")
|
|
||||||
|
|
||||||
|
for x in value:
|
||||||
|
if not (hero := Hero.objects.filter(uuid=x)):
|
||||||
|
raise ValidationError(f"Hero with uuid {x} doesn't exist")
|
||||||
|
|
||||||
|
if hero.first().player.id != self.context["request"].user.id:
|
||||||
|
raise ValidationError(
|
||||||
|
f"Attempt to manipulate player with id {hero.first().player.id} hero"
|
||||||
|
)
|
||||||
|
|
||||||
|
if self.context["request"].method in ["POST"]:
|
||||||
if deck := HeroInDeck.objects.filter(hero=hero.first()):
|
if deck := HeroInDeck.objects.filter(hero=hero.first()):
|
||||||
raise ValidationError(
|
raise ValidationError(
|
||||||
f"Hero with uuid {x} is already in deck with id {deck.first().deck.id}"
|
f"Hero with uuid {x} is already in deck with id {deck.first().deck.id}"
|
||||||
)
|
)
|
||||||
elif self.context["request"].method in ["PUT", "PATCH"]:
|
|
||||||
print(value)
|
|
||||||
return value
|
return value
|
||||||
|
|
||||||
def create(self, validated_data):
|
def create(self, validated_data):
|
||||||
|
|
@ -86,7 +91,12 @@ class CreateDeckSerializer(serializers.ModelSerializer):
|
||||||
return deck
|
return deck
|
||||||
|
|
||||||
def update(self, instance, validated_data):
|
def update(self, instance, validated_data):
|
||||||
print(instance, validated_data)
|
for x in instance.get_heroes():
|
||||||
|
HeroInDeck.objects.get(hero=x).delete()
|
||||||
|
|
||||||
|
for x in validated_data["hero_ids"]:
|
||||||
|
HeroInDeck.objects.create(hero_id=x, deck=instance)
|
||||||
|
|
||||||
return instance
|
return instance
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -119,31 +119,35 @@ class RetireUpdateDeleteDeckView(
|
||||||
def get(self, request, *args, **kwargs):
|
def get(self, request, *args, **kwargs):
|
||||||
return self.retrieve(request, *args, **kwargs)
|
return self.retrieve(request, *args, **kwargs)
|
||||||
|
|
||||||
def put(self, request, *args, **kwargs):
|
def perform_update(self, serializer):
|
||||||
if not self._check_user_identity(request.user.id, kwargs["id"]):
|
return serializer.update(self.get_object(), self.request.data)
|
||||||
return Response(
|
|
||||||
"Attempt to change another user's deck",
|
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
|
||||||
)
|
|
||||||
return self.update(request, *args, **kwargs)
|
|
||||||
|
|
||||||
def patch(self, request, *args, **kwargs):
|
def put(self, request, *args, **kwargs):
|
||||||
if not self._check_user_identity(request.user.id, kwargs["id"]):
|
if not self._check_user_identity(kwargs["id"]):
|
||||||
return Response(
|
return Response(
|
||||||
"Attempt to change another user's deck",
|
"Attempt to change another user's deck",
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
)
|
)
|
||||||
return self.partial_update(request, *args, **kwargs)
|
serializer = self.get_serializer(data=request.data)
|
||||||
|
serializer.is_valid(raise_exception=True)
|
||||||
|
instance = self.perform_update(serializer)
|
||||||
|
heroes_list = ListHeroSerializer(instance.get_heroes(), many=True)
|
||||||
|
return Response(heroes_list.data, status=status.HTTP_200_OK)
|
||||||
|
|
||||||
def delete(self, request, *args, **kwargs):
|
def delete(self, request, *args, **kwargs):
|
||||||
if not self._check_user_identity(request.user.id, kwargs["id"]):
|
if not self._check_user_identity(kwargs["id"]):
|
||||||
return Response(
|
return Response(
|
||||||
"Attempt to delete another user's deck",
|
"Attempt to delete another user's deck",
|
||||||
status=status.HTTP_403_FORBIDDEN,
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
)
|
)
|
||||||
return self.destroy(request, *args, **kwargs)
|
self.destroy(request, *args, **kwargs)
|
||||||
|
return Response(
|
||||||
def _check_user_identity(self, user_id, deck_id) -> bool:
|
f"Destroyed deck with id {kwargs['id']}", status=status.HTTP_200_OK
|
||||||
return deck_id in list(
|
)
|
||||||
Deck.objects.filter(player_id=user_id).values_list("id", flat=True)
|
|
||||||
|
def _check_user_identity(self, deck_id) -> bool:
|
||||||
|
return deck_id in list(
|
||||||
|
Deck.objects.filter(player_id=self.request.user.id).values_list(
|
||||||
|
"id", flat=True
|
||||||
|
)
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user