Skip to content

Commit

Permalink
🦺 ensure foirequest reference can only be set when initially creating
Browse files Browse the repository at this point in the history
workaround since restframework doesn't support read & create only, see encode/django-rest-framework#8606
  • Loading branch information
krmax44 committed Dec 13, 2024
1 parent 8431713 commit 11d17c4
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions froide/foirequest/serializers.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.utils.translation import gettext as _

from rest_framework import permissions, serializers
from rest_framework.generics import ValidationError
from rest_framework.views import PermissionDenied

from froide.document.api_views import DocumentSerializer
Expand Down Expand Up @@ -179,6 +180,11 @@ def get_queryset(self):
else:
return get_write_foirequest_queryset(request)

def run_validation(self, data):
if self.context["view"].action == "create":
return super().run_validation(data)
raise ValidationError(_("Can only set request reference when creating."))


class FoiMessageRelatedField(serializers.HyperlinkedRelatedField):
def __init__(self, **kwargs):
Expand Down Expand Up @@ -302,7 +308,7 @@ def validate_kind(self, value):
# forbid users from e.g. creating a fake e-mail message
if value not in MESSAGE_KIND_USER_ALLOWED:
raise serializers.ValidationError(
"This message kind can not be created via the API."
_("This message kind can not be created via the API.")
)
return value

Expand Down Expand Up @@ -388,7 +394,7 @@ def validate(self, data):
data=data, foimessage=data["message"], user=self.context["request"].user
)
if not self.form.is_valid():
raise serializers.ValidationError("Invalid upload")
raise serializers.ValidationError(_("Invalid upload"))

return data

Expand Down

0 comments on commit 11d17c4

Please sign in to comment.