From 11d17c4ebde6d97a09a5e4fa22469891598e8ae7 Mon Sep 17 00:00:00 2001 From: krmax44 Date: Fri, 6 Dec 2024 15:47:15 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=A6=BA=20ensure=20foirequest=20reference?= =?UTF-8?q?=20can=20only=20be=20set=20when=20initially=20creating?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit workaround since restframework doesn't support read & create only, see https://github.com/encode/django-rest-framework/discussions/8606 --- froide/foirequest/serializers.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/froide/foirequest/serializers.py b/froide/foirequest/serializers.py index 462c38705..5dbdd8ab8 100644 --- a/froide/foirequest/serializers.py +++ b/froide/foirequest/serializers.py @@ -4,6 +4,7 @@ from django.utils.translation import gettext as _ from rest_framework import permissions, serializers +from rest_framework.generics import ValidationError from rest_framework.views import PermissionDenied from froide.document.api_views import DocumentSerializer @@ -179,6 +180,11 @@ def get_queryset(self): else: return get_write_foirequest_queryset(request) + def run_validation(self, data): + if self.context["view"].action == "create": + return super().run_validation(data) + raise ValidationError(_("Can only set request reference when creating.")) + class FoiMessageRelatedField(serializers.HyperlinkedRelatedField): def __init__(self, **kwargs): @@ -302,7 +308,7 @@ def validate_kind(self, value): # forbid users from e.g. creating a fake e-mail message if value not in MESSAGE_KIND_USER_ALLOWED: raise serializers.ValidationError( - "This message kind can not be created via the API." + _("This message kind can not be created via the API.") ) return value @@ -388,7 +394,7 @@ def validate(self, data): data=data, foimessage=data["message"], user=self.context["request"].user ) if not self.form.is_valid(): - raise serializers.ValidationError("Invalid upload") + raise serializers.ValidationError(_("Invalid upload")) return data