From a761ac089364a67a0d4b2a53edec2032b711aaae Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Wed, 5 Aug 2020 07:29:36 +0200 Subject: [PATCH 1/3] working on v2 --- rowers/views/apiviews.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py index c6e068d8..428cf684 100644 --- a/rowers/views/apiviews.py +++ b/rowers/views/apiviews.py @@ -91,12 +91,12 @@ def strokedatajson_v2(request,id): row = get_object_or_404(Workout,pk=id) if row.user != request.user.rower: - raise PermissionDenied("You have no access to this workout") + return HttpResponse("You do not have permission to perform this action",status=403) try: id = int(id) except ValueError: - return HttpResponse("Not a valid workout number",status=400) + return HttpResponse("Not a valid workout number",status=404) if request.method == 'GET': columns = ['spm','time','hr','pace','power','distance'] @@ -112,19 +112,19 @@ def strokedatajson_v2(request,id): if request.method == 'POST': checkdata, r = dataprep.getrowdata_db(id=row.id) if not checkdata.empty: - return HttpResponse("Duplicate Error",status=400) + return HttpResponse("Duplicate Error",status=403) df = pd.DataFrame() - print(request.POST) try: - df = pd.read_json(request.POST['data'],orient='split') + df = pd.DataFrame(request.data['data']) except KeyError: try: - df = pd.read_json(request.POST['strokedata'],orient='split') + df = pd.DataFrame(request.data['strokedata']) except: return HttpResponse("No JSON object could be decoded",status=400) + df.index = df.index.astype(int) df.sort_index(inplace=True) From f56e989ed4825e243090bca95cb0d070888b8e5e Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Wed, 5 Aug 2020 07:33:30 +0200 Subject: [PATCH 2/3] fixed --- rowers/views/apiviews.py | 1 + rowers/views/statements.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py index 428cf684..33a19dba 100644 --- a/rowers/views/apiviews.py +++ b/rowers/views/apiviews.py @@ -81,6 +81,7 @@ from rest_framework_swagger.renderers import OpenAPIRenderer, SwaggerUIRenderer @csrf_exempt @login_required() @api_view(["GET","POST"]) +@permission_classes([IsAuthenticated]) def strokedatajson_v2(request,id): """ POST: Add Stroke data to workout diff --git a/rowers/views/statements.py b/rowers/views/statements.py index 9061fb13..46a19e38 100644 --- a/rowers/views/statements.py +++ b/rowers/views/statements.py @@ -686,7 +686,8 @@ try: except ImportError: pass -from rest_framework.decorators import api_view, renderer_classes +from rest_framework.decorators import api_view, renderer_classes, permission_classes +from rest_framework.permissions import IsAuthenticated from rowers.permissions import IsOwnerOrNot, IsCompetitorOrNot From 421bc959178b19ceda8ba3b60c8aaeaaea874bb8 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Wed, 5 Aug 2020 21:28:36 +0200 Subject: [PATCH 3/3] fix? --- rowers/views/apiviews.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py index 33a19dba..46301d92 100644 --- a/rowers/views/apiviews.py +++ b/rowers/views/apiviews.py @@ -113,7 +113,7 @@ def strokedatajson_v2(request,id): if request.method == 'POST': checkdata, r = dataprep.getrowdata_db(id=row.id) if not checkdata.empty: - return HttpResponse("Duplicate Error",status=403) + return HttpResponse("Duplicate Error",status=409) df = pd.DataFrame() @@ -295,6 +295,7 @@ def strokedatajson_v2(request,id): @csrf_exempt @login_required() @api_view(['GET','POST']) +@permission_classes([IsAuthenticated]) def strokedatajson(request,id): """ POST: Add Stroke data to workout @@ -307,7 +308,7 @@ def strokedatajson(request,id): try: id = int(id) except ValueError: - return HttpResponse("Not a valid workout number",status=400) + return HttpResponse("Not a valid workout number",status=403) if request.method == 'GET': @@ -326,7 +327,7 @@ def strokedatajson(request,id): # strokedata = request.POST['strokedata'] # checking/validating and cleaning try: - strokedata = json.loads(request.POST['strokedata']) + strokedata = json.loads(request.data['strokedata']) except: return HttpResponse("No JSON object could be decoded",status=400)