from rest_framework import generics, permissions from rest_framework.parsers import MultiPartParser, FormParser from service_media.models.service_media import ServiceMedia from service_media.serializers.service_serializer import ServiceMediaSerializer from rest_framework.exceptions import PermissionDenied class ServiceMediaView(generics.ListCreateAPIView): serializer_class = ServiceMediaSerializer # permission_classes = [permissions.IsAuthenticated] parser_classes = [MultiPartParser, FormParser] pagination_class = None def get_queryset(self): queryset = ServiceMedia.objects.all().select_related('service') # Only user's uploads for non-GET requests if self.request.method != "GET": return queryset.filter(user=self.request.user) # Apply filtering if ?service= is given service_id = self.request.query_params.get("service") if service_id: queryset = queryset.filter(service_id=service_id) return queryset def perform_create(self, serializer): if not self.request.user.is_authenticated: raise PermissionDenied("Authentication required to upload.") serializer.save(user=self.request.user) def get_permissions(self): if self.request.method == "GET": return [] # no permission check return [permissions.IsAuthenticated()] def get_serializer_class(self): if self.request.method == "GET": from service_media.serializers.service_serializer import ServiceMediaReadSerializer return ServiceMediaReadSerializer return ServiceMediaSerializer class ServiceMediaDetailView(generics.RetrieveUpdateDestroyAPIView): serializer_class = ServiceMediaSerializer # permission_classes = [permissions.IsAuthenticated] parser_classes = [MultiPartParser, FormParser] lookup_field = "pk" def perform_update(self, serializer): # make sure file updates are saved under the same user serializer.save(user=self.request.user) def get_queryset(self): # restrict users to their own uploads return ServiceMedia.objects.filter(user=self.request.user) def get_permissions(self): if self.request.method == "GET": return [] # no permission check return [permissions.IsAuthenticated()]