nkey/colio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #31 from plers-org/sm/#30

Browse Source 
Sm/#30
This commit is contained in:
NKEY
2025-04-12 15:57:42 +09:00
committed by GitHub
parent fffb0446c4 a7dc98ee74
commit 1d6151bfcf
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
portfolios/views.py
View File

@@ -77,8 +77,11 @@ class PortfolioChangeState(APIView):
portfolio = get_object_or_404(Portfolio, pk=pk) portfolio = get_object_or_404(Portfolio, pk=pk)
user = request.user user = request.user
action_type = request.query_params.get('type') action_type = request.query_params.get('type')
if PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user): try:
return Response({"message": "already done"}, status=status.HTTP_400_BAD_REQUEST) if PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user):
return Response({"message": "already done"}, status=status.HTTP_400_BAD_REQUEST)
except ValueError as e:
return Response({'message': str(e)}, status=status.HTTP_400_BAD_REQUEST)
return self._handle_action(action_type, portfolio, user, add=True) return self._handle_action(action_type, portfolio, user, add=True)
@transaction.atomic @transaction.atomic
@@ -86,8 +89,11 @@ class PortfolioChangeState(APIView):
portfolio = get_object_or_404(Portfolio, pk=pk) portfolio = get_object_or_404(Portfolio, pk=pk)
user = request.user user = request.user
action_type = request.query_params.get('type') action_type = request.query_params.get('type')
if not PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user): try:
return Response({"message": "never done before"}, status=status.HTTP_400_BAD_REQUEST) if not PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user):
return Response({"message": "never done before"}, status=status.HTTP_400_BAD_REQUEST)
except ValueError as e:
return Response({'message': str(e)}, status=status.HTTP_400_BAD_REQUEST)
return self._handle_action(action_type, portfolio, user, add=False) return self._handle_action(action_type, portfolio, user, add=False)
def _handle_action(self, action_type, portfolio, user, add=True): def _handle_action(self, action_type, portfolio, user, add=True):

6
users/views.py
View File

@@ -1,3 +1,5 @@
from django.conf import settings
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from rest_framework.views import APIView from rest_framework.views import APIView
@@ -28,7 +30,7 @@ class RefreshAPIView(APIView):
serializer = TokenRefreshSerializer(data={'refresh': refresh}) serializer = TokenRefreshSerializer(data={'refresh': refresh})
if serializer.is_valid(): if serializer.is_valid():
res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK) res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True) res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
return res return res
except TokenError as e: except TokenError as e:
return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED) return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -75,7 +77,7 @@ class LoginAPIView(APIView):
}, },
status=status.HTTP_200_OK, status=status.HTTP_200_OK,
) )
res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True) res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
return res return res
else: else:
return Response(serializer.errors) return Response(serializer.errors)