Merge pull request #31 from plers-org/sm/#30

Sm/#30
2025-04-12 15:57:42 +09:00
parent fffb0446c4 a7dc98ee74
commit 1d6151bfcf
2 changed files with 14 additions and 6 deletions
--- a/portfolios/views.py
+++ b/portfolios/views.py
@@ -77,8 +77,11 @@ class PortfolioChangeState(APIView):
        portfolio = get_object_or_404(Portfolio, pk=pk)
        user = request.user
        action_type = request.query_params.get('type')
-        if PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user):
-            return Response({"message": "already done"}, status=status.HTTP_400_BAD_REQUEST)
+        try:
+            if PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user):
+                return Response({"message": "already done"}, status=status.HTTP_400_BAD_REQUEST)
+        except ValueError as e:
+            return Response({'message': str(e)}, status=status.HTTP_400_BAD_REQUEST)
        return self._handle_action(action_type, portfolio, user, add=True)

    @transaction.atomic
@@ -86,8 +89,11 @@ class PortfolioChangeState(APIView):
        portfolio = get_object_or_404(Portfolio, pk=pk)
        user = request.user
        action_type = request.query_params.get('type')
-        if not PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user):
-            return Response({"message": "never done before"}, status=status.HTTP_400_BAD_REQUEST)
+        try:
+            if not PortfolioBeforeRelCheckService.check_user_portfolio_rel(action_type, portfolio, user):
+                return Response({"message": "never done before"}, status=status.HTTP_400_BAD_REQUEST)
+        except ValueError as e:
+            return Response({'message': str(e)}, status=status.HTTP_400_BAD_REQUEST)
        return self._handle_action(action_type, portfolio, user, add=False)

    def _handle_action(self, action_type, portfolio, user, add=True):
--- a/users/views.py
+++ b/users/views.py
@@ -1,3 +1,5 @@
+from django.conf import settings
+
 from django.shortcuts import get_object_or_404

 from rest_framework.views import APIView
@@ -28,7 +30,7 @@ class RefreshAPIView(APIView):
            serializer = TokenRefreshSerializer(data={'refresh': refresh})
            if serializer.is_valid():
                res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
            return res
        except TokenError as e:
            return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -75,7 +77,7 @@ class LoginAPIView(APIView):
                    },
                    status=status.HTTP_200_OK,
                )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=True)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite="Lax", secure=not settings.DEBUG)
                return res
            else:
                return Response(serializer.errors)