[PATCH 3/9] api: Add Note view and serializer

[andrepapoti]

Added NoteList api. It allows the user to fetch all notes from a
specific test or create a new one
Added NoteDetail api. It allows the user to fetch, update and delete
notes

Signed-off-by: andrepapoti <andrepapoti at gmail.com>
---
 patchwork/api/note.py | 121 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 patchwork/api/note.py

diff --git a/patchwork/api/note.py b/patchwork/api/note.py
new file mode 100644
index 0000000..29b480a
--- /dev/null
+++ b/patchwork/api/note.py
@@ -0,0 +1,121 @@
+# Patchwork - automated patch tracking system
+# Copyright (C) 2018 Red Hat
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+
+from rest_framework import permissions
+from rest_framework.generics import get_object_or_404
+from rest_framework.generics import CreateAPIView
+from rest_framework.generics import RetrieveUpdateDestroyAPIView
+from rest_framework.generics import ListAPIView
+from patchwork.api.patch import PatchSerializer
+from patchwork.api.person import PersonSerializer
+from patchwork.api.base import BaseHyperlinkedModelSerializer
+from patchwork.models import Note
+from patchwork.models import Patch
+from patchwork.models import Person
+
+
+class NoteSerializer(BaseHyperlinkedModelSerializer):
+    submitter = PersonSerializer(read_only=True)
+    patch = PatchSerializer(read_only=True)
+
+    class Meta:
+        model = Note
+        fields = [
+            'id',
+            'patch',
+            'submitter',
+            'content',
+            'last_modified',
+            'maintainer_only',
+        ]
+        read_only_fields = [
+            'id',
+            'patch',
+            'submitter',
+            'last_modified',
+            'maintainer_only',
+        ]
+
+
+class NoteDetailPermission(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if not request.user.is_authenticated:
+            return False
+        patch = Patch.objects.get(id=view.kwargs['patch_id'])
+        return patch.project in request.user.profile.maintainer_projects.all()
+
+    def has_object_permission(self, request, view, obj):
+        if (
+            not obj.maintainer_only
+        ) and request.method in permissions.SAFE_METHODS:
+            return True
+        patch = Patch.objects.get(id=view.kwargs['patch_id'])
+        return patch.project in request.user.profile.maintainer_projects.all()
+
+
+class NoteListPermission(permissions.BasePermission):
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        if not request.user.is_authenticated:
+            return False
+        patch = Patch.objects.get(id=view.kwargs['patch_id'])
+        return patch.project in request.user.profile.maintainer_projects.all()
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+
+class NoteMixin(object):
+    queryset = Note.objects.all()
+    serializer_class = NoteSerializer
+    lookup_field = 'patch_id'
+
+    def get_queryset(self):
+        patch_id = self.kwargs['patch_id']
+        get_object_or_404(Patch, id=patch_id)
+
+        return Note.objects.filter(patch=patch_id)
+
+
+class NoteDetail(NoteMixin, RetrieveUpdateDestroyAPIView):
+    permission_classes = [NoteDetailPermission]
+
+    def get_object(self):
+        queryset = self.filter_queryset(self.get_queryset())
+        note_id = self.kwargs.get('note_id')
+        instance = get_object_or_404(queryset, id=note_id)
+        self.check_object_permissions(self.request, instance)
+        return instance
+
+
+class NoteList(NoteMixin, CreateAPIView, ListAPIView):
+    ordering = 'id'
+    permission_classes = [NoteListPermission]
+
+    def get_queryset(self):
+        patch_queryset = Patch.objects.all()
+
+        queryset = super(NoteMixin, self).get_queryset()
+        public_notes = queryset.filter(maintainer_only=False)
+        user_patches = patch_queryset.filter(
+            project__in=list(
+                self.request.user.profile.maintainer_projects.all()
+            )
+        )
+        maintainer_notes = queryset.filter(
+            maintainer_only=True, patch__in=list(user_patches)
+        )
+
+        return public_notes | maintainer_notes
+
+    def perform_create(self, serializer):
+        serializer.save(
+            submitter=Person.objects.get(user=self.request.user),
+            patch=Patch.objects.get(id=self.kwargs['patch_id']),
+        )
+        return super().perform_create(serializer)
-- 
2.44.0