fixed DRF object permission

cookbook/serializer.py

@@ -15,6 +15,7 @@ class UserPreferenceSerializer(serializers.ModelSerializer):
     class Meta:
         model = UserPreference
         fields = '__all__'
+        read_only_fields = ['user']
 
 
 class StorageSerializer(serializers.ModelSerializer):
@@ -81,6 +82,7 @@ class RecipeBookSerializer(serializers.ModelSerializer):
     class Meta:
         model = RecipeBook
         fields = '__all__'
+        read_only_fields = ['id', 'created_by']
 
 
 class RecipeBookEntrySerializer(serializers.ModelSerializer):

cookbook/urls.py

@@ -10,6 +10,7 @@ from cookbook.helper import dal
 
 router = routers.DefaultRouter()
 router.register(r'user-preference', api.UserPreferenceViewSet)
+router.register(r'recipe-book', api.RecipeBookViewSet)
 router.register(r'recipe', api.RecipeViewSet)
 router.register(r'meal-plan', api.MealPlanViewSet)
 router.register(r'meal-type', api.MealTypeViewSet)

cookbook/views/api.py

@@ -16,10 +16,10 @@ from rest_framework.exceptions import APIException
 from rest_framework.mixins import RetrieveModelMixin, UpdateModelMixin, ListModelMixin
 
 from cookbook.helper.permission_helper import group_required, DRFOwnerPermissions
-from cookbook.models import Recipe, Sync, Storage, CookLog, MealPlan, MealType, ViewLog, UserPreference
+from cookbook.models import Recipe, Sync, Storage, CookLog, MealPlan, MealType, ViewLog, UserPreference, RecipeBook
 from cookbook.provider.dropbox import Dropbox
 from cookbook.provider.nextcloud import Nextcloud
-from cookbook.serializer import MealPlanSerializer, MealTypeSerializer, RecipeSerializer, ViewLogSerializer, UserNameSerializer, UserPreferenceSerializer
+from cookbook.serializer import MealPlanSerializer, MealTypeSerializer, RecipeSerializer, ViewLogSerializer, UserNameSerializer, UserPreferenceSerializer, RecipeBookSerializer
 
 
 class UserNameViewSet(viewsets.ModelViewSet):
@@ -46,7 +46,7 @@ class UserNameViewSet(viewsets.ModelViewSet):
         return queryset
 
 
-class UserPreferenceViewSet(RetrieveModelMixin, UpdateModelMixin, ListModelMixin, viewsets.GenericViewSet):
+class UserPreferenceViewSet(viewsets.ModelViewSet):
     """
     Update user preference settings
     """
@@ -54,10 +54,29 @@ class UserPreferenceViewSet(RetrieveModelMixin, UpdateModelMixin, ListModelMixin
     serializer_class = UserPreferenceSerializer
     permission_classes = [DRFOwnerPermissions, ]
 
+    def perform_create(self, serializer):
+        if UserPreference.objects.filter(user=self.request.user).exists():
+            raise APIException(_('Preference for given user already exists'))
+        serializer.save(user=self.request.user)
+
+    def get_queryset(self):
+        # if self.request.user.is_superuser:
+        #   return UserPreference.objects.all()
+        return UserPreference.objects.filter(user=self.request.user).all()
+
+
+class RecipeBookViewSet(RetrieveModelMixin, UpdateModelMixin, ListModelMixin, viewsets.GenericViewSet):
+    """
+    Update user preference settings
+    """
+    queryset = RecipeBook.objects.all()
+    serializer_class = RecipeBookSerializer
+    permission_classes = [DRFOwnerPermissions, ]
+
     def get_queryset(self):
         if self.request.user.is_superuser:
-            return UserPreference.objects.all()
+            return RecipeBook.objects.all()
-        return UserPreference.objects.filter(user=self.request.user).all()
+        return RecipeBook.objects.filter(created_by=self.request.user).all()
 
 
 class MealPlanViewSet(viewsets.ModelViewSet):