Add proper permission checks for crashreports and heartbeats
diff --git a/crashreports/serializers.py b/crashreports/serializers.py
index 5ccf3b8..1ef8dbd 100644
--- a/crashreports/serializers.py
+++ b/crashreports/serializers.py
@@ -1,16 +1,16 @@
from rest_framework import serializers
-from rest_framework.serializers import PrimaryKeyRelatedField
-from rest_framework.serializers import CharField
-from rest_framework.serializers import ObjectDoesNotExist
+
from rest_framework.exceptions import NotFound
from crashreports.models import Crashreport
from crashreports.models import Device
+from crashreports.models import HeartBeat
from rest_framework import permissions
class CrashReportSerializer(serializers.ModelSerializer):
permission_classes = (permissions.AllowAny,)
uuid = serializers.CharField(max_length=64)
+
class Meta:
model = Crashreport
exclude = ('device',)
@@ -22,12 +22,33 @@
raise NotFound(detail="uuid does not exist")
validated_data.pop('uuid', None)
report = Crashreport(**validated_data)
- report.device=device
+ report.device = device
report.save()
return report
-
+
+
+class HeartBeatSerializer(serializers.ModelSerializer):
+ permission_classes = (permissions.AllowAny,)
+ uuid = serializers.CharField(max_length=64)
+
+ class Meta:
+ model = HeartBeat
+ exclude = ('device',)
+
+ def create(self, validated_data):
+ try:
+ device = Device.objects.get(uuid=validated_data['uuid'])
+ except:
+ raise NotFound(detail="uuid does not exist")
+ validated_data.pop('uuid', None)
+ heartbeat = HeartBeat(**validated_data)
+ heartbeat.device = device
+ heartbeat.save()
+ return heartbeat
+
class DeviceSerializer(serializers.ModelSerializer):
permission_classes = (permissions.IsAdminUser,)
+
class Meta:
model = Device