def _do_create_from_json(
cls, json, parse_def, context,
duplicate_handling=None, object_importer=None):
user_id = context.get_user_id()
permissions = context.get_permissions()
duplicate_handling = \
duplicate_handling or cls.default_duplicate_handling
can_create = cls.user_can_cls(
user_id, CrudPermissions.CREATE, permissions)
if duplicate_handling == DuplicateHandling.ERROR and not can_create:
raise HTTPUnauthorized(
"User id <%s> cannot create a <%s> object" % (
user_id, cls.__name__))
# creating an object can be a weird way to find an object by attributes
inst = cls()
i_context = inst.get_instance_context(context)
result = inst._do_update_from_json(
json, parse_def, i_context,
duplicate_handling, object_importer)
# Now look for missing relationships
result.populate_from_context(context)
result = result.handle_duplication(
json, parse_def, context, duplicate_handling, object_importer)
if result is inst and not can_create:
raise HTTPUnauthorized(
"User id <%s> cannot create a <%s> object" % (
user_id, cls.__name__))
elif result is not inst and \
not result.user_can(
user_id, CrudPermissions.UPDATE, permissions
) and cls.default_db.is_modified(result, False):
raise HTTPUnauthorized(
"User id <%s> cannot modify a <%s> object" % (
user_id, cls.__name__))
if result is not inst:
i_context = result.get_instance_context(context)
cls.default_db.add(result)
if '@id' in json and json['@id'] != result.uri() and object_importer:
object_importer.associate(json['@id'], result)
return i_context
评论列表
文章目录
