Merge pull request #624 from jbernal0019/master

Make fields read-only in the serializers' constructors

Author: jbernal0019

chris_backend/filebrowser/serializers.py

@@ -183,6 +183,12 @@ class Meta:
         fields = ('url', 'id', 'permission', 'folder_id', 'folder_path', 'group_id',
                   'group_name', 'folder', 'group', 'grp_name')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['grp_name'].read_only = True  # set to read-only before validation
+
     def create(self, validated_data):
         """
         Overriden to handle the error when trying to create a permission for a group that
@@ -248,6 +254,12 @@ class Meta:
         fields = ('url', 'id', 'permission', 'folder_id', 'folder_path', 'user_id',
                   'user_username', 'folder', 'user', 'username')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['username'].read_only = True  # set to read-only before validation
+
     def create(self, validated_data):
         """
         Overriden to handle the error when trying to create a permission for a user that
@@ -311,6 +323,12 @@ class Meta:
                   'new_file_path', 'owner_username', 'file_resource', 'parent_folder',
                   'group_permissions', 'user_permissions', 'owner')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['fname'].read_only = True  # set to read-only before validation
+
     def update(self, instance, validated_data):
         """
         Overriden to grant or remove public access to the file and/or move it to a new
@@ -414,6 +432,12 @@ class Meta:
         fields = ('url', 'id', 'permission', 'file_id', 'file_fname', 'group_id',
                   'group_name', 'file', 'group', 'grp_name')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['grp_name'].read_only = True  # set to read-only before validation
+
     def get_file_fname(self, obj) -> str:
         return obj.file.fname.name
 
@@ -482,6 +506,12 @@ class Meta:
         fields = ('url', 'id', 'permission', 'file_id', 'file_fname', 'user_id',
                   'user_username', 'file', 'user', 'username')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['username'].read_only = True  # set to read-only before validation
+
     def get_file_fname(self, obj) -> str:
         return obj.file.fname.name
 
@@ -552,6 +582,13 @@ class Meta:
                   'linked_folder', 'linked_file', 'parent_folder', 'group_permissions',
                   'user_permissions', 'owner')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['fname'].read_only = True  # set to read-only before validation
+            self.fields['path'].read_only = True
+
     def update(self, instance, validated_data):
         """
         Overriden to grant or remove public access to the file and/or move it to a new
@@ -711,6 +748,12 @@ class Meta:
         fields = ('url', 'id', 'permission', 'link_file_id', 'link_file_fname',
                   'group_id', 'group_name', 'link_file', 'group', 'grp_name')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['grp_name'].read_only = True  # set to read-only before validation
+
     def get_link_file_fname(self, obj) -> str:
         return obj.link_file.fname.name
 
@@ -779,6 +822,12 @@ class Meta:
         fields = ('url', 'id', 'permission', 'link_file_id', 'link_file_fname', 'user_id',
                   'user_username', 'link_file', 'user', 'username')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['username'].read_only = True  # set to read-only before validation
+
     def get_link_file_fname(self, obj) -> str:
         return obj.link_file.fname.name
 

chris_backend/filebrowser/views.py

@@ -276,15 +276,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"permission": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'grp_name' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('grp_name', None)  # shoud not change on update
-        return super(FileBrowserFolderGroupPermissionDetail, self).update(request,
-                                                                          *args, **kwargs)
-
     def perform_destroy(self, instance):
         """
         Overriden to remove the group permission for the link file in the SHARED folder
@@ -391,15 +382,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"permission": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'username' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('username', None)  # shoud not change on update
-        return super(FileBrowserFolderUserPermissionDetail, self).update(request,
-                                                                          *args, **kwargs)
-
     def perform_destroy(self, instance):
         """
         Overriden to remove the user permission for the link file in the SHARED folder
@@ -466,14 +448,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"public": "", "new_file_path": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'fname' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('fname', None)  # shoud not change on update
-        return super(FileBrowserFileDetail, self).update(request, *args, **kwargs)
-
 
 class FileBrowserFileResource(generics.GenericAPIView):
     """
@@ -587,15 +561,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"permission": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'grp_name' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('grp_name', None)  # shoud not change on update
-        return super(FileBrowserFileGroupPermissionDetail, self).update(request,
-                                                                          *args, **kwargs)
-
     def perform_destroy(self, instance):
         """
         Overriden to remove the group permission for the link file in the SHARED folder
@@ -702,15 +667,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"permission": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'username' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('username', None)  # shoud not change on update
-        return super(FileBrowserFileUserPermissionDetail, self).update(request,
-                                                                          *args, **kwargs)
-
     def perform_destroy(self, instance):
         """
         Overriden to remove the user permission for the link file in the SHARED folder
@@ -778,15 +734,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"public": "", "new_link_file_path": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'fname' and 'path' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('fname', None)  # shoud not change on update
-        request.data.pop('path', None)  # shoud not change on update
-        return super(FileBrowserLinkFileDetail, self).update(request, *args, **kwargs)
-
     def destroy(self, request, *args, **kwargs):
         """
         Overriden to verify that the user's home's system-predefined link files are not
@@ -918,15 +865,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"permission": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'grp_name' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('grp_name', None)  # shoud not change on update
-        return super(FileBrowserLinkFileGroupPermissionDetail, self).update(request,
-                                                                          *args, **kwargs)
-
     def perform_destroy(self, instance):
         """
         Overriden to remove the group permission for the link file in the SHARED folder
@@ -1033,15 +971,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {"permission": ""}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove 'username' if provided by the user before serializer
-        validation.
-        """
-        request.data.pop('username', None)  # shoud not change on update
-        return super(FileBrowserLinkFileUserPermissionDetail, self).update(request,
-                                                                          *args, **kwargs)
-
     def perform_destroy(self, instance):
         """
         Overriden to remove the user permission for the link file in the SHARED folder

chris_backend/pacsfiles/serializers.py

@@ -45,6 +45,12 @@ class Meta:
                   'status', 'pacs_identifier', 'owner_username', 'result',
                   'retrieve_list')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['query'].read_only = True  # set to read-only before validation
+
     def create(self, validated_data):
         """
         Overriden to rise a serializer error when attempting to create a PACSQuery

chris_backend/pacsfiles/views.py

@@ -252,15 +252,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {'title': '', 'description': ''}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove descriptors that are not allowed to be updated before
-        serializer validation.
-        """
-        data = self.request.data
-        data.pop('query', None)
-        return super(PACSQueryDetail, self).update(request, *args, **kwargs)
-
 
 class PACSRetrieveList(generics.ListCreateAPIView):
     """

chris_backend/pipelines/serializers.py

@@ -48,6 +48,7 @@ class PipelineSerializer(serializers.HyperlinkedModelSerializer):
     plugin_tree = serializers.JSONField(write_only=True, required=False)
     plugin_inst_id = serializers.IntegerField(min_value=1, write_only=True,
                                               required=False)
+    name = serializers.CharField(required=False)
     owner_username = serializers.ReadOnlyField(source='owner.username')
     plugins = serializers.HyperlinkedIdentityField(view_name='pipeline-plugin-list')
     plugin_pipings = serializers.HyperlinkedIdentityField(
@@ -65,6 +66,13 @@ class Meta:
                   'modification_date', 'plugins', 'plugin_pipings', 'default_parameters',
                   'workflows', 'json_repr')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is not None: # on update
+            self.fields['plugin_tree'].read_only = True
+            self.fields['plugin_inst_id'].read_only = True
+
     def create(self, validated_data):
         """
         Overriden to create the pipeline and associate to it a tree of plugins computed
@@ -143,10 +151,18 @@ def update(self, instance, validated_data):
 
     def validate(self, data):
         """
-        Overriden to validate that at least one of two fields are in data when
-        creating a new pipeline.
+        Overriden to validate that required fields are in data when creating a new
+        pipeline. Also to delete 'locked' parameter if the pipeline is not locked.
         """
-        if not self.instance:  # this validation only happens on create and not on update
+        if self.instance:
+            if not self.instance.locked and 'locked' in data:
+                # this pipeline was made available to the public so it cannot be locked
+                del data['locked']
+        else:
+            if 'name' not in data:
+                raise serializers.ValidationError(
+                    {'name': ["This field is required."]})
+
             if 'plugin_tree' not in data and 'plugin_inst_id' not in data:
                 raise serializers.ValidationError(
                     {'non_field_errors': ["At least one of the fields 'plugin_tree' "

chris_backend/pipelines/views.py

@@ -103,22 +103,6 @@ def retrieve(self, request, *args, **kwargs):
             template_data['locked'] = ""
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove parameters that are not allowed to be used on update,
-        include required parameters if not in the request and delete 'locked' parameter
-        if the pipeline is not locked.
-        """
-        request.data.pop('plugin_tree', None)
-        request.data.pop('plugin_inst_id', None)
-        pipeline = self.get_object()
-        if not pipeline.locked and 'locked' in request.data:
-            # this pipeline was made available to the public so it cannot be locked
-            del request.data['locked']
-        if 'name' not in request.data:
-            request.data['name'] = pipeline.name  # name is required in the serializer
-        return super(PipelineDetail, self).update(request, *args, **kwargs)
-
     # def destroy(self, request, *args, **kwargs):
     #     """
     #     Overriden to check that the pipeline is locked before attempting to delete it.

chris_backend/plugininstances/serializers.py

@@ -68,6 +68,17 @@ class Meta:
                   'output_folder', 'feed', 'plugin', 'workflow', 'compute_resource',
                   'descendants', 'parameters', 'splits')
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if self.instance is None: # on create
+            self.fields['status'].read_only = True  # set to read-only before validation
+        else: # on update
+            self.fields['gpu_limit'].read_only = True
+            self.fields['number_of_workers'].read_only = True
+            self.fields['cpu_limit'].read_only = True
+            self.fields['memory_limit'].read_only = True
+
     def validate_previous(self, previous_id):
         """
         Custom method to check that an id is provided for previous instance when

chris_backend/plugininstances/views.py

@@ -33,14 +33,6 @@ class PluginInstanceList(generics.ListCreateAPIView):
     queryset = Plugin.objects.all()
     permission_classes = (permissions.IsAuthenticated,)
 
-    def create(self, request, *args, **kwargs):
-        """
-        Overriden to remove descriptors from the request that must take their default
-        value on creation.
-        """
-        self.request.data.pop('status', None)
-        return super(PluginInstanceList, self).create(request, *args, **kwargs)
-
     def perform_create(self, serializer):
         """
         Overriden to associate an owner, a plugin and a previous plugin instance with 
@@ -176,18 +168,6 @@ def retrieve(self, request, *args, **kwargs):
         template_data = {'title': '', 'status': ''}
         return services.append_collection_template(response, template_data)
 
-    def update(self, request, *args, **kwargs):
-        """
-        Overriden to remove descriptors that are not allowed to be updated before
-        serializer validation.
-        """
-        data = self.request.data
-        data.pop('gpu_limit', None)
-        data.pop('number_of_workers', None)
-        data.pop('cpu_limit', None)
-        data.pop('memory_limit', None)
-        return super(PluginInstanceDetail, self).update(request, *args, **kwargs)
-
     def perform_update(self, serializer):
         """
         Overriden to cancel this plugin instance and all its descendants' execution.