From 0b6321c7e0e2b0c12b0820948d297606ee45c91f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laura=20Kl=C3=BCnder?= <laura@codingcatgirl.de>
Date: Wed, 21 Nov 2018 22:44:31 +0100
Subject: [PATCH] let's to allow_post and allow_delete differently

---
 src/c3nav/editor/api.py        | 11 +++++++----
 src/c3nav/editor/views/base.py |  7 ++-----
 src/c3nav/editor/views/edit.py |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/c3nav/editor/api.py b/src/c3nav/editor/api.py
index b1481772..44ebdda8 100644
--- a/src/c3nav/editor/api.py
+++ b/src/c3nav/editor/api.py
@@ -269,10 +269,13 @@ class EditorViewSet(ViewSet):
 
     def __getattr__(self, name):
         # allow POST and DELETE methods for the editor API
-        if name in ('post', 'delete'):
-            if getattr(self.resolved.func, 'allow_'+name, False):
-                if getattr(self, 'get', None).__name__ in ('list', 'retrieve'):
-                    return self.retrieve
+
+        if getattr(self, 'get', None).__name__ in ('list', 'retrieve'):
+            if name == 'post' and (self.resolved.url_name.endswith('.create') or
+                                   self.resolved.url_name.endswith('.edit')):
+                return self.retrieve
+            if name == 'delete' and self.resolved.url_name.endswith('.edit'):
+                return self.retrieve
         raise AttributeError
 
     def list(self, request, *args, **kwargs):
diff --git a/src/c3nav/editor/views/base.py b/src/c3nav/editor/views/base.py
index a943850d..0a0f76d0 100644
--- a/src/c3nav/editor/views/base.py
+++ b/src/c3nav/editor/views/base.py
@@ -22,11 +22,10 @@ from c3nav.mapdata.models.base import SerializableMixin
 from c3nav.mapdata.utils.user import can_access_editor
 
 
-def sidebar_view(func=None, select_related=None, api_hybrid=False, allow_post=False, allow_delete=False):
+def sidebar_view(func=None, select_related=None, api_hybrid=False):
     if func is None:
         def wrapped(inner_func):
-            return sidebar_view(inner_func, select_related=select_related, api_hybrid=api_hybrid,
-                                allow_post=allow_post, allow_delete=allow_delete)
+            return sidebar_view(inner_func, select_related=select_related, api_hybrid=api_hybrid)
         return wrapped
 
     @wraps(func)
@@ -67,8 +66,6 @@ def sidebar_view(func=None, select_related=None, api_hybrid=False, allow_post=Fa
         return response
 
     wrapped.api_hybrid = api_hybrid
-    wrapped.allow_post = allow_post
-    wrapped.allow_delete = allow_delete
 
     return wrapped
 
diff --git a/src/c3nav/editor/views/edit.py b/src/c3nav/editor/views/edit.py
index ce72bda1..36447c6e 100644
--- a/src/c3nav/editor/views/edit.py
+++ b/src/c3nav/editor/views/edit.py
@@ -122,7 +122,7 @@ def get_changeset_exceeded(request):
     return request.user_permissions.max_changeset_changes <= request.changeset.changed_objects_count
 
 
-@sidebar_view(api_hybrid=True, allow_post=True, allow_delete=True)
+@sidebar_view(api_hybrid=True)
 @etag(etag_func)
 def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, explicit_edit=False):
     changeset_exceeded = get_changeset_exceeded(request)