From f076a42e38132896a72a2219daa5a59a61316411 Mon Sep 17 00:00:00 2001
From: Mikhail Khromov <khromov05@gmail.com>
Date: Tue, 15 Nov 2022 14:50:47 +0300
Subject: [PATCH] made a path to DELETE /files/

---
 files/serializers.py |  9 +++++++++
 files/views.py       | 31 ++++++++++++++++++++++++++++---
 2 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 files/serializers.py

diff --git a/files/serializers.py b/files/serializers.py
new file mode 100644
index 00000000..256e8a8b
--- /dev/null
+++ b/files/serializers.py
@@ -0,0 +1,9 @@
+from rest_framework.serializers import ModelSerializer
+
+from files.models import UserFile
+
+
+class UserFileSerializer(ModelSerializer):
+    class Meta:
+        model = UserFile
+        fields = ["user", "link", "datetime_uploaded"]
diff --git a/files/views.py b/files/views.py
index fbb4b293..e4d064d0 100644
--- a/files/views.py
+++ b/files/views.py
@@ -1,17 +1,22 @@
 from django.db import transaction
+from rest_framework import generics
 from rest_framework import permissions, status
+from rest_framework.generics import get_object_or_404
 from rest_framework.response import Response
-from rest_framework.views import APIView
 
 from files.helpers import FileAPI
 from files.models import UserFile
+from files.serializers import UserFileSerializer
 
 
-class FileView(APIView):
-    permission_classes = [permissions.AllowAny]
+class FileView(generics.RetrieveDestroyAPIView):
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
+    serializer_class = UserFileSerializer
+    queryset = UserFile.objects.all()
 
     @transaction.atomic
     def post(self, request):
+        """creates a UserFile object and uploads the file to selectel"""
         file_api = FileAPI(request.FILES["file"], request.user)
         status_code, url = file_api.upload()
 
@@ -20,3 +25,23 @@ def post(self, request):
             return Response({"url": url}, status=status.HTTP_201_CREATED)
 
         return Response("Failed to upload file", status=status.HTTP_409_CONFLICT)
+
+    def delete(self, request, *args, **kwargs):
+        """deletes the file (only if the request is sent by the user who owns it!)
+        The link has to be specified in the JSON body, not in the URL arguments.
+        """
+        if request.data and (request.data.get("link") is not None):
+            link = request.data.get("link")
+        else:
+            return Response(
+                {
+                    "error": "you have to pass the link of the object you want to delete as JSON"
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        instance = get_object_or_404(self.get_queryset(), link=link)
+        if instance.user != request.user:
+            return Response(status=status.HTTP_403_FORBIDDEN)
+        FileAPI.delete(instance.link)  # delete the file via api
+        self.perform_destroy(instance)
+        return Response(status=status.HTTP_204_NO_CONTENT)