From 775f438e611d36ea81231500f6c593b67dcb2dc3 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Tue, 19 May 2020 11:20:02 +0300
Subject: [PATCH] Change deps to be pairs of uid/stoken.

---
 django_etesync/serializers.py | 17 +++++++++++++++++
 django_etesync/views.py       |  5 +++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/django_etesync/serializers.py b/django_etesync/serializers.py
index a5755d5..71ddcb3 100644
--- a/django_etesync/serializers.py
+++ b/django_etesync/serializers.py
@@ -155,6 +155,23 @@ class CollectionItemSerializer(serializers.ModelSerializer):
         return instance
 
 
+class CollectionItemDepSerializer(serializers.ModelSerializer):
+    stoken = serializers.CharField()
+
+    class Meta:
+        model = models.CollectionItem
+        fields = ('uid', 'stoken')
+
+    def validate(self, data):
+        for item_data in data:
+            item = self.__class__.Meta.model.objects.get(uid=item_data['uid'])
+            stoken = item_data['stoken']
+            if item.stoken != stoken:
+                raise serializers.ValidationError('Wrong stoken. Expected {} got {}'.format(item.stoken, stoken))
+
+        return data
+
+
 class CollectionSerializer(serializers.ModelSerializer):
     encryptionKey = CollectionEncryptionKeyField()
     accessLevel = serializers.SerializerMethodField('get_access_level_from_context')
diff --git a/django_etesync/views.py b/django_etesync/views.py
index db8550b..28dc601 100644
--- a/django_etesync/views.py
+++ b/django_etesync/views.py
@@ -43,6 +43,7 @@ from .serializers import (
         AuthenticationLoginInnerSerializer,
         CollectionSerializer,
         CollectionItemSerializer,
+        CollectionItemDepSerializer,
         CollectionItemRevisionSerializer,
         CollectionItemChunkSerializer,
         UserSerializer,
@@ -234,15 +235,15 @@ class CollectionItemViewSet(BaseViewSet):
         collection_object = get_object_or_404(self.get_collection_queryset(Collection.objects), uid=collection_uid)
 
         items = request.data.get('items')
-        # FIXME: deps should actually be just pairs of uid and stoken
         deps = request.data.get('deps', None)
         serializer = self.get_serializer_class()(data=items, context=self.get_serializer_context(), many=True)
-        deps_serializer = self.get_serializer_class()(data=deps, context=self.get_serializer_context(), many=True)
+        deps_serializer = CollectionItemDepSerializer(data=deps, context=self.get_serializer_context(), many=True)
         if serializer.is_valid() and (deps is None or deps_serializer.is_valid()):
             try:
                 with transaction.atomic():
                     collections = serializer.save(collection=collection_object)
             except IntegrityError:
+                # FIXME: should return the items with a bad token (including deps) so we don't have to fetch them after
                 content = {'code': 'integrity_error'}
                 return Response(content, status=status.HTTP_400_BAD_REQUEST)