Refactor update creation api

This merge request does the following:

• Raise DRF errors rather than returning response to take advantage of the DRF exception handling mechanism
• Create serialisers for PUT request to simplify the code
• Improve validation checks in several places
• Fixes several issues in DRF infrastructure uses
• Fixes JSON fields handling
• Remove routes that do no fully qualify objects
• Implement a custom DRF exception handler that will allow to log errors
• Improve testing
• Improve permission management

beat/web/common/permissions.py

@@ -27,21 +27,64 @@
 
 from rest_framework import permissions
 
+
 class IsSuperuser(permissions.BasePermission):
     """
     Global permission check for super user
     """
+
     def has_permission(self, request, view):
         return request.user.is_superuser
 
 
-class IsAuthor(permissions.BasePermission):
+class IsAuthor(permissions.IsAuthenticated):
     """
     Global permission check that verify if the user
     is also the onwer of the asked data
     """
 
     def has_permission(self, request, view):
-        kwargs = request.parser_context.get('kwargs')
-        author_name = kwargs.get('author_name')
-        return request.user.username == author_name
+        allowed = super().has_permission(request, view)
+        if allowed:
+            kwargs = request.parser_context.get("kwargs")
+            author_name = kwargs.get("author_name")
+            allowed = request.user.username == author_name
+        return allowed
+
+
+class IsAuthorOrReadOnly(IsAuthor):
+    """
+    Either allow access if using a read method or
+    check that the user is also the author.
+    """
+
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return super().has_permission(request, view)
+
+
+class IsAdminOrReadOnly(permissions.IsAdminUser):
+    """
+    Either allow access if using a read method or
+    check that the user is an admin.
+    """
+
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return super().has_permission(request, view)
+
+
+class IsModifiableOrRead(permissions.BasePermission):
+    """
+    Check for modifiable flag if there's a modification that is tried
+    """
+
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return obj.modifiable()