From 6330f54505bf82e5997db893f4a6f44e703fcccd Mon Sep 17 00:00:00 2001
From: Benoit Alessandroni <benoit@happy-dev.fr>
Date: Thu, 1 Oct 2020 01:28:54 +0200
Subject: [PATCH] bugfix: fix previous issue with can_vote headers

---
 djangoldp_polls/views.py | 36 ++++++++++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/djangoldp_polls/views.py b/djangoldp_polls/views.py
index 750516b..7431a32 100644
--- a/djangoldp_polls/views.py
+++ b/djangoldp_polls/views.py
@@ -1,22 +1,46 @@
 from django.http import Http404
 
-from djangoldp.views import LDPViewSet
+from djangoldp.views import LDPViewSet, NoCSRFAuthentication
 from datetime import datetime
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
+from rest_framework.decorators import permission_classes 
 
 from .models import Poll,Vote
 from .serializers import PollOptionSerializer
 
 
 class CanVoteOnPollViewSet(APIView):
-    permission_classes = (IsAuthenticated,)
-
+    authentication_classes = (NoCSRFAuthentication,) 
+
+    def dispatch(self, request, *args, **kwargs):
+        '''overriden dispatch method to append some custom headers'''
+        response = super(CanVoteOnPollViewSet, self).dispatch(request, *args, **kwargs)
+        response["Access-Control-Allow-Origin"] = request.META.get('HTTP_ORIGIN')
+        response["Access-Control-Allow-Methods"] = "GET,POST,PUT,PATCH,DELETE"
+        response["Access-Control-Allow-Headers"] = "authorization, Content-Type, if-match, accept, cache-control, pragma, user-agent"
+        response["Access-Control-Expose-Headers"] = "Location, User"
+        response["Access-Control-Allow-Credentials"] = 'true'
+        response["Accept-Post"] = "application/ld+json"
+
+        if request.user.is_authenticated:
+            try:
+                response['User'] = request.user.webid()
+            except AttributeError:
+                pass
+        return response
+
+    @permission_classes([IsAuthenticated])
     def get(self, request, pk):
-        '''returns True if the user can vote, or False if they have already voted'''
-        headers = {"Access-Control-Allow-Origin" : request.META.get('HTTP_ORIGIN')}
+        # '''returns True if the user can vote, or False if they have already voted'''
+        headers = {
+            "Access-Control-Allow-Origin" : request.META.get('HTTP_ORIGIN'),
+            "Access-Control-Allow-Headers": "authorization, Content-Type, if-match, accept, cache-control, pragma, user-agent",
+            "Access-Control-Expose-Headers": "Location, User",
+            "Access-Control-Allow-Credentials": 'true'
+        }
 
         try:
             poll = Poll.objects.get(pk=pk)
@@ -27,7 +51,7 @@ class CanVoteOnPollViewSet(APIView):
 
         except Poll.DoesNotExist:
             return Response(data={'error': {'poll': ['Could not find poll with this ID!']}},
-                            status=status.HTTP_404_NOT_FOUND)
+                            status=status.HTTP_404_NOT_FOUND, headers=headers)
 
 
 class FuturePollViewset(LDPViewSet):
-- 
GitLab