more fixes, AI

2026-03-31 22:10:30 +02:00
parent de1fa76e40
commit 2beb7aa75a
14 changed files with 121 additions and 67 deletions
--- a/eventplanner/views.py
+++ b/eventplanner/views.py
@@ -46,14 +46,29 @@ def event_api(request, username=None, eventId=None):
                    EventParticipation.isMember(request.user)
                    or EventParticipation.isAdmin(request.user)
                ):
-                    return Response(status=status.HTTP_403_FORBIDDEN)
-                if user_obj != request.user:
+                    return Response(
+                        {"error": "Permission denied - not a member"},
+                        status=status.HTTP_403_FORBIDDEN,
+                    )
+                # Allow users to update their own participation
+                # Admins can update anyone's participation
+                if user_obj.pk != request.user.pk:
                    if not EventParticipation.isAdmin(request.user):
-                        return Response(status=status.HTTP_403_FORBIDDEN)
+                        return Response(
+                            {"error": "Permission denied - can only update own status"},
+                            status=status.HTTP_403_FORBIDDEN,
+                        )

-            serializer.save()
-            return Response(serializer.data)
+            instances = serializer.save()
+            # Re-serialize the saved instances to return proper data
+            response_serializer = ParticipationSerializer(instances, many=True)
+            return Response(response_serializer.data)
        else:
+            import logging
+
+            logger = logging.getLogger(__name__)
+            logger.error(f"API validation errors: {serializer.errors}")
+            logger.error(f"Request data: {request.data}")
            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)