Hotfix before deadline

solution/pulse/api/posts/permissions.py

@@ -1,11 +1,14 @@
 from rest_framework import status
+from rest_framework.exceptions import APIException
 from rest_framework.permissions import BasePermission
 
 
-class CanAccessPost(BasePermission):
-    message = "You do not have permission to access this post."
+class CustomForbidden(APIException):
     status_code = status.HTTP_404_NOT_FOUND
+    default_detail = "You dont have access to view this post."
 
+
+class CanAccessPost(BasePermission):
     def has_object_permission(self, request, view, obj):
         if (
             obj.author.isPublic
@@ -14,7 +17,7 @@ class CanAccessPost(BasePermission):
         ):
             return True
 
-        return False
+        raise CustomForbidden
 
 
 class CanAccessFeed(BasePermission):
@@ -29,4 +32,4 @@ class CanAccessFeed(BasePermission):
         ):
             return True
 
-        return False
+        raise CustomForbidden

solution/pulse/api/posts/serializers.py

@@ -6,7 +6,7 @@ from api.posts.models import Post
 
 class PostSerializer(serializers.ModelSerializer):
     # ruff: noqa: N815
-    author = serializers.ReadOnlyField(source="author.username")
+    author = serializers.SerializerMethodField()
     likesCount = serializers.SerializerMethodField()
     dislikesCount = serializers.SerializerMethodField()
 
@@ -30,7 +30,14 @@ class PostSerializer(serializers.ModelSerializer):
     def get_dislikesCount(self, obj):
         return obj.dislikes.count()
 
+    def get_author(self, obj):
+        return obj.author.login
+
     def validate_tags(self, value):
+        if not isinstance(value, list):
+            error = "Tags must be provided as a list."
+            raise serializers.ValidationError(error)
+
         for tag in value:
             if len(tag) > settings.MAX_TAG_LENGTH:
                 error = "Each tag must be 20 characters or fewer."

solution/pulse/api/posts/urls.py

@@ -4,12 +4,12 @@ import api.posts.views
 
 urlpatterns = [
     path(
-        "/create",
+        "/new",
         api.posts.views.CreatePostApiView.as_view(),
         name="create-post",
     ),
     path(
-        "/<str:post_id>",
+        "/<uuid:post_id>",
         api.posts.views.PostDetailApiView.as_view(),
         name="post-detail",
     ),

solution/pulse/api/posts/views.py

@@ -18,7 +18,7 @@ class CreatePostApiView(APIView):
         serializer = PostSerializer(data=request.data)
         if serializer.is_valid():
             serializer.save(author=request.user)
-            return Response(serializer.data, status=status.HTTP_201_CREATED)
+            return Response(serializer.data, status=status.HTTP_200_OK)
         raise ValidationError(serializer.errors)
 
 
@@ -52,7 +52,9 @@ class MyFeedListApiView(ListAPIView):
         limit = serializer.validated_data.get("limit")
         offset = serializer.validated_data.get("offset")
 
-        return self.request.user.posts.all()[offset: offset + limit]
+        return self.request.user.posts.order_by("-createdAt").all()[
+            offset: offset + limit
+        ]
 
 
 class UserFeedListApiView(ListAPIView):
@@ -81,11 +83,11 @@ class UserFeedListApiView(ListAPIView):
         limit = serializer.validated_data.get("limit")
         offset = serializer.validated_data.get("offset")
 
-        return user.posts.all()[offset: offset + limit]
+        return user.posts.order_by("-createdAt").all()[offset : offset + limit]
 
 
 class LikePostApiView(APIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, CanAccessPost]
 
     def post(self, request, post_id):
         try:
@@ -103,7 +105,7 @@ class LikePostApiView(APIView):
 
 
 class DislikePostApiView(APIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated, CanAccessPost]
 
     def post(self, request, post_id):
         try: