From ba527dbe21bdc3005f3faf1779495db3269e1f2e Mon Sep 17 00:00:00 2001
From: Alexander Dutton <alexander.dutton@it.ox.ac.uk>
Date: Fri, 9 Sep 2016 16:36:49 +0100
Subject: [PATCH 1/2] Permissions and conditions check; configurable method
 kwargs

Check permissions and conditions before performing a state change, and
let an implementor calculate kwargs to be passed to the state change
method
---
 drf_fsm_transitions/viewset_mixins.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/drf_fsm_transitions/viewset_mixins.py b/drf_fsm_transitions/viewset_mixins.py
index b61eb85..ddd3f74 100644
--- a/drf_fsm_transitions/viewset_mixins.py
+++ b/drf_fsm_transitions/viewset_mixins.py
@@ -1,5 +1,9 @@
+import inspect
+
+import django_fsm
 from rest_framework.decorators import detail_route
 from rest_framework.response import Response
+from rest_framework.exceptions import PermissionDenied, ValidationError
 
 
 def get_transition_viewset_method(transition_name, **kwargs):
@@ -11,7 +15,17 @@ def inner_func(self, request, pk=None):
         object = self.get_object()
         transition_method = getattr(object, transition_name)
 
-        transition_method(by=self.request.user)
+        if not django_fsm.can_proceed(transition_method):
+            raise ValidationError({'detail': 'Conditions not met'})
+        if not django_fsm.has_transition_perm(transition_method, request.user):
+            raise PermissionDenied
+
+        if hasattr(object, 'get_{0}_kwargs'.format(transition_name)):
+            kwargs = getattr(object, 'get_{0}_kwargs'.format(transition_name))()
+        else:
+            kwargs = {}
+
+        transition_method(**kwargs)
 
         if self.save_after_transition:
             object.save()

From 0803cac42d80f50000e5eac2799f4276e527b3df Mon Sep 17 00:00:00 2001
From: Alexander Dutton <alexander.dutton@it.ox.ac.uk>
Date: Fri, 9 Sep 2016 21:37:39 +0100
Subject: [PATCH 2/2] self, not object

---
 drf_fsm_transitions/viewset_mixins.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drf_fsm_transitions/viewset_mixins.py b/drf_fsm_transitions/viewset_mixins.py
index ddd3f74..615a958 100644
--- a/drf_fsm_transitions/viewset_mixins.py
+++ b/drf_fsm_transitions/viewset_mixins.py
@@ -20,8 +20,8 @@ def inner_func(self, request, pk=None):
         if not django_fsm.has_transition_perm(transition_method, request.user):
             raise PermissionDenied
 
-        if hasattr(object, 'get_{0}_kwargs'.format(transition_name)):
-            kwargs = getattr(object, 'get_{0}_kwargs'.format(transition_name))()
+        if hasattr(self, 'get_{0}_kwargs'.format(transition_name)):
+            kwargs = getattr(self, 'get_{0}_kwargs'.format(transition_name))()
         else:
             kwargs = {}