feat(api): move domain limit check to permissions module

api/desecapi/permissions.py

@@ -17,3 +17,16 @@ class IsDomainOwner(permissions.BasePermission):
 
     def has_object_permission(self, request, view, obj):
         return obj.domain.owner == request.user
+
+
+class WithinDomainLimitOnPOST(permissions.BasePermission):
+    """
+    Permission that requires that the user still has domain limit quota available, if the request is using POST.
+    """
+    message = 'Domain limit exceeded. Please contact support to create additional domains.'
+
+    def has_permission(self, request, view):
+        if request.method != 'POST':
+            return True
+
+        return request.user.limit_domains is None or request.user.domains.count() < request.user.limit_domains

api/desecapi/serializers.py

@@ -478,15 +478,6 @@ class DomainSerializer(serializers.ModelSerializer):
 
         return value
 
-    def validate(self, attrs):  # TODO I believe this should be a permission, not a validation
-        # Check user's domain limit
-        owner = self.context['request'].user
-        if (owner.limit_domains is not None and
-                owner.domains.count() >= owner.limit_domains):
-            msg = 'You reached the maximum number of domains allowed for your account.'
-            raise serializers.ValidationError(msg, code='domain_limit')
-        return attrs
-
 
 class DonationSerializer(serializers.ModelSerializer):
 

api/desecapi/tests/test_domains.py

@@ -314,8 +314,7 @@ class AutoDelegationDomainOwnerTests(DomainOwnerTestCase):
                 self.assertEqual(len(mail.outbox), i + 1)
 
         response = self.client.post(url, {'name': self.random_domain_name(self.AUTO_DELEGATION_DOMAINS)})
-        self.assertStatus(response, status.HTTP_400_BAD_REQUEST)
-        self.assertEqual(response.data['non_field_errors'][0].code, 'domain_limit')
+        self.assertContains(response, 'Domain limit', status_code=status.HTTP_403_FORBIDDEN)
         self.assertEqual(len(mail.outbox), user_quota)
 
     def test_domain_minimum_ttl(self):

api/desecapi/views.py

@@ -21,7 +21,7 @@ from rest_framework.viewsets import GenericViewSet
 import desecapi.authentication as auth
 from desecapi import serializers, models
 from desecapi.pdns_change_tracker import PDNSChangeTracker
-from desecapi.permissions import IsOwner, IsDomainOwner
+from desecapi.permissions import IsOwner, IsDomainOwner, WithinDomainLimitOnPOST
 from desecapi.renderers import PlainTextRenderer
 
 
@@ -66,7 +66,7 @@ class TokenViewSet(IdempotentDestroy,
 
 class DomainList(generics.ListCreateAPIView):
     serializer_class = serializers.DomainSerializer
-    permission_classes = (IsAuthenticated, IsOwner,)
+    permission_classes = (IsAuthenticated, IsOwner, WithinDomainLimitOnPOST)
 
     def get_queryset(self):
         return models.Domain.objects.filter(owner=self.request.user.pk)