added RO DRF permission and internal_note filters for invite/userspace

cookbook/helper/permission_helper.py

@@ -434,3 +434,10 @@ def switch_user_active_space(user, space):
             return us
     except ObjectDoesNotExist:
         return None
+
+
+class IsReadOnlyDRF(permissions.BasePermission):
+    message = 'You cannot interact with this object as it is not owned by you!'
+
+    def has_permission(self, request, view):
+        return request.method in SAFE_METHODS

cookbook/views/api.py

@@ -421,6 +421,10 @@ class UserSpaceViewSet(viewsets.ModelViewSet):
         return super().destroy(request, *args, **kwargs)
 
     def get_queryset(self):
+        internal_note = self.request.query_params.get('internal_note', None)
+        if internal_note is not None:
+            self.queryset = self.queryset.filter(internal_note=internal_note)
+
         if is_space_owner(self.request.user, self.request.space):
             return self.queryset.filter(space=self.request.space)
         else:
@@ -1165,6 +1169,11 @@ class InviteLinkViewSet(viewsets.ModelViewSet, StandardFilterMixin):
     permission_classes = [CustomIsSpaceOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
 
     def get_queryset(self):
+
+        internal_note = self.request.query_params.get('internal_note', None)
+        if internal_note is not None:
+            self.queryset = self.queryset.filter(internal_note=internal_note)
+
         if is_space_owner(self.request.user, self.request.space):
             self.queryset = self.queryset.filter(space=self.request.space).all()
             return super().get_queryset()