added RO DRF permission and internal_note filters for invite/userspace

2023-07-03 21:59:15 +02:00
parent 3545b6e98a
commit ac1d641bd5
2 changed files with 16 additions and 0 deletions
--- a/cookbook/helper/permission_helper.py
+++ b/cookbook/helper/permission_helper.py
@ -434,3 +434,10 @@ def switch_user_active_space(user, space):
            return us
    except ObjectDoesNotExist:
        return None
+
+
+class IsReadOnlyDRF(permissions.BasePermission):
+    message = 'You cannot interact with this object as it is not owned by you!'
+
+    def has_permission(self, request, view):
+        return request.method in SAFE_METHODS
--- a/cookbook/views/api.py
+++ b/cookbook/views/api.py
@ -421,6 +421,10 @@ class UserSpaceViewSet(viewsets.ModelViewSet):
        return super().destroy(request, *args, **kwargs)

    def get_queryset(self):
+        internal_note = self.request.query_params.get('internal_note', None)
+        if internal_note is not None:
+            self.queryset = self.queryset.filter(internal_note=internal_note)
+
        if is_space_owner(self.request.user, self.request.space):
            return self.queryset.filter(space=self.request.space)
        else:
@ -1165,6 +1169,11 @@ class InviteLinkViewSet(viewsets.ModelViewSet, StandardFilterMixin):
    permission_classes = [CustomIsSpaceOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]

    def get_queryset(self):
+
+        internal_note = self.request.query_params.get('internal_note', None)
+        if internal_note is not None:
+            self.queryset = self.queryset.filter(internal_note=internal_note)
+
        if is_space_owner(self.request.user, self.request.space):
            self.queryset = self.queryset.filter(space=self.request.space).all()
            return super().get_queryset()