mirrors/recipes
1
0
Fork 0
mirror of https://github.com/TandoorRecipes/recipes.git synced 2026-01-07 07:08:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

space api read for all users in space

Browse Source
This commit is contained in:
vabene1111
2023-07-15 13:57:25 +02:00
parent 7d50f3cf21
commit a497a6b7f5
5 changed files with 10 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cookbook/tests/api/test_api_space.py
View File

@@ -15,9 +15,9 @@ DETAIL_URL = 'api:space-detail'
@pytest.mark.parametrize("arg", [
['a_u', 403, 0],
['g1_s1', 403, 0],
['u1_s1', 403, 0],
['u1_s1', 200, 1],
['a1_s1', 200, 1],
['a2_s1', 200, 0],
['a2_s1', 200, 1],
])
def test_list_permission(arg, request, space_1, a1_s1):
space_1.created_by = auth.get_user(a1_s1)
@@ -29,16 +29,6 @@ def test_list_permission(arg, request, space_1, a1_s1):
assert len(json.loads(result.content)) == arg[2]
def test_list_permission_owner(u1_s1, a1_s1, space_1):
space_1.created_by = auth.get_user(a1_s1)
space_1.save()
assert len(json.loads(a1_s1.get(reverse(LIST_URL)).content)) == 1
assert u1_s1.get(reverse(LIST_URL)).status_code == 403
space_1.created_by = auth.get_user(u1_s1)
space_1.save()
assert u1_s1.get(reverse(LIST_URL)).status_code == 403
@pytest.mark.parametrize("arg", [
['a_u', 403],
['g1_s1', 403],

6
cookbook/views/api.py
View File

@@ -60,7 +60,7 @@ from cookbook.helper.permission_helper import (CustomIsAdmin, CustomIsOwner,
CustomIsSpaceOwner, CustomIsUser, group_required,
is_space_owner, switch_user_active_space, above_space_limit,
CustomRecipePermission, CustomUserPermission,
CustomTokenHasReadWriteScope, CustomTokenHasScope, has_group_permission)
CustomTokenHasReadWriteScope, CustomTokenHasScope, has_group_permission, IsReadOnlyDRF)
from cookbook.helper.recipe_search import RecipeFacet, RecipeSearch
from cookbook.helper.recipe_url_import import get_from_youtube_scraper, get_images_from_soup, clean_dict
from cookbook.helper.scrapers.scrapers import text_scraper
@@ -402,11 +402,11 @@ class GroupViewSet(viewsets.ModelViewSet):
class SpaceViewSet(viewsets.ModelViewSet):
queryset = Space.objects
serializer_class = SpaceSerializer
permission_classes = [CustomIsOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
permission_classes = [IsReadOnlyDRF & CustomIsUser | CustomIsOwner & CustomIsAdmin & CustomTokenHasReadWriteScope]
http_method_names = ['get', 'patch']
def get_queryset(self):
return self.queryset.filter(id=self.request.space.id, created_by=self.request.user)
return self.queryset.filter(id=self.request.space.id)
class UserSpaceViewSet(viewsets.ModelViewSet):