taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[Backport] Fixing contacts API

remotes/origin/enhancement/email-actions
Alejandro Alonso 2015-05-27 13:08:17 +02:00
parent 44a319abfd
commit 049ae807a8
3 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
taiga/users/api.py
View File

@ -93,12 +93,11 @@ class UsersViewSet(ModelCrudViewSet):
@detail_route(methods=["GET"])
def contacts(self, request, *args, **kwargs):
user = self.get_object()
user = get_object_or_404(models.User, **kwargs)
self.check_permissions(request, 'contacts', user)
self.object_list = user_filters.ContactsFilterBackend().filter_queryset(request,
self.get_queryset(),
self)
self.object_list = user_filters.ContactsFilterBackend().filter_queryset(
user, request, self.get_queryset(), self)
page = self.paginate_queryset(self.object_list)
if page is not None:
@ -109,8 +108,8 @@ class UsersViewSet(ModelCrudViewSet):
return response.Ok(serializer.data)
@detail_route(methods=["GET"])
def stats(self, request, pk=None):
user = self.get_object()
def stats(self, request, *args, **kwargs):
user = get_object_or_404(models.User, **kwargs)
self.check_permissions(request, "stats", user)
return response.Ok(services.get_stats_for_user(user))

16
taiga/users/filters.py
View File

@ -22,25 +22,23 @@ from taiga.base.filters import PermissionBasedFilterBackend
class ContactsFilterBackend(PermissionBasedFilterBackend):
permission = "view_project"
def filter_queryset(self, request, queryset, view):
def filter_queryset(self, user, request, queryset, view):
qs = queryset.filter(is_active=True)
Membership = apps.get_model('projects', 'Membership')
memberships_qs = Membership.objects.filter(user=user)
# Authenticated
if request.user.is_authenticated():
# if super user we don't need to filter anything
if not request.user.is_superuser:
Membership = apps.get_model('projects', 'Membership')
memberships_qs = Membership.objects.filter(user=request.user)
memberships_qs = memberships_qs.filter(Q(role__permissions__contains=[self.permission]) |
Q(is_owner=True))
projects_list = [membership.project_id for membership in memberships_qs]
qs = qs.filter(memberships__project_id__in=projects_list)
qs = qs.exclude(id=request.user.id)
# Anonymous
else:
qs = qs.filter(memberships__project__anon_permissions__contains=[self.permission])
memberships_qs = memberships_qs.filter(project__anon_permissions__contains=[self.permission])
projects_list = [membership.project_id for membership in memberships_qs]
qs = qs.filter(memberships__project_id__in=projects_list)
qs = qs.exclude(id=user.id)
return qs.distinct()

10
tests/integration/test_users.py
View File

@ -189,12 +189,13 @@ def test_list_contacts_private_projects(client):
url = reverse('users-contacts', kwargs={"pk": user_1.pk})
response = client.get(url, content_type="application/json")
assert response.status_code == 404
assert response.status_code == 200
response_content = json.loads(response.content.decode("utf-8"))
assert len(response_content) == 0
client.login(user_1)
response = client.get(url, content_type="application/json")
assert response.status_code == 200
response_content = json.loads(response.content.decode("utf-8"))
assert len(response_content) == 1
assert response_content[0]["id"] == user_2.id
@ -234,6 +235,5 @@ def test_list_contacts_public_projects(client):
assert response.status_code == 200
response_content = json.loads(response.content.decode("utf-8"))
assert len(response_content) == 2
assert response_content[0]["id"] == user_1.id
assert response_content[1]["id"] == user_2.id
assert len(response_content) == 1
assert response_content[0]["id"] == user_2.id