From 6af8d78ede33ee2fe477e6ede4d3fb146f2daa4d Mon Sep 17 00:00:00 2001
From: Manuel Raynaud <manu@raynaud.io>
Date: Tue, 1 Jul 2025 16:29:08 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=85(back)=20fix=20backend=20code=20relate?=
 =?UTF-8?q?d=20to=20multipage=20dev?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

During the multipage dev, the code base has changed a lot and rebase
after rebase it has come difficult to manage fixup commits. This commits
fix modification made that can be fixup in previous commits. The
persmission AccessPermission has been renamed in
ResourceWithAccessPermission and should be used in the
DocumentAskForAccessViewSet. A migration with the same dependency
exists, the last one is fixed. And a test didn't have removed an
abilitites.
---
 src/backend/core/api/viewsets.py                    | 13 ++++++++-----
 ...y => 0023_remove_document_is_public_and_more.py} |  2 +-
 .../tests/documents/test_api_documents_trashbin.py  |  1 -
 3 files changed, 9 insertions(+), 7 deletions(-)
 rename src/backend/core/migrations/{0021_remove_document_is_public_and_more.py => 0023_remove_document_is_public_and_more.py} (80%)

diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py
index e22b829e..b3f8b40a 100644
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -926,8 +926,7 @@ class DocumentViewSet(
         )
         serializer.is_valid(raise_exception=True)
         with_accesses = serializer.validated_data.get("with_accesses", False)
-        roles = set(document.get_roles(request.user))
-        is_owner_or_admin = bool(roles.intersection(set(models.PRIVILEGED_ROLES)))
+        is_owner_or_admin = document.get_role(request.user) in models.PRIVILEGED_ROLES
 
         base64_yjs_content = document.content
 
@@ -1898,7 +1897,10 @@ class DocumentAskForAccessViewSet(
 
     lookup_field = "id"
     pagination_class = Pagination
-    permission_classes = [permissions.IsAuthenticated, permissions.AccessPermission]
+    permission_classes = [
+        permissions.IsAuthenticated,
+        permissions.ResourceWithAccessPermission,
+    ]
     queryset = models.DocumentAskForAccess.objects.all()
     serializer_class = serializers.DocumentAskForAccessSerializer
     _document = None
@@ -1921,8 +1923,9 @@ class DocumentAskForAccessViewSet(
         queryset = super().get_queryset()
         queryset = queryset.filter(document=document)
 
-        roles = set(document.get_roles(self.request.user))
-        is_owner_or_admin = bool(roles.intersection(set(models.PRIVILEGED_ROLES)))
+        is_owner_or_admin = (
+            document.get_role(self.request.user) in models.PRIVILEGED_ROLES
+        )
         if not is_owner_or_admin:
             queryset = queryset.filter(user=self.request.user)
 
diff --git a/src/backend/core/migrations/0021_remove_document_is_public_and_more.py b/src/backend/core/migrations/0023_remove_document_is_public_and_more.py
similarity index 80%
rename from src/backend/core/migrations/0021_remove_document_is_public_and_more.py
rename to src/backend/core/migrations/0023_remove_document_is_public_and_more.py
index 97eaa468..9d8780d0 100644
--- a/src/backend/core/migrations/0021_remove_document_is_public_and_more.py
+++ b/src/backend/core/migrations/0023_remove_document_is_public_and_more.py
@@ -5,7 +5,7 @@ from django.db import migrations, models
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("core", "0020_remove_is_public_add_field_attachments_and_duplicated_from"),
+        ("core", "0022_alter_user_language_documentaskforaccess"),
     ]
 
     operations = [
diff --git a/src/backend/core/tests/documents/test_api_documents_trashbin.py b/src/backend/core/tests/documents/test_api_documents_trashbin.py
index 3a0a5f56..9e805397 100644
--- a/src/backend/core/tests/documents/test_api_documents_trashbin.py
+++ b/src/backend/core/tests/documents/test_api_documents_trashbin.py
@@ -74,7 +74,6 @@ def test_api_documents_trashbin_format():
             "accesses_view": True,
             "ai_transform": True,
             "ai_translate": True,
-            "ancestors_links_definitions": {},
             "attachment_upload": True,
             "can_edit": True,
             "children_create": True,