✨(back) accept for a owner the request to access a document

Add the action accepting a request to access a document. It is possible to override the role from the request and also update an existing DocumentAccess
2025-06-18 15:50:12 +02:00
parent c2e46fa9e2
commit d33286019c
4 changed files with 212 additions and 2 deletions
--- a/src/backend/core/api/serializers.py
+++ b/src/backend/core/api/serializers.py
@@ -665,10 +665,22 @@ class InvitationSerializer(serializers.ModelSerializer):
        return role


+class RoleSerializer(serializers.Serializer):
+    """Serializer validating role choices."""
+
+    role = serializers.ChoiceField(
+        choices=models.RoleChoices.choices, required=False, allow_null=True
+    )
+
+
 class DocumentAskForAccessCreateSerializer(serializers.Serializer):
    """Serializer for creating a document ask for access."""

-    role = serializers.ChoiceField(choices=models.RoleChoices.choices, required=False, default=models.RoleChoices.READER)
+    role = serializers.ChoiceField(
+        choices=models.RoleChoices.choices,
+        required=False,
+        default=models.RoleChoices.READER,
+    )


 class DocumentAskForAccessSerializer(serializers.ModelSerializer):
@@ -695,7 +707,8 @@ class DocumentAskForAccessSerializer(serializers.ModelSerializer):
        if request:
            return invitation.get_abilities(request.user)
        return {}
-    
+
+
 class VersionFilterSerializer(serializers.Serializer):
    """Validate version filters applied to the list endpoint."""

--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -1837,6 +1837,17 @@ class DocumentAskForAccessViewSet(

        return drf.response.Response(status=drf.status.HTTP_201_CREATED)

+    @drf.decorators.action(detail=True, methods=["post"])
+    def accept(self, request, *args, **kwargs):
+        """Accept a document ask for access resource."""
+        document_ask_for_access = self.get_object()
+
+        serializer = serializers.RoleSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        document_ask_for_access.accept(role=serializer.validated_data.get("role"))
+        return drf.response.Response(status=drf.status.HTTP_204_NO_CONTENT)
+

 class ConfigView(drf.views.APIView):
    """API ViewSet for sharing some public settings."""