From 63565b38c3035ec9196e41dc91dd28da59532280 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Tue, 29 Apr 2025 16:06:31 +0200 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(backend)=20simplify=20Resour?= =?UTF-8?q?ceAccess=20viewset=20implementation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Restructure ResourceAccess viewset to align with Room and Recording viewset patterns. Clean up implementation while preserving identical behavior and API contract. Improves code consistency and maintainability across related viewsets. ResourceAccessPermission inherits from IsAuthenticated. --- src/backend/core/api/viewsets.py | 49 +++++++++++++------------------- 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index 5270ec69..76fdf8ae 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -531,40 +531,12 @@ class RoomViewSet( ) -class ResourceAccessListModelMixin: - """List mixin for resource access API.""" - - def get_permissions(self): - """User only needs to be authenticated to list rooms access""" - if self.action == "list": - permission_classes = [permissions.IsAuthenticated] - else: - return super().get_permissions() - - return [permission() for permission in permission_classes] - - def get_queryset(self): - """Return the queryset according to the action.""" - queryset = super().get_queryset() - if self.action == "list": - user = self.request.user - queryset = queryset.filter( - Q(resource__accesses__user=user), - resource__accesses__role__in=[ - models.RoleChoices.ADMIN, - models.RoleChoices.OWNER, - ], - ).distinct() - return queryset - - class ResourceAccessViewSet( - ResourceAccessListModelMixin, mixins.CreateModelMixin, mixins.DestroyModelMixin, - mixins.ListModelMixin, mixins.RetrieveModelMixin, mixins.UpdateModelMixin, + mixins.ListModelMixin, viewsets.GenericViewSet, ): """ @@ -575,6 +547,25 @@ class ResourceAccessViewSet( queryset = models.ResourceAccess.objects.all() serializer_class = serializers.ResourceAccessSerializer + def get_queryset(self): + """Return the queryset according to the action.""" + + queryset = super().get_queryset() + + # Restrict access to resources the user either has explicit + # permissions for or administrative privileges over. + if self.action == "list": + user = self.request.user + queryset = queryset.filter( + Q(resource__accesses__user=user), + resource__accesses__role__in=[ + models.RoleChoices.ADMIN, + models.RoleChoices.OWNER, + ], + ).distinct() + + return queryset + class RecordingViewSet( mixins.DestroyModelMixin,