🐛(backend) fix team accesses abilities

To compute accesses's abilities, we need to determine which is the user's role in the team. We opted for a subquery, which retrieves the user's role within the team and annotate queryset's results. The current subquery was broken, and retrieved other users than the request's user. It led to compute accesses' abilities based on a randomly picked user.
2024-03-06 19:21:10 +01:00
parent e9482a985f
commit 163f987132
1 changed files with 1 additions and 1 deletions
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -348,7 +348,7 @@ class TeamAccessViewSet(
            # instance for the logged-in user (we don't want to list only the team access
            # instances pointing to the logged-in user)
            user_role_query = models.TeamAccess.objects.filter(
-                team__accesses__user=self.request.user
+                user=self.request.user, team=self.kwargs["team_id"]
            ).values("role")[:1]

            queryset = (