From 163f98713244e22930a60c7851fdeb302ba3fc30 Mon Sep 17 00:00:00 2001 From: Lebaud Antoine Date: Wed, 6 Mar 2024 19:21:10 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(backend)=20fix=20team=20accesses?= =?UTF-8?q?=20abilities?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To compute accesses's abilities, we need to determine which is the user's role in the team. We opted for a subquery, which retrieves the user's role within the team and annotate queryset's results. The current subquery was broken, and retrieved other users than the request's user. It led to compute accesses' abilities based on a randomly picked user. --- src/backend/core/api/viewsets.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index c71ea27..8ba2dd7 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -348,7 +348,7 @@ class TeamAccessViewSet( # instance for the logged-in user (we don't want to list only the team access # instances pointing to the logged-in user) user_role_query = models.TeamAccess.objects.filter( - team__accesses__user=self.request.user + user=self.request.user, team=self.kwargs["team_id"] ).values("role")[:1] queryset = (