✨(backend) add user abilities for front

This allows, on a per user basis, the display of features. The main goal here is to allow Team admin or owner to see the management views. We also added the same for the two other features (mailboxes and contacts) This will be improved later if needed :)
2024-11-06 17:22:01 +01:00
parent 4d3097e322
commit ac853299d3
7 changed files with 198 additions and 10 deletions
--- a/src/backend/core/api/serializers.py
+++ b/src/backend/core/api/serializers.py
@@ -71,6 +71,39 @@ class UserSerializer(DynamicFieldsModelSerializer):
        read_only_fields = ["id", "name", "email", "is_device", "is_staff"]


+class UserMeSerializer(UserSerializer):
+    """
+    Serialize the current user.
+
+    Same as the `UserSerializer` but with abilities.
+    """
+
+    abilities = serializers.SerializerMethodField()
+
+    class Meta:
+        model = models.User
+        fields = [
+            "email",
+            "id",
+            "is_device",
+            "is_staff",
+            "language",
+            "name",
+            "timezone",
+            # added fields
+            "abilities",
+        ]
+        read_only_fields = ["id", "name", "email", "is_device", "is_staff"]
+
+    def get_abilities(self, user: models.User) -> dict:
+        """Return abilities of the logged-in user on the instance."""
+        if user != self.context["request"].user:  # Should not happen
+            raise RuntimeError(
+                "UserMeSerializer.get_abilities: user is not the same as the request user",
+            )
+        return user.get_abilities()
+
+
 class TeamAccessSerializer(serializers.ModelSerializer):
    """Serialize team accesses."""

--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -188,6 +188,7 @@ class UserViewSet(
    permission_classes = [permissions.IsSelf]
    queryset = models.User.objects.all().order_by("-created_at")
    serializer_class = serializers.UserSerializer
+    get_me_serializer_class = serializers.UserMeSerializer
    throttle_classes = [BurstRateThrottle, SustainedRateThrottle]
    pagination_class = Pagination

@@ -225,9 +226,7 @@ class UserViewSet(
        Return information on currently logged user
        """
        user = request.user
-        return response.Response(
-            self.serializer_class(user, context={"request": request}).data
-        )
+        return response.Response(self.get_serializer(user).data)


 class TeamViewSet(