From b5ce19a28e5d9cfede31af6c096cc9e5b791c880 Mon Sep 17 00:00:00 2001 From: Lebaud Antoine Date: Wed, 6 Mar 2024 19:34:14 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D(backend)=20clarify=20how=20team=20?= =?UTF-8?q?accesses=20are=20queried?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Break copy/pasted comment from Joanie in several inline comments, that are more specific and easy to read. Hopefully, it will help future myself understanding this queryset and explaining it. --- src/backend/core/api/viewsets.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index 8ba2dd7..55c7d5b 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -344,14 +344,13 @@ class TeamAccessViewSet( queryset = queryset.filter(team=self.kwargs["team_id"]) if self.action in {"list", "retrieve"}: - # Limit to team access instances related to a team THAT also has a team access - # instance for the logged-in user (we don't want to list only the team access - # instances pointing to the logged-in user) + # Determine which role the logged-in user has in the team user_role_query = models.TeamAccess.objects.filter( user=self.request.user, team=self.kwargs["team_id"] ).values("role")[:1] queryset = ( + # The logged-in user should be part of a team to see its accesses queryset.filter( team__accesses__user=self.request.user, ) @@ -362,6 +361,8 @@ class TeamAccessViewSet( to_attr="main_identity", ) ) + # Abilities are computed based on logged-in user's role and + # the user role on each team access .annotate(user_role=Subquery(user_role_query)) .distinct() )