✨(mail) manage mailboxes permissions

Manage create and list permissions for all roles.
2024-08-06 00:04:51 +02:00
parent 87e7d3e0b1
commit b637774179
8 changed files with 236 additions and 63 deletions
--- a/src/backend/mailbox_manager/api/permissions.py
+++ b/src/backend/mailbox_manager/api/permissions.py
@@ -2,6 +2,8 @@

 from core.api import permissions as core_permissions

+from mailbox_manager import models
+

 class AccessPermission(core_permissions.IsAuthenticated):
    """Permission class for access objects."""
@@ -10,3 +12,12 @@ class AccessPermission(core_permissions.IsAuthenticated):
        """Check permission for a given object."""
        abilities = obj.get_abilities(request.user)
        return abilities.get(request.method.lower(), False)
+
+
+class MailBoxPermission(core_permissions.IsAuthenticated):
+    """Permission class to manage mailboxes for a mail domain"""
+
+    def has_permission(self, request, view):
+        domain = models.MailDomain.objects.get(slug=view.kwargs.get("domain_slug", ""))
+        abilities = domain.get_abilities(request.user)
+        return abilities.get(request.method.lower(), False)
--- a/src/backend/mailbox_manager/api/serializers.py
+++ b/src/backend/mailbox_manager/api/serializers.py
@@ -16,6 +16,8 @@ class MailboxSerializer(serializers.ModelSerializer):
 class MailDomainSerializer(serializers.ModelSerializer):
    """Serialize mail domain."""

+    abilities = serializers.SerializerMethodField(read_only=True)
+
    class Meta:
        model = models.MailDomain
        lookup_field = "slug"
@@ -23,16 +25,25 @@ class MailDomainSerializer(serializers.ModelSerializer):
            "id",
            "name",
            "slug",
+            "abilities",
            "created_at",
            "updated_at",
        ]
        read_only_fields = [
            "id",
            "slug",
+            "abilities",
            "created_at",
            "updated_at",
        ]

+    def get_abilities(self, domain) -> dict:
+        """Return abilities of the logged-in user on the instance."""
+        request = self.context.get("request")
+        if request:
+            return domain.get_abilities(request.user)
+        return {}
+

 class MailDomainAccessSerializer(serializers.ModelSerializer):
    """Serialize mail domain accesses."""
--- a/src/backend/mailbox_manager/api/viewsets.py
+++ b/src/backend/mailbox_manager/api/viewsets.py
@@ -76,8 +76,10 @@ class MailBoxViewSet(
 ):
    """MailBox ViewSet"""

-    permission_classes = [drf_permissions.IsAuthenticated]
+    permission_classes = [permissions.MailBoxPermission]
    serializer_class = serializers.MailboxSerializer
+    filter_backends = [filters.OrderingFilter]
+    ordering = ["-created_at"]
    queryset = models.Mailbox.objects.all()

    def get_queryset(self):