Skip to content

Commit

Permalink
fix: allow filtering by project_id in request params
Browse files Browse the repository at this point in the history
  • Loading branch information
@annehaley
annehaley committed Sep 30, 2024
1 parent 33eba30 commit 45f850f
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions uvdat/core/rest/access_control.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,25 @@ def has_object_permission(self, request, view, obj):

class GuardianFilter(BaseFilterBackend):
def filter_queryset(self, request, queryset, view):
if request.user.is_superuser:
project_id = request.query_params.get('project')
try:
project_id = int(project_id)
except ValueError:
project_id = None
if request.user.is_superuser and project_id is None:
return queryset

# Allow user to have any level of permission
all_perms = [x for x, _ in Project._meta.permissions]
user_projects = get_objects_for_user(
klass=models.Project, user=request.user, perms=all_perms, any_perm=True
klass=(
models.Project
if project_id is None
else models.Project.objects.filter(id=project_id)
),
user=request.user,
perms=all_perms,
any_perm=True,
)

# Return queryset filtered by objects that are within these projects
Expand Down

0 comments on commit 45f850f

Please sign in to comment.