ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-06-21 01:48:21 +02:00
Code Issues Releases Wiki Activity

Permissions support fully OAuth2 scopes

Browse Source 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
Yohann D'ANELLO
2021-06-15 15:50:36 +02:00
parent ea092803d7
commit 8be16e7b58
5 changed files with 56 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/note/api/views.py
View File

@ -39,7 +39,6 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet):
Parse query and apply filters.
:return: The filtered set of requested notes
"""
self.request.session.setdefault("permission_mask", 42)
queryset = self.queryset.filter(PermissionBackend.filter_queryset(self.request, Note, "view")
| PermissionBackend.filter_queryset(self.request, NoteUser, "view")
| PermissionBackend.filter_queryset(self.request, NoteClub, "view")
@ -204,6 +203,5 @@ class TransactionViewSet(ReadProtectedModelViewSet):
ordering_fields = ['created_at', 'amount', ]
def get_queryset(self):
self.request.session.setdefault("permission_mask", 42)
return self.model.objects.filter(PermissionBackend.filter_queryset(self.request, self.model, "view"))\
.order_by("created_at", "id")