From 6afbd3f1ba434a022eeae92e96c49e784243f961 Mon Sep 17 00:00:00 2001
From: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
Date: Thu, 28 Sep 2023 13:16:31 +0530
Subject: [PATCH] chore: views (#2288)

* chore: global views order by

* chore: update permissions for global views

---------

Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
---
 apiserver/plane/api/permissions/workspace.py | 11 ++++++++++-
 apiserver/plane/api/views/issue.py           |  2 --
 apiserver/plane/api/views/view.py            |  2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/apiserver/plane/api/permissions/workspace.py b/apiserver/plane/api/permissions/workspace.py
index d01b545ee..66e836614 100644
--- a/apiserver/plane/api/permissions/workspace.py
+++ b/apiserver/plane/api/permissions/workspace.py
@@ -58,8 +58,17 @@ class WorkspaceEntityPermission(BasePermission):
         if request.user.is_anonymous:
             return False
 
+        ## Safe Methods -> Handle the filtering logic in queryset
+        if request.method in SAFE_METHODS:
+            return WorkspaceMember.objects.filter(
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+            ).exists()
+
         return WorkspaceMember.objects.filter(
-            member=request.user, workspace__slug=view.workspace_slug
+            member=request.user,
+            workspace__slug=view.workspace_slug,
+            role__in=[Owner, Admin],
         ).exists()
 
 
diff --git a/apiserver/plane/api/views/issue.py b/apiserver/plane/api/views/issue.py
index 844095434..29f14e437 100644
--- a/apiserver/plane/api/views/issue.py
+++ b/apiserver/plane/api/views/issue.py
@@ -24,7 +24,6 @@ from django.core.serializers.json import DjangoJSONEncoder
 from django.utils.decorators import method_decorator
 from django.views.decorators.gzip import gzip_page
 from django.db import IntegrityError
-from django.conf import settings
 from django.db import IntegrityError
 
 # Third Party imports
@@ -58,7 +57,6 @@ from plane.api.serializers import (
     IssuePublicSerializer,
 )
 from plane.api.permissions import (
-    WorkspaceEntityPermission,
     ProjectEntityPermission,
     WorkSpaceAdminPermission,
     ProjectMemberPermission,
diff --git a/apiserver/plane/api/views/view.py b/apiserver/plane/api/views/view.py
index b6f1d7c4b..435f8725a 100644
--- a/apiserver/plane/api/views/view.py
+++ b/apiserver/plane/api/views/view.py
@@ -61,7 +61,7 @@ class GlobalViewViewSet(BaseViewSet):
             .get_queryset()
             .filter(workspace__slug=self.kwargs.get("slug"))
             .select_related("workspace")
-            .order_by("-created_at")
+            .order_by(self.request.GET.get("order_by", "-created_at"))
             .distinct()
         )