refactor: backend code cleanup (#177)

* refactor: segregate urls in urls.py

* refactor: remove all people endpoint

* refactor: update file asset endpoint with slug and remove unused imports in issue

* fix: remove people endpoint from __init__

* refactor: update permission logic to handle GET requests

* feat: add url for sign up endpoint in urls

* refactor: update the permission layer

apiserver/plane/api/permissions/project.py

@@ -13,16 +13,24 @@ class ProjectBasePermission(BasePermission):
 
         ## Safe Methods -> Handle the filtering logic in queryset
         if request.method in SAFE_METHODS:
-            return True
+            return WorkspaceMember.objects.filter(
+                workspace__slug=view.workspace_slug, member=request.user
+            ).exists()
+
         ## Only workspace owners or admins can create the projects
         if request.method == "POST":
             return WorkspaceMember.objects.filter(
-                workspace=view.workspace, member=request.user, role__in=[15, 20]
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                role__in=[15, 20],
             ).exists()
 
         ## Only Project Admins can update project attributes
         return ProjectMember.objects.filter(
-            workspace=view.workspace, member=request.user, role=20
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role=20,
+            project_id=view.project_id,
         ).exists()
 
 
@@ -34,16 +42,23 @@ class ProjectMemberPermission(BasePermission):
 
         ## Safe Methods -> Handle the filtering logic in queryset
         if request.method in SAFE_METHODS:
-            return True
+            return ProjectMember.objects.filter(
+                workspace=view.workspace, member=request.user
+            ).exists()
         ## Only workspace owners or admins can create the projects
         if request.method == "POST":
             return WorkspaceMember.objects.filter(
-                workspace=view.workspace, member=request.user, role__in=[15, 20]
+                workspace__slug=view.workspace_slug,
+                member=request.user,
+                role__in=[15, 20],
             ).exists()
 
         ## Only Project Admins can update project attributes
         return ProjectMember.objects.filter(
-            workspace=view.workspace, member=request.user, role__in=[15, 20]
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role__in=[15, 20],
+            project_id=view.project_id,
         ).exists()
 
 
@@ -55,9 +70,16 @@ class ProjectEntityPermission(BasePermission):
 
         ## Safe Methods -> Handle the filtering logic in queryset
         if request.method in SAFE_METHODS:
-            return True
-        ## Only workspace owners or admins can create the projects
-
             return ProjectMember.objects.filter(
-            workspace=view.workspace, member=request.user, role__in=[15, 20]
+                workspace=view.workspace,
+                member=request.user,
+                project_id=view.project_id,
+            ).exists()
+
+        ## Only project members or admins can create and edit the project attributes
+        return ProjectMember.objects.filter(
+            workspace__slug=view.workspace_slug,
+            member=request.user,
+            role__in=[15, 20],
+            project_id=view.project_id,
         ).exists()

apiserver/plane/api/urls.py

@@ -4,73 +4,94 @@ from django.urls import path
 # Create your urls here.
 
 from plane.api.views import (
+    # Authentication
+    SignUpEndpoint,
     SignInEndpoint,
     SignOutEndpoint,
     MagicSignInEndpoint,
     MagicSignInGenerateEndpoint,
+    OauthEndpoint,
+    ## End Authentication
+    # Auth Extended
     ForgotPasswordEndpoint,
-    PeopleEndpoint,
-    UserEndpoint,
     VerifyEmailEndpoint,
     ResetPasswordEndpoint,
     RequestEmailVerificationEndpoint,
-    OauthEndpoint,
     ChangePasswordEndpoint,
-)
-
-from plane.api.views import (
-    UserWorkspaceInvitationsEndpoint,
+    ## End Auth Extender
+    # User
+    UserEndpoint,
+    UpdateUserOnBoardedEndpoint,
+    ## End User
+    # Workspaces
     WorkSpaceViewSet,
+    UserWorkspaceInvitationsEndpoint,
     UserWorkSpacesEndpoint,
     InviteWorkspaceEndpoint,
     JoinWorkspaceEndpoint,
     WorkSpaceMemberViewSet,
     WorkspaceInvitationsViewset,
     UserWorkspaceInvitationsEndpoint,
+    WorkspaceMemberUserEndpoint,
+    WorkspaceMemberUserViewsEndpoint,
+    WorkSpaceAvailabilityCheckEndpoint,
+    TeamMemberViewSet,
+    AddTeamToProjectEndpoint,
+    UserLastProjectWithWorkspaceEndpoint,
+    UserWorkspaceInvitationEndpoint,
+    ## End Workspaces
+    # File Assets
+    FileAssetEndpoint,
+    ## End File Assets
+    # Projects
     ProjectViewSet,
     InviteProjectEndpoint,
     ProjectMemberViewSet,
     ProjectMemberInvitationsViewset,
-    StateViewSet,
-    ShortCutViewSet,
-    ViewViewSet,
-    CycleViewSet,
-    FileAssetEndpoint,
+    ProjectMemberUserEndpoint,
+    AddMemberToProjectEndpoint,
+    ProjectJoinEndpoint,
+    UserProjectInvitationsViewset,
+    ProjectIdentifierEndpoint,
+    ## End Projects
+    # Issues
     IssueViewSet,
     WorkSpaceIssuesEndpoint,
     IssueActivityEndpoint,
     IssueCommentViewSet,
-    TeamMemberViewSet,
-    TimeLineIssueViewSet,
-    CycleIssueViewSet,
-    IssuePropertyViewSet,
-    UpdateUserOnBoardedEndpoint,
-    UserWorkspaceInvitationEndpoint,
-    UserProjectInvitationsViewset,
-    ProjectIdentifierEndpoint,
-    LabelViewSet,
-    AddMemberToProjectEndpoint,
-    ProjectJoinEndpoint,
+    UserWorkSpaceIssues,
     BulkDeleteIssuesEndpoint,
     ProjectUserViewsEndpoint,
+    TimeLineIssueViewSet,
+    IssuePropertyViewSet,
+    LabelViewSet,
+    ## End Issues
+    # States
+    StateViewSet,
+    ## End States
+    # Shortcuts
+    ShortCutViewSet,
+    ## End Shortcuts
+    # Views
+    ViewViewSet,
+    ## End Views
+    # Cycles
+    CycleViewSet,
+    CycleIssueViewSet,
+    ## End Cycles
+    # Modules
     ModuleViewSet,
     ModuleIssueViewSet,
-    UserLastProjectWithWorkspaceEndpoint,
-    UserWorkSpaceIssues,
-    ProjectMemberUserEndpoint,
-    WorkspaceMemberUserEndpoint,
-    WorkspaceMemberUserViewsEndpoint,
-    WorkSpaceAvailabilityCheckEndpoint,
+    ## End Modules
 )
 
-from plane.api.views.project import AddTeamToProjectEndpoint
-
 
 urlpatterns = [
     #  Social Auth
     path("social-auth/", OauthEndpoint.as_view(), name="oauth"),
     # Auth
     path("sign-in/", SignInEndpoint.as_view(), name="sign-in"),
+    path("sign-up/", SignUpEndpoint.as_view(), name="sign-up"),
     path("sign-out/", SignOutEndpoint.as_view(), name="sign-out"),
     # Magic Sign In/Up
     path(
@@ -95,8 +116,6 @@ urlpatterns = [
         ForgotPasswordEndpoint.as_view(),
         name="forgot-password",
     ),
-    # List Users
-    path("users/", PeopleEndpoint.as_view()),
     # User Profile
     path(
         "users/me/",
@@ -654,9 +673,4 @@ urlpatterns = [
         name="project-module-issues",
     ),
     ## End Modules
-    # path(
-    #     "issues/<int:pk>/all/",
-    #     IssueViewSet.as_view({"get": "list_issue_history_comments"}),
-    #     name="Issue history and comments",
-    # ),
 ]

apiserver/plane/api/views/__init__.py

@@ -13,7 +13,6 @@ from .project import (
     ProjectMemberUserEndpoint,
 )
 from .people import (
-    PeopleEndpoint,
     UserEndpoint,
     UpdateUserOnBoardedEndpoint,
 )
@@ -64,6 +63,7 @@ from .auth_extended import (
 
 
 from .authentication import (
+    SignUpEndpoint,
     SignInEndpoint,
     SignOutEndpoint,
     MagicSignInEndpoint,

apiserver/plane/api/views/asset.py

@@ -6,7 +6,7 @@ from sentry_sdk import capture_exception
 
 # Module imports
 from .base import BaseAPIView
-from plane.db.models import FileAsset, Workspace
+from plane.db.models import FileAsset
 from plane.api.serializers import FileAssetSerializer
 
 
@@ -18,8 +18,8 @@ class FileAssetEndpoint(BaseAPIView):
     A viewset for viewing and editing task instances.
     """
 
-    def get(self, request):
-        files = FileAsset.objects.all()
+    def get(self, request, slug):
+        files = FileAsset.objects.filter(workspace__slug=slug)
         serializer = FileAssetSerializer(files, context={"request": request}, many=True)
         return Response(serializer.data)
 

apiserver/plane/api/views/issue.py

@@ -4,7 +4,6 @@ from itertools import groupby, chain
 
 # Django imports
 from django.db.models import Prefetch
-from django.db.models import Count, Sum
 from django.core.serializers.json import DjangoJSONEncoder
 
 # Third Party imports

apiserver/plane/api/views/people.py

@@ -7,48 +7,11 @@ from sentry_sdk import capture_exception
 # Module imports
 from plane.api.serializers import (
     UserSerializer,
-    WorkSpaceSerializer,
 )
 
 from plane.api.views.base import BaseViewSet, BaseAPIView
 from plane.db.models import User, Workspace
 
-
-class PeopleEndpoint(BaseAPIView):
-
-    filterset_fields = ("date_joined",)
-
-    search_fields = (
-        "^first_name",
-        "^last_name",
-        "^email",
-        "^username",
-    )
-
-    def get(self, request):
-        try:
-            users = User.objects.all().order_by("-date_joined")
-            if (
-                request.GET.get("search", None) is not None
-                and len(request.GET.get("search")) < 3
-            ):
-                return Response(
-                    {"message": "Search term must be at least 3 characters long"},
-                    status=status.HTTP_400_BAD_REQUEST,
-                )
-            return self.paginate(
-                request=request,
-                queryset=self.filter_queryset(users),
-                on_results=lambda data: UserSerializer(data, many=True).data,
-            )
-        except Exception as e:
-            capture_exception(e)
-            return Response(
-                {"message": "Something went wrong please try again later"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
-
 class UserEndpoint(BaseViewSet):
     serializer_class = UserSerializer
     model = User