chore: profile page permission (#1728)

* chore: profile page permission * dev: change the default type
2023-07-31 18:04:01 +05:30 · 2023-07-31 18:04:01 +05:30 · 1ae78e55c9
commit 1ae78e55c9
parent ff3f1897bc
3 changed files with 68 additions and 54 deletions
--- a/apiserver/plane/api/permissions/init.py
+++ b/apiserver/plane/api/permissions/init.py
@ -1,2 +1,2 @@
-from .workspace import WorkSpaceBasePermission, WorkSpaceAdminPermission, WorkspaceEntityPermission
+from .workspace import WorkSpaceBasePermission, WorkSpaceAdminPermission, WorkspaceEntityPermission, WorkspaceViewerPermission
 from .project import ProjectBasePermission, ProjectEntityPermission, ProjectMemberPermission, ProjectLitePermission
--- a/apiserver/plane/api/permissions/workspace.py
+++ b/apiserver/plane/api/permissions/workspace.py
@ -61,3 +61,13 @@ class WorkspaceEntityPermission(BasePermission):
        return WorkspaceMember.objects.filter(
            member=request.user, workspace__slug=view.workspace_slug
        ).exists()
 class WorkspaceViewerPermission(BasePermission):
    def has_permission(self, request, view):
        if request.user.is_anonymous:
            return False
        return WorkspaceMember.objects.filter(
            member=request.user, workspace__slug=view.workspace_slug, role__gte=10
        ).exists()
--- a/apiserver/plane/api/views/workspace.py
+++ b/apiserver/plane/api/views/workspace.py
@ -73,12 +73,14 @@ from plane.db.models import (
    IssueSubscriber,
    Project,
    Label,
    WorkspaceMember,
    CycleIssue,
 )
 from plane.api.permissions import (
    WorkSpaceBasePermission,
    WorkSpaceAdminPermission,
    WorkspaceEntityPermission,
    WorkspaceViewerPermission,
 )
 from plane.bgtasks.workspace_invitation_task import workspace_invitation
 from plane.utils.issue_filters import issue_filters
@ -1209,14 +1211,14 @@ class WorkspaceUserActivityEndpoint(BaseAPIView):
 class WorkspaceUserProfileEndpoint(BaseAPIView):
    permission_classes = [
        WorkspaceEntityPermission,
    ]
    def get(self, request, slug, user_id):
        try:
            user_data = User.objects.get(pk=user_id)
            requesting_workspace_member = WorkspaceMember.objects.get(workspace__slug=slug, member=request.user)
            projects = []
            if requesting_workspace_member.role >= 10:
                projects = (
                    Project.objects.filter(
                        workspace__slug=slug,
@ -1283,6 +1285,8 @@ class WorkspaceUserProfileEndpoint(BaseAPIView):
                },
                status=status.HTTP_200_OK,
            )
        except WorkspaceMember.DoesNotExist:
            return Response({"error": "Forbidden"}, status=status.HTTP_403_FORBIDDEN)
        except Exception as e:
            capture_exception(e)
            return Response(
@ -1293,7 +1297,7 @@ class WorkspaceUserProfileEndpoint(BaseAPIView):
 class WorkspaceUserProfileIssuesEndpoint(BaseAPIView):
    permission_classes = [
-        WorkspaceEntityPermission,
+        WorkspaceViewerPermission,
    ]
    def get(self, request, slug, user_id):
@ -1412,7 +1416,7 @@ class WorkspaceUserProfileIssuesEndpoint(BaseAPIView):
 class WorkspaceLabelsEndpoint(BaseAPIView):
    permission_classes = [
-        WorkspaceEntityPermission,
+        WorkspaceViewerPermission,
    ]
    def get(self, request, slug):
`@ -1,2 +1,2 @@`
	`from .workspace import WorkSpaceBasePermission, WorkSpaceAdminPermission, WorkspaceEntityPermission`	`from .workspace import WorkSpaceBasePermission, WorkSpaceAdminPermission, WorkspaceEntityPermission, WorkspaceViewerPermission`
	`from .project import ProjectBasePermission, ProjectEntityPermission, ProjectMemberPermission, ProjectLitePermission`	`from .project import ProjectBasePermission, ProjectEntityPermission, ProjectMemberPermission, ProjectLitePermission`