thunderstrike/plane
thunderstrike/plane
2
0
Fork 0
forked from github/plane
Code Pull Requests Activity

chore: permissions for api endpoints (#419)

Browse Source
This commit is contained in:
pablohashescobar 2023-03-11 23:51:06 +05:30 committed by GitHub
parent bff89ee4c6
commit 6de6522a41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apiserver/plane/api/views/cycle.py
View File

@ -263,6 +263,11 @@ class CycleIssueViewSet(BaseViewSet):
class CycleDateCheckEndpoint(BaseAPIView): class CycleDateCheckEndpoint(BaseAPIView):
permission_classes = [
ProjectEntityPermission,
]
def post(self, request, slug, project_id): def post(self, request, slug, project_id):
try: try:
start_date = request.data.get("start_date") start_date = request.data.get("start_date")
@ -294,6 +299,11 @@ class CycleDateCheckEndpoint(BaseAPIView):
class CurrentUpcomingCyclesEndpoint(BaseAPIView): class CurrentUpcomingCyclesEndpoint(BaseAPIView):
permission_classes = [
ProjectEntityPermission,
]
def get(self, request, slug, project_id): def get(self, request, slug, project_id):
try: try:
subquery = CycleFavorite.objects.filter( subquery = CycleFavorite.objects.filter(
@ -332,6 +342,12 @@ class CurrentUpcomingCyclesEndpoint(BaseAPIView):
class CompletedCyclesEndpoint(BaseAPIView): class CompletedCyclesEndpoint(BaseAPIView):
permission_classes = [
ProjectEntityPermission,
]
def get(self, request, slug, project_id): def get(self, request, slug, project_id):
try: try:
subquery = CycleFavorite.objects.filter( subquery = CycleFavorite.objects.filter(
@ -364,6 +380,11 @@ class CompletedCyclesEndpoint(BaseAPIView):
class DraftCyclesEndpoint(BaseAPIView): class DraftCyclesEndpoint(BaseAPIView):
permission_classes = [
ProjectEntityPermission,
]
def get(self, request, slug, project_id): def get(self, request, slug, project_id):
try: try:
draft_cycles = Cycle.objects.filter( draft_cycles = Cycle.objects.filter(
@ -386,6 +407,11 @@ class DraftCyclesEndpoint(BaseAPIView):
class CycleFavoriteViewSet(BaseViewSet): class CycleFavoriteViewSet(BaseViewSet):
permission_classes = [
ProjectEntityPermission,
]
serializer_class = CycleFavoriteSerializer serializer_class = CycleFavoriteSerializer
model = CycleFavorite model = CycleFavorite

24
apiserver/plane/api/views/integration/base.py
View File

@ -25,7 +25,7 @@ from plane.utils.integrations.github import (
get_github_metadata, get_github_metadata,
delete_github_installation, delete_github_installation,
) )
from plane.api.permissions import WorkSpaceAdminPermission
class IntegrationViewSet(BaseViewSet): class IntegrationViewSet(BaseViewSet):
serializer_class = IntegrationSerializer serializer_class = IntegrationSerializer
@ -75,11 +75,33 @@ class IntegrationViewSet(BaseViewSet):
status=status.HTTP_400_BAD_REQUEST, status=status.HTTP_400_BAD_REQUEST,
) )
def destroy(self, request, pk):
try:
integration = Integration.objects.get(pk=pk)
if integration.verified:
return Response(
{"error": "Verified integrations cannot be updated"},
status=status.HTTP_400_BAD_REQUEST,
)
integration.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
except Integration.DoesNotExist:
return Response(
{"error": "Integration Does not exist"},
status=status.HTTP_404_NOT_FOUND,
)
class WorkspaceIntegrationViewSet(BaseViewSet): class WorkspaceIntegrationViewSet(BaseViewSet):
serializer_class = WorkspaceIntegrationSerializer serializer_class = WorkspaceIntegrationSerializer
model = WorkspaceIntegration model = WorkspaceIntegration
permission_classes = [
WorkSpaceAdminPermission,
]
def get_queryset(self): def get_queryset(self):
return ( return (
super() super()

18
apiserver/plane/api/views/integration/github.py
View File

@ -20,9 +20,14 @@ from plane.api.serializers import (
GithubCommentSyncSerializer, GithubCommentSyncSerializer,
) )
from plane.utils.integrations.github import get_github_repos from plane.utils.integrations.github import get_github_repos
from plane.api.permissions import ProjectBasePermission, ProjectEntityPermission
class GithubRepositoriesEndpoint(BaseAPIView): class GithubRepositoriesEndpoint(BaseAPIView):
permission_classes = [
ProjectBasePermission,
]
def get(self, request, slug, workspace_integration_id): def get(self, request, slug, workspace_integration_id):
try: try:
page = request.GET.get("page", 1) page = request.GET.get("page", 1)
@ -44,6 +49,10 @@ class GithubRepositoriesEndpoint(BaseAPIView):
class GithubRepositorySyncViewSet(BaseViewSet): class GithubRepositorySyncViewSet(BaseViewSet):
permission_classes = [
ProjectBasePermission,
]
serializer_class = GithubRepositorySyncSerializer serializer_class = GithubRepositorySyncSerializer
model = GithubRepositorySync model = GithubRepositorySync
@ -148,6 +157,10 @@ class GithubRepositorySyncViewSet(BaseViewSet):
class GithubIssueSyncViewSet(BaseViewSet): class GithubIssueSyncViewSet(BaseViewSet):
permission_classes = [
ProjectEntityPermission,
]
serializer_class = GithubIssueSyncSerializer serializer_class = GithubIssueSyncSerializer
model = GithubIssueSync model = GithubIssueSync
@ -159,6 +172,11 @@ class GithubIssueSyncViewSet(BaseViewSet):
class GithubCommentSyncViewSet(BaseViewSet): class GithubCommentSyncViewSet(BaseViewSet):
permission_classes = [
ProjectEntityPermission,
]
serializer_class = GithubCommentSyncSerializer serializer_class = GithubCommentSyncSerializer
model = GithubCommentSync model = GithubCommentSync

5
apiserver/plane/api/views/module.py
View File

@ -307,6 +307,11 @@ class ModuleLinkViewSet(BaseViewSet):
class ModuleFavoriteViewSet(BaseViewSet): class ModuleFavoriteViewSet(BaseViewSet):
permission_classes = [
ProjectEntityPermission,
]
serializer_class = ModuleFavoriteSerializer serializer_class = ModuleFavoriteSerializer
model = ModuleFavorite model = ModuleFavorite