Permission refactor of QR Codes (#807)

* added permissions to qr code and refactored viewset * format * removed unused imports
TIHLDE · Jun 9, 2024 · ed57afc · ed57afc
1 parent 64d717c
commit ed57afc
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 5 deletions.
diff --git a/app/content/models/qr_code.py b/app/content/models/qr_code.py
@@ -1,7 +1,7 @@
 from django.db import models
 
 from app.common.enums import Groups
-from app.common.permissions import BasePermissionModel
+from app.common.permissions import BasePermissionModel, check_has_access
 from app.content.models import User
 from app.util.models import BaseModel, OptionalImage
 
@@ -20,3 +20,32 @@ class Meta:
 
     def __str__(self):
         return f"{self.name} - {self.user.user_id}"
+
+    @classmethod
+    def has_read_permission(cls, request):
+        return check_has_access(cls.read_access, request)
+
+    @classmethod
+    def has_retrieve_permission(cls, request):
+        return check_has_access(cls.read_access, request)
+
+    @classmethod
+    def has_destroy_permission(cls, request):
+        return check_has_access(cls.write_access, request)
+
+    @classmethod
+    def has_create_permission(cls, request):
+        return check_has_access(cls.write_access, request)
+
+    @classmethod
+    def has_update_permission(cls, request):
+        return check_has_access(cls.write_access, request)
+
+    def has_object_retrieve_permission(self, request):
+        return request.user == self.user
+
+    def has_object_update_permission(self, request):
+        return request.user == self.user
+
+    def has_object_destroy_permission(self, request):
+        return request.user == self.user
diff --git a/app/content/views/qr_code.py b/app/content/views/qr_code.py
@@ -1,10 +1,9 @@
-from django.shortcuts import get_object_or_404
 from rest_framework import status
 from rest_framework.response import Response
 
 from app.common.permissions import BasicViewPermission
 from app.common.viewsets import BaseViewSet
-from app.content.models import QRCode, User
+from app.content.models import QRCode
 from app.content.serializers.qr_code import (
     QRCodeCreateSerializer,
     QRCodeSerializer,
@@ -19,11 +18,11 @@ class QRCodeViewSet(BaseViewSet):
     def get_queryset(self):
         if hasattr(self, "action") and self.action == "retrieve":
             return super().get_queryset()
-        user = get_object_or_404(User, user_id=self.request.id)
+        user = self.request.user
         return super().get_queryset().filter(user=user)
 
     def create(self, request, *args, **kwargs):
-        user = get_object_or_404(User, user_id=request.id)
+        user = request.user
         data = request.data
 
         serializer = QRCodeCreateSerializer(data=data, context={"request": request})