Update admission queryset to be admission-specific

webkom · Sep 5, 2023 · 9a35ccc · 9a35ccc
1 parent 49beb58
commit 9a35ccc
Showing 1 changed file with 40 additions and 26 deletions.
diff --git a/admissions/admissions/views.py b/admissions/admissions/views.py
@@ -1,17 +1,19 @@
 from django.conf import settings
 from django.contrib.auth.models import User
-from django.db.models import Prefetch
+from django.db.models import Prefetch, Q
 from django.http import HttpResponse
 from django.views.generic.base import TemplateView
 from rest_framework import permissions, status, viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
 
+from admissions.admissions import constants
 from admissions.admissions.models import (
     Admission,
     Group,
     GroupApplication,
     LegoUser,
+    Membership,
     UserApplication,
 )
 from admissions.admissions.serializers import (
@@ -91,35 +93,47 @@ def get_permissions(self):
 
     def get_queryset(self):
         admission_slug = self.kwargs.get("admission_slug", None)
+        admission = Admission.objects.get(slug=admission_slug)
         user = self.request.user
         if user.is_anonymous:
-            return User.objects.none()
+            return UserApplication.objects.none()
         user.__class__ = LegoUser
-        if not user.is_privileged:
-            return User.objects.none()
-        if user.is_superuser:
-            return (
-                super()
-                .get_queryset()
-                .filter(admission__slug=admission_slug)
-                .prefetch_related("group_applications", "group_applications__group")
-            )
-
-        group = user.representative_of_group
-        qs = GroupApplication.objects.filter(group=group).select_related("group")
-
-        return (
-            super()
-            .get_queryset()
-            .filter(group_applications__group=group, admission__slug=admission_slug)
-            .prefetch_related(
-                Prefetch(
-                    "group_applications",
-                    queryset=qs,
-                    to_attr="group_applications_filtered",
+        # Check membership in admin groups
+        for group in admission.admin_groups.all():
+            if Membership.objects.filter(user=user.pk, group=group.pk).exists():
+                return (
+                    super()
+                    .get_queryset()
+                    .filter(admission__slug=admission_slug)
+                    .prefetch_related("group_applications", "group_applications__group")
                 )
-            )
-        )
+        # Check membership in admission groups
+        for group in admission.groups.all():
+            if (
+                Membership.objects.filter(user=user.pk, group=group.pk)
+                .filter(Q(role=constants.LEADER) | Q(role=constants.RECRUITING))
+                .exists()
+            ):
+                qs = GroupApplication.objects.filter(group=group).select_related(
+                    "group"
+                )
+
+                return (
+                    super()
+                    .get_queryset()
+                    .filter(
+                        group_applications__group=group, admission__slug=admission_slug
+                    )
+                    .prefetch_related(
+                        Prefetch(
+                            "group_applications",
+                            queryset=qs,
+                            to_attr="group_applications_filtered",
+                        )
+                    )
+                )
+        # No permissions
+        return UserApplication.objects.none()
 
     def get_serializer_class(self):
         if self.action in ("create"):