corbz/PYRSS-Website
corbz/PYRSS-Website
1
0
Fork 0
Code Issues 21 Pull Requests Actions Releases 1 Wiki Activity

querysets restricting to proper authed users
All checks were successful
Build and Push Docker Image / build (push) Successful in 14s
Details

Browse Source
This commit is contained in:
Corban-Lee Jones 2024-09-07 22:00:42 +01:00
parent f9436a1d83
commit d65360fe77
1 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
apps/api/views.py
View File

@ -63,6 +63,15 @@ class SubChannel_ListView(generics.ListCreateAPIView):
filterset_fields = ["id", "channel_id", "channel_name", "subscription"]
search_fields = ["channel_name"]
def get_queryset(self):
if self.request.user.is_superuser:
return SubChannel.objects.all()
saved_guilds = SavedGuilds.objects.filter(added_by=self.request.user)
guild_ids = [guild.guild_id for guild in saved_guilds]
return SubChannel.objects.filter(subscription__guild_id__in=guild_ids)
def post(self, request):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
@ -94,6 +103,15 @@ class SubChannel_DetailView(generics.RetrieveUpdateDestroyAPIView):
serializer_class = SubChannelSerializer
queryset = SubChannel.objects.all().order_by("id")
def get_queryset(self):
if self.request.user.is_superuser:
return SubChannel.objects.all()
saved_guilds = SavedGuilds.objects.filter(added_by=self.request.user)
guild_ids = [guild.guild_id for guild in saved_guilds]
return SubChannel.objects.filter(subscription__guild_id__in=guild_ids)
# =================================================================================================
# Filter Views
@ -507,8 +525,6 @@ class TrackedContent_ListView(generics.ListCreateAPIView):
return TrackedContent.objects.filter(subscription__guild_id__in=guild_ids)
# return GuildSettings.objects.filter(guild_id__in=guild_ids)
def post(self, request):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
@ -540,6 +556,15 @@ class TrackedContent_DetailView(generics.RetrieveUpdateDestroyAPIView):
serializer_class = TrackedContentSerializer_POST
queryset = TrackedContent.objects.all().order_by("-creation_datetime")
def get_queryset(self):
if self.request.user.is_superuser:
return TrackedContent.objects.all()
saved_guilds = SavedGuilds.objects.filter(added_by=self.request.user)
guild_ids = [guild.guild_id for guild in saved_guilds]
return TrackedContent.objects.filter(subscription__guild_id__in=guild_ids)
class ArticleMutator_ListView(generics.ListCreateAPIView):
"""