From d65360fe77525efa0e7ae2ff1274bbbb777284cd Mon Sep 17 00:00:00 2001
From: Corban-Lee Jones <corbz.jones@gmail.com>
Date: Sat, 7 Sep 2024 22:00:42 +0100
Subject: [PATCH] querysets restricting to proper authed users

---
 apps/api/views.py | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/apps/api/views.py b/apps/api/views.py
index 5cee837..b31c343 100644
--- a/apps/api/views.py
+++ b/apps/api/views.py
@@ -63,6 +63,15 @@ class SubChannel_ListView(generics.ListCreateAPIView):
     filterset_fields = ["id", "channel_id", "channel_name", "subscription"]
     search_fields = ["channel_name"]
 
+    def get_queryset(self):
+        if self.request.user.is_superuser:
+            return SubChannel.objects.all()
+
+        saved_guilds = SavedGuilds.objects.filter(added_by=self.request.user)
+        guild_ids = [guild.guild_id for guild in saved_guilds]
+
+        return SubChannel.objects.filter(subscription__guild_id__in=guild_ids)
+
     def post(self, request):
         serializer = self.get_serializer(data=request.data)
         serializer.is_valid(raise_exception=True)
@@ -94,6 +103,15 @@ class SubChannel_DetailView(generics.RetrieveUpdateDestroyAPIView):
     serializer_class = SubChannelSerializer
     queryset = SubChannel.objects.all().order_by("id")
 
+    def get_queryset(self):
+        if self.request.user.is_superuser:
+            return SubChannel.objects.all()
+
+        saved_guilds = SavedGuilds.objects.filter(added_by=self.request.user)
+        guild_ids = [guild.guild_id for guild in saved_guilds]
+
+        return SubChannel.objects.filter(subscription__guild_id__in=guild_ids)
+
 
 # =================================================================================================
 # Filter Views
@@ -507,8 +525,6 @@ class TrackedContent_ListView(generics.ListCreateAPIView):
 
         return TrackedContent.objects.filter(subscription__guild_id__in=guild_ids)
 
-        # return GuildSettings.objects.filter(guild_id__in=guild_ids)
-
     def post(self, request):
         serializer = self.get_serializer(data=request.data)
         serializer.is_valid(raise_exception=True)
@@ -540,6 +556,15 @@ class TrackedContent_DetailView(generics.RetrieveUpdateDestroyAPIView):
     serializer_class = TrackedContentSerializer_POST
     queryset = TrackedContent.objects.all().order_by("-creation_datetime")
 
+    def get_queryset(self):
+        if self.request.user.is_superuser:
+            return TrackedContent.objects.all()
+
+        saved_guilds = SavedGuilds.objects.filter(added_by=self.request.user)
+        guild_ids = [guild.guild_id for guild in saved_guilds]
+
+        return TrackedContent.objects.filter(subscription__guild_id__in=guild_ids)
+
 
 class ArticleMutator_ListView(generics.ListCreateAPIView):
     """