Skip to content

Commit

Permalink
[permissions] fix permissions for news
Browse files Browse the repository at this point in the history
  • Loading branch information
@EvanBldy
EvanBldy committed Nov 15, 2024
1 parent 8be5dfd commit 9565a52
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 1 deletion.
11 changes: 10 additions & 1 deletion zou/app/blueprints/news/resources.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,12 @@
from flask_jwt_extended import jwt_required

from zou.app.mixin import ArgsMixin
from zou.app.services import news_service, projects_service, user_service
from zou.app.services import (
news_service,
projects_service,
user_service,
persons_service,
)
from zou.app.services.exception import NewsNotFoundException
from zou.app.utils import permissions

Expand All @@ -21,6 +26,8 @@ def get_news(self, project_ids=[]):
before,
) = self.get_arguments()

current_user = persons_service.get_current_user_raw()

after = self.parse_date_parameter(after)
before = self.parse_date_parameter(before)
result = news_service.get_last_news_for_project(
Expand All @@ -34,6 +41,7 @@ def get_news(self, project_ids=[]):
page_size=page_size,
after=after,
before=before,
current_user=current_user,
)
stats = news_service.get_news_stats_for_project(
project_ids=project_ids,
Expand All @@ -44,6 +52,7 @@ def get_news(self, project_ids=[]):
author_id=person_id,
after=after,
before=before,
current_user=current_user,
)
result["stats"] = stats
return result
Expand Down
8 changes: 8 additions & 0 deletions zou/app/services/news_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ def get_last_news_for_project(
before=None,
after=None,
episode_id=None,
current_user=None,
):
"""
Return last 50 news for given project. Add related information to make it
Expand All @@ -120,6 +121,9 @@ def get_last_news_for_project(

if len(project_ids) > 0:
query = query.filter(Project.id.in_(project_ids))
elif current_user is not None:
if current_user.role.code != "admin":
query = query.filter(Project.team.contains(current_user))

if entity_id is not None:
query = query.filter(Entity.id == entity_id)
Expand Down Expand Up @@ -239,6 +243,7 @@ def get_news_stats_for_project(
author_id=None,
before=None,
after=None,
current_user=None,
):
"""
Return the number of news by task status for given project and filters.
Expand All @@ -262,6 +267,9 @@ def get_news_stats_for_project(

if len(project_ids) > 0:
query = query.filter(Project.id.in_(project_ids))
elif current_user is not None:
if current_user.role.code != "admin":
query = query.filter(Project.team.contains(current_user))

if task_status_id is not None:
query = query.filter(Comment.task_status_id == task_status_id)
Expand Down

0 comments on commit 9565a52

Please sign in to comment.