Implement modifying access level.
This commit is contained in:
parent
36e6d3df24
commit
e8bd8927a0
@ -1,6 +1,7 @@
|
|||||||
import typing as t
|
import typing as t
|
||||||
|
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
|
from django.db import transaction
|
||||||
from django.db.models import QuerySet
|
from django.db.models import QuerySet
|
||||||
from fastapi import Depends, status
|
from fastapi import Depends, status
|
||||||
from pydantic import BaseModel
|
from pydantic import BaseModel
|
||||||
@ -22,6 +23,10 @@ def get_queryset(user: User, collection_uid: str, queryset=default_queryset) ->
|
|||||||
return collection, queryset.filter(collection=collection)
|
return collection, queryset.filter(collection=collection)
|
||||||
|
|
||||||
|
|
||||||
|
class CollectionMemberModifyAccessLevelIn(BaseModel):
|
||||||
|
accessLevel: models.AccessLevels
|
||||||
|
|
||||||
|
|
||||||
class CollectionMemberOut(BaseModel):
|
class CollectionMemberOut(BaseModel):
|
||||||
username: str
|
username: str
|
||||||
accessLevel: models.AccessLevels
|
accessLevel: models.AccessLevels
|
||||||
@ -73,6 +78,24 @@ def member_delete(
|
|||||||
obj.revoke()
|
obj.revoke()
|
||||||
|
|
||||||
|
|
||||||
|
@collection_router.patch("/{collection_uid}/member/{username}/", status_code=status.HTTP_204_NO_CONTENT)
|
||||||
|
def member_patch(
|
||||||
|
collection_uid: str,
|
||||||
|
username: str,
|
||||||
|
data: CollectionMemberModifyAccessLevelIn,
|
||||||
|
user: User = Depends(get_authenticated_user),
|
||||||
|
):
|
||||||
|
_, queryset = get_queryset(user, collection_uid)
|
||||||
|
instance = get_object_or_404(queryset, user__username__iexact=username)
|
||||||
|
|
||||||
|
with transaction.atomic():
|
||||||
|
# We only allow updating accessLevel
|
||||||
|
if instance.accessLevel != data.accessLevel:
|
||||||
|
instance.stoken = models.Stoken.objects.create()
|
||||||
|
instance.accessLevel = data.accessLevel
|
||||||
|
instance.save()
|
||||||
|
|
||||||
|
|
||||||
@collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT)
|
@collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT)
|
||||||
def member_leave(
|
def member_leave(
|
||||||
collection_uid: str,
|
collection_uid: str,
|
||||||
|
Loading…
Reference in New Issue
Block a user