Implement modifying access level.

This commit is contained in:
Tom Hacohen 2020-12-27 21:47:30 +02:00
parent 36e6d3df24
commit e8bd8927a0

View File

@ -1,6 +1,7 @@
import typing as t import typing as t
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.db import transaction
from django.db.models import QuerySet from django.db.models import QuerySet
from fastapi import Depends, status from fastapi import Depends, status
from pydantic import BaseModel from pydantic import BaseModel
@ -22,6 +23,10 @@ def get_queryset(user: User, collection_uid: str, queryset=default_queryset) ->
return collection, queryset.filter(collection=collection) return collection, queryset.filter(collection=collection)
class CollectionMemberModifyAccessLevelIn(BaseModel):
accessLevel: models.AccessLevels
class CollectionMemberOut(BaseModel): class CollectionMemberOut(BaseModel):
username: str username: str
accessLevel: models.AccessLevels accessLevel: models.AccessLevels
@ -73,6 +78,24 @@ def member_delete(
obj.revoke() obj.revoke()
@collection_router.patch("/{collection_uid}/member/{username}/", status_code=status.HTTP_204_NO_CONTENT)
def member_patch(
collection_uid: str,
username: str,
data: CollectionMemberModifyAccessLevelIn,
user: User = Depends(get_authenticated_user),
):
_, queryset = get_queryset(user, collection_uid)
instance = get_object_or_404(queryset, user__username__iexact=username)
with transaction.atomic():
# We only allow updating accessLevel
if instance.accessLevel != data.accessLevel:
instance.stoken = models.Stoken.objects.create()
instance.accessLevel = data.accessLevel
instance.save()
@collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT) @collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT)
def member_leave( def member_leave(
collection_uid: str, collection_uid: str,