Implement modifying access level.
This commit is contained in:
parent
36e6d3df24
commit
e8bd8927a0
@ -1,6 +1,7 @@
|
||||
import typing as t
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.db import transaction
|
||||
from django.db.models import QuerySet
|
||||
from fastapi import Depends, status
|
||||
from pydantic import BaseModel
|
||||
@ -22,6 +23,10 @@ def get_queryset(user: User, collection_uid: str, queryset=default_queryset) ->
|
||||
return collection, queryset.filter(collection=collection)
|
||||
|
||||
|
||||
class CollectionMemberModifyAccessLevelIn(BaseModel):
|
||||
accessLevel: models.AccessLevels
|
||||
|
||||
|
||||
class CollectionMemberOut(BaseModel):
|
||||
username: str
|
||||
accessLevel: models.AccessLevels
|
||||
@ -73,6 +78,24 @@ def member_delete(
|
||||
obj.revoke()
|
||||
|
||||
|
||||
@collection_router.patch("/{collection_uid}/member/{username}/", status_code=status.HTTP_204_NO_CONTENT)
|
||||
def member_patch(
|
||||
collection_uid: str,
|
||||
username: str,
|
||||
data: CollectionMemberModifyAccessLevelIn,
|
||||
user: User = Depends(get_authenticated_user),
|
||||
):
|
||||
_, queryset = get_queryset(user, collection_uid)
|
||||
instance = get_object_or_404(queryset, user__username__iexact=username)
|
||||
|
||||
with transaction.atomic():
|
||||
# We only allow updating accessLevel
|
||||
if instance.accessLevel != data.accessLevel:
|
||||
instance.stoken = models.Stoken.objects.create()
|
||||
instance.accessLevel = data.accessLevel
|
||||
instance.save()
|
||||
|
||||
|
||||
@collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT)
|
||||
def member_leave(
|
||||
collection_uid: str,
|
||||
|
Loading…
Reference in New Issue
Block a user