From b783d2e2102f460ec7d41198c4bfe69e015d2263 Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Sun, 7 May 2023 16:07:48 -0700 Subject: [PATCH] Fix PassUserMixin not properly being used in DocumentViewSet --- src/documents/tests/test_api.py | 26 ++++++++++++++++++++++++-- src/documents/views.py | 4 +--- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/src/documents/tests/test_api.py b/src/documents/tests/test_api.py index e8c6dee7c..29829c8ab 100644 --- a/src/documents/tests/test_api.py +++ b/src/documents/tests/test_api.py @@ -3533,9 +3533,28 @@ class TestApiAuth(DirectoriesMixin, APITestCase): ) def test_dynamic_permissions_fields(self): - Document.objects.create(title="Test", content="content 1", checksum="1") + user1 = User.objects.create_user(username="user1") + user1.user_permissions.add(*Permission.objects.filter(codename="view_document")) + user2 = User.objects.create_user(username="user2") + + Document.objects.create(title="Test", content="content 1", checksum="1") + doc2 = Document.objects.create( + title="Test2", + content="content 2", + checksum="2", + owner=user2, + ) + doc3 = Document.objects.create( + title="Test3", + content="content 3", + checksum="3", + owner=user2, + ) + + assign_perm("view_document", user1, doc2) + assign_perm("view_document", user1, doc3) + assign_perm("change_document", user1, doc3) - user1 = User.objects.create_superuser(username="test1") self.client.force_authenticate(user1) response = self.client.get( @@ -3549,6 +3568,9 @@ class TestApiAuth(DirectoriesMixin, APITestCase): self.assertNotIn("permissions", resp_data["results"][0]) self.assertIn("user_can_change", resp_data["results"][0]) + self.assertEqual(resp_data["results"][0]["user_can_change"], True) # doc1 + self.assertEqual(resp_data["results"][1]["user_can_change"], False) # doc2 + self.assertEqual(resp_data["results"][2]["user_can_change"], True) # doc3 response = self.client.get( "/api/documents/?full_perms=true", diff --git a/src/documents/views.py b/src/documents/views.py index 0b450c3b3..bfe2b3e6f 100644 --- a/src/documents/views.py +++ b/src/documents/views.py @@ -270,11 +270,9 @@ class DocumentViewSet( return Document.objects.distinct().annotate(num_notes=Count("notes")) def get_serializer(self, *args, **kwargs): - super().get_serializer(*args, **kwargs) fields_param = self.request.query_params.get("fields", None) fields = fields_param.split(",") if fields_param else None truncate_content = self.request.query_params.get("truncate_content", "False") - serializer_class = self.get_serializer_class() kwargs.setdefault("context", self.get_serializer_context()) kwargs.setdefault("fields", fields) kwargs.setdefault("truncate_content", truncate_content.lower() in ["true", "1"]) @@ -282,7 +280,7 @@ class DocumentViewSet( "full_perms", self.request.query_params.get("full_perms", False), ) - return serializer_class(*args, **kwargs) + return super().get_serializer(*args, **kwargs) def update(self, request, *args, **kwargs): response = super().update(request, *args, **kwargs)