chore: permission layer and updated issues v1 query from workspace to project level (#5753)

Co-authored-by: gurusainath <gurusainath007@gmail.com>
2024-10-04 18:34:46 +05:30 · 2024-10-04 18:34:46 +05:30 · 01257a6936
commit 01257a6936
parent 51b01ebcac
3 changed files with 22 additions and 22 deletions
--- a/apiserver/plane/app/urls/issue.py
+++ b/apiserver/plane/app/urls/issue.py
@ -42,7 +42,7 @@ urlpatterns = [
    ),
    # updated v2 paginated issues
    path(
-        "workspaces/<str:slug>/v2/issues/",
+        "workspaces/<str:slug>/projects/<uuid:project_id>/v2/issues/",
        IssuePaginatedViewSet.as_view({"get": "list"}),
        name="project-issues-paginated",
    ),
--- a/apiserver/plane/app/views/issue/base.py
+++ b/apiserver/plane/app/views/issue/base.py
@ -741,17 +741,12 @@ class DeletedIssuesListViewSet(BaseAPIView):
 class IssuePaginatedViewSet(BaseViewSet):
    def get_queryset(self):
        workspace_slug = self.kwargs.get("slug")
-
-        # getting the project_id from the request params
-        project_id = self.request.GET.get("project_id", None)
+        project_id = self.kwargs.get("project_id")

        issue_queryset = Issue.issue_objects.filter(
-            workspace__slug=workspace_slug
+            workspace__slug=workspace_slug, project_id=project_id
        )

-        if project_id:
-            issue_queryset = issue_queryset.filter(project_id=project_id)
-
        return (
            issue_queryset.select_related(
                "workspace", "project", "state", "parent"
@ -793,8 +788,8 @@ class IssuePaginatedViewSet(BaseViewSet):

        return paginated_data

-    def list(self, request, slug):
-        project_id = self.request.GET.get("project_id", None)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
+    def list(self, request, slug, project_id):
        cursor = request.GET.get("cursor", None)
        is_description_required = request.GET.get("description", False)
        updated_at = request.GET.get("updated_at__gt", None)
@ -833,14 +828,26 @@ class IssuePaginatedViewSet(BaseViewSet):
            required_fields.append("description_html")

        # querying issues
-        base_queryset = Issue.issue_objects.filter(workspace__slug=slug)
-
-        if project_id:
-            base_queryset = base_queryset.filter(project_id=project_id)
+        base_queryset = Issue.issue_objects.filter(
+            workspace__slug=slug, project_id=project_id
+        )

        base_queryset = base_queryset.order_by("updated_at")
        queryset = self.get_queryset().order_by("updated_at")

+        # validation for guest user
+        project = Project.objects.get(pk=project_id, workspace__slug=slug)
+        project_member = ProjectMember.objects.filter(
+            workspace__slug=slug,
+            project_id=project_id,
+            member=request.user,
+            role=5,
+            is_active=True,
+        )
+        if project_member.exists() and not project.guest_view_all_features:
+            base_queryset = base_queryset.filter(created_by=request.user)
+            queryset = queryset.filter(created_by=request.user)
+
        # filtering issues by greater then updated_at given by the user
        if updated_at:
            base_queryset = base_queryset.filter(updated_at__gt=updated_at)
--- a/web/core/services/issue/issue.service.ts
+++ b/web/core/services/issue/issue.service.ts
@ -55,14 +55,7 @@ export class IssueService extends APIService {
    queries?: any,
    config = {}
  ): Promise<TIssuesResponse> {
-    queries.project_id = projectId;
-    return this.get(
-      `/api/workspaces/${workspaceSlug}/v2/issues/`,
-      {
-        params: queries,
-      },
-      config
-    )
+    return this.get(`/api/workspaces/${workspaceSlug}/projects/${projectId}/v2/issues/`, { params: queries }, config)
      .then((response) => response?.data)
      .catch((error) => {
        throw error?.response?.data;