binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[WEB-1985] chore: page access control (#5154)

Browse source 
* chore: page access control

* chore: page access update endpoint updated

---------

Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
This commit is contained in:
Bavisetti Narayan 2024-07-19 15:43:01 +05:30 committed by GitHub
parent d3c3d3c5ab
commit 39a607ac0a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 42 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apiserver/plane/app/urls/page.py
View file

@ -66,6 +66,16 @@ urlpatterns = [
), ),
name="project-pages-lock-unlock", name="project-pages-lock-unlock",
), ),
# private and public page
path(
"workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:pk>/access/",
PageViewSet.as_view(
{
"post": "access",
}
),
name="project-pages-access",
),
path( path(
"workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:pk>/transactions/", "workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:pk>/transactions/",
PageLogEndpoint.as_view(), PageLogEndpoint.as_view(),

22
apiserver/plane/app/views/page/base.py
View file

@ -245,6 +245,28 @@ class PageViewSet(BaseViewSet):
return Response(status=status.HTTP_204_NO_CONTENT) return Response(status=status.HTTP_204_NO_CONTENT)
def access(self, request, slug, project_id, pk):
access = request.data.get("access", 0)
page = Page.objects.filter(
pk=pk, workspace__slug=slug, projects__id=project_id
).first()
# Only update access if the page owner is the requesting user
if (
page.access != request.data.get("access", page.access)
and page.owned_by_id != request.user.id
):
return Response(
{
"error": "Access cannot be updated since this page is owned by someone else"
},
status=status.HTTP_400_BAD_REQUEST,
)
page.access = access
page.save()
return Response(status=status.HTTP_204_NO_CONTENT)
def list(self, request, slug, project_id): def list(self, request, slug, project_id):
queryset = self.get_queryset() queryset = self.get_queryset()
pages = PageSerializer(queryset, many=True).data pages = PageSerializer(queryset, many=True).data

8
web/core/services/page/project-page.service.ts
View file

@ -42,6 +42,14 @@ export class ProjectPageService extends APIService {
}); });
} }
async updateAccess(workspaceSlug: string, projectId: string, pageId: string, data: Partial<TPage>): Promise<void> {
return this.post(`/api/workspaces/${workspaceSlug}/projects/${projectId}/pages/${pageId}/access/`, data)
.then((response) => response?.data)
.catch((error) => {
throw error?.response?.data;
});
}
async remove(workspaceSlug: string, projectId: string, pageId: string): Promise<void> { async remove(workspaceSlug: string, projectId: string, pageId: string): Promise<void> {
return this.delete(`/api/workspaces/${workspaceSlug}/projects/${projectId}/pages/${pageId}/`) return this.delete(`/api/workspaces/${workspaceSlug}/projects/${projectId}/pages/${pageId}/`)
.then((response) => response?.data) .then((response) => response?.data)

4
web/core/store/pages/page.ts
View file

@ -363,7 +363,7 @@ export class Page implements IPage {
runInAction(() => (this.access = EPageAccess.PUBLIC)); runInAction(() => (this.access = EPageAccess.PUBLIC));
try { try {
await this.pageService.update(workspaceSlug, projectId, this.id, { await this.pageService.updateAccess(workspaceSlug, projectId, this.id, {
access: EPageAccess.PUBLIC, access: EPageAccess.PUBLIC,
}); });
} catch (error) { } catch (error) {
@ -385,7 +385,7 @@ export class Page implements IPage {
runInAction(() => (this.access = EPageAccess.PRIVATE)); runInAction(() => (this.access = EPageAccess.PRIVATE));
try { try {
await this.pageService.update(workspaceSlug, projectId, this.id, { await this.pageService.updateAccess (workspaceSlug, projectId, this.id, {
access: EPageAccess.PRIVATE, access: EPageAccess.PRIVATE,
}); });
} catch (error) { } catch (error) {