870c4403e4
* dev: initiate external apis * dev: external api * dev: external public api implementation * dev: add prefix to all api tokens * dev: flag to enable disable api token api access * dev: webhook model create and apis * dev: webhook settings * fix: webhook logs * chore: removed drf spectacular * dev: remove retry_count and fix api logging for get requests * dev: refactor webhook logic * fix: celery retry mechanism * chore: event and action change * chore: migrations changes * dev: proxy setup for apis * chore: changed retry time and cleanup * chore: added issue comment and inbox issue api endpoints * fix: migration files * fix: added env variables * fix: removed issue attachment from proxy * fix: added new migration file * fix: restricted wehbook access * chore: changed urls * chore: fixed porject serializer * fix: set expire for api token * fix: retrive endpoint for api token * feat: Api Token screens & api integration * dev: webhook endpoint changes * dev: add fields for webhook updates * feat: Download Api secret key * chore: removed BASE API URL * feat: revoke token access * dev: migration fixes * feat: workspace webhooks (#2748) * feat: workspace webhook store, services integeration and rendered webhook list and create * chore: handled webhook update and rengenerate token in workspace webhooks * feat: regenerate key and delete functionality --------- Co-authored-by: Ramesh Kumar <rameshkumar@rameshs-MacBook-Pro.local> Co-authored-by: gurusainath <gurusainath007@gmail.com> Co-authored-by: Ramesh Kumar Chandra <rameshkumar2299@gmail.com> * fix: url validation added * fix: seperated env for webhook and api * Web hooks refactoring * add show option for generated hook key * Api token restructure * webhook minor fixes * fix build errors * chore: improvements in file structring * dev: rate limiting the open apis --------- Co-authored-by: pablohashescobar <nikhilschacko@gmail.com> Co-authored-by: LAKHAN BAHETI <lakhanbaheti9@gmail.com> Co-authored-by: rahulramesha <71900764+rahulramesha@users.noreply.github.com> Co-authored-by: Ramesh Kumar <rameshkumar@rameshs-MacBook-Pro.local> Co-authored-by: gurusainath <gurusainath007@gmail.com> Co-authored-by: Ramesh Kumar Chandra <rameshkumar2299@gmail.com> Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com> Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com> Co-authored-by: rahulramesha <rahulramesham@gmail.com>
116 lines
3.3 KiB
Python
116 lines
3.3 KiB
Python
# Third Party imports
|
|
from rest_framework.permissions import BasePermission, SAFE_METHODS
|
|
|
|
# Module imports
|
|
from plane.db.models import WorkspaceMember
|
|
|
|
|
|
# Permission Mappings
|
|
Owner = 20
|
|
Admin = 15
|
|
Member = 10
|
|
Guest = 5
|
|
|
|
|
|
# TODO: Move the below logic to python match - python v3.10
|
|
class WorkSpaceBasePermission(BasePermission):
|
|
def has_permission(self, request, view):
|
|
# allow anyone to create a workspace
|
|
if request.user.is_anonymous:
|
|
return False
|
|
|
|
if request.method == "POST":
|
|
return True
|
|
|
|
## Safe Methods
|
|
if request.method in SAFE_METHODS:
|
|
return True
|
|
|
|
# allow only admins and owners to update the workspace settings
|
|
if request.method in ["PUT", "PATCH"]:
|
|
return WorkspaceMember.objects.filter(
|
|
member=request.user,
|
|
workspace__slug=view.workspace_slug,
|
|
role__in=[Owner, Admin],
|
|
is_active=True,
|
|
).exists()
|
|
|
|
# allow only owner to delete the workspace
|
|
if request.method == "DELETE":
|
|
return WorkspaceMember.objects.filter(
|
|
member=request.user,
|
|
workspace__slug=view.workspace_slug,
|
|
role=Owner,
|
|
is_active=True,
|
|
).exists()
|
|
|
|
|
|
class WorkspaceOwnerPermission(BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.user.is_anonymous:
|
|
return False
|
|
|
|
return WorkspaceMember.objects.filter(
|
|
workspace__slug=view.workspace_slug,
|
|
member=request.user,
|
|
role=Owner,
|
|
).exists()
|
|
|
|
|
|
class WorkSpaceAdminPermission(BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.user.is_anonymous:
|
|
return False
|
|
|
|
return WorkspaceMember.objects.filter(
|
|
member=request.user,
|
|
workspace__slug=view.workspace_slug,
|
|
role__in=[Owner, Admin],
|
|
is_active=True,
|
|
).exists()
|
|
|
|
|
|
class WorkspaceEntityPermission(BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.user.is_anonymous:
|
|
return False
|
|
|
|
## Safe Methods -> Handle the filtering logic in queryset
|
|
if request.method in SAFE_METHODS:
|
|
return WorkspaceMember.objects.filter(
|
|
workspace__slug=view.workspace_slug,
|
|
member=request.user,
|
|
is_active=True,
|
|
).exists()
|
|
|
|
return WorkspaceMember.objects.filter(
|
|
member=request.user,
|
|
workspace__slug=view.workspace_slug,
|
|
role__in=[Owner, Admin],
|
|
is_active=True,
|
|
).exists()
|
|
|
|
|
|
class WorkspaceViewerPermission(BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.user.is_anonymous:
|
|
return False
|
|
|
|
return WorkspaceMember.objects.filter(
|
|
member=request.user,
|
|
workspace__slug=view.workspace_slug,
|
|
role__gte=10,
|
|
is_active=True,
|
|
).exists()
|
|
|
|
|
|
class WorkspaceUserPermission(BasePermission):
|
|
def has_permission(self, request, view):
|
|
if request.user.is_anonymous:
|
|
return False
|
|
|
|
return WorkspaceMember.objects.filter(
|
|
member=request.user,
|
|
workspace__slug=view.workspace_slug,
|
|
is_active=True,
|
|
).exists()
|