From e8bd8927a01617a5a8841071de30aa0120ad4e4f Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Sun, 27 Dec 2020 21:47:30 +0200 Subject: [PATCH] Implement modifying access level. --- etebase_fastapi/member.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/etebase_fastapi/member.py b/etebase_fastapi/member.py index 36aa5ce..2eeb365 100644 --- a/etebase_fastapi/member.py +++ b/etebase_fastapi/member.py @@ -1,6 +1,7 @@ import typing as t from django.contrib.auth import get_user_model +from django.db import transaction from django.db.models import QuerySet from fastapi import Depends, status from pydantic import BaseModel @@ -22,6 +23,10 @@ def get_queryset(user: User, collection_uid: str, queryset=default_queryset) -> return collection, queryset.filter(collection=collection) +class CollectionMemberModifyAccessLevelIn(BaseModel): + accessLevel: models.AccessLevels + + class CollectionMemberOut(BaseModel): username: str accessLevel: models.AccessLevels @@ -73,6 +78,24 @@ def member_delete( obj.revoke() +@collection_router.patch("/{collection_uid}/member/{username}/", status_code=status.HTTP_204_NO_CONTENT) +def member_patch( + collection_uid: str, + username: str, + data: CollectionMemberModifyAccessLevelIn, + user: User = Depends(get_authenticated_user), +): + _, queryset = get_queryset(user, collection_uid) + instance = get_object_or_404(queryset, user__username__iexact=username) + + with transaction.atomic(): + # We only allow updating accessLevel + if instance.accessLevel != data.accessLevel: + instance.stoken = models.Stoken.objects.create() + instance.accessLevel = data.accessLevel + instance.save() + + @collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT) def member_leave( collection_uid: str,