|
|
|
|
@ -1,6 +1,7 @@
|
|
|
|
|
import typing as t
|
|
|
|
|
|
|
|
|
|
from django.contrib.auth import get_user_model
|
|
|
|
|
from django.db import transaction
|
|
|
|
|
from django.db.models import QuerySet
|
|
|
|
|
from fastapi import Depends, status
|
|
|
|
|
from pydantic import BaseModel
|
|
|
|
|
@ -22,6 +23,10 @@ def get_queryset(user: User, collection_uid: str, queryset=default_queryset) ->
|
|
|
|
|
return collection, queryset.filter(collection=collection)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class CollectionMemberModifyAccessLevelIn(BaseModel):
|
|
|
|
|
accessLevel: models.AccessLevels
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class CollectionMemberOut(BaseModel):
|
|
|
|
|
username: str
|
|
|
|
|
accessLevel: models.AccessLevels
|
|
|
|
|
@ -73,6 +78,24 @@ def member_delete(
|
|
|
|
|
obj.revoke()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@collection_router.patch("/{collection_uid}/member/{username}/", status_code=status.HTTP_204_NO_CONTENT)
|
|
|
|
|
def member_patch(
|
|
|
|
|
collection_uid: str,
|
|
|
|
|
username: str,
|
|
|
|
|
data: CollectionMemberModifyAccessLevelIn,
|
|
|
|
|
user: User = Depends(get_authenticated_user),
|
|
|
|
|
):
|
|
|
|
|
_, queryset = get_queryset(user, collection_uid)
|
|
|
|
|
instance = get_object_or_404(queryset, user__username__iexact=username)
|
|
|
|
|
|
|
|
|
|
with transaction.atomic():
|
|
|
|
|
# We only allow updating accessLevel
|
|
|
|
|
if instance.accessLevel != data.accessLevel:
|
|
|
|
|
instance.stoken = models.Stoken.objects.create()
|
|
|
|
|
instance.accessLevel = data.accessLevel
|
|
|
|
|
instance.save()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@collection_router.post("/{collection_uid}/member/leave/", status_code=status.HTTP_204_NO_CONTENT)
|
|
|
|
|
def member_leave(
|
|
|
|
|
collection_uid: str,
|
|
|
|
|
|
Tom Hacohen
4 years ago