Once again I am reminded that I need to make another branch. Maybe next time. Permissions are being revamped making use of the fact that most of our records will have a team reference somewhere.
Changes to permissions:
IsTicketOwner was renamed to IsOwner. All tables that are semantically created by a user refer to that user as an owner.
BaseMemberPermission is a class that should be used abstractly. It includes a convenience method for querying the member table for use in IsMember and IsAdminMember.
Aforementioned IsMember and IsAdminMember query the member table to see if the request.user, team.id pair lead to a member record.
Permissions inheriting from BaseMemberPermission should only be used with tables that reference a team. These permissions calculate the member primary key from the team.id and username pair in order to retrieve a member record where the permission classes can do further processing.
MemberViewSet now inherits from mixins. This is so that the endpoints requiring the same level of permission are defined by the permission_classes. Endpoints that require a different set of permissions are defined with the @action decorator similar to bottle.
With these changes:
creation of member records requires only that the user is authenticated
reading member list / detailed record is only allowed for team members
approving members is only allowed for admins
updating the member profile is only allowed for the owner of that record
we are using a custom deactivate endpoint rather than a hard deletion
Once again I am reminded that I need to make another branch. Maybe next time. Permissions are being revamped making use of the fact that most of our records will have a team reference somewhere.
Changes to permissions:
Permissions inheriting from BaseMemberPermission should only be used with tables that reference a team. These permissions calculate the member primary key from the team.id and username pair in order to retrieve a member record where the permission classes can do further processing.
MemberViewSet now inherits from mixins. This is so that the endpoints requiring the same level of permission are defined by the permission_classes. Endpoints that require a different set of permissions are defined with the
@actiondecorator similar to bottle. With these changes: