Update IsProjectChatMember permission

Author: yakser

chats/permissions.py

@@ -1,11 +1,22 @@
+from django.contrib.auth import get_user_model
 from rest_framework.permissions import BasePermission
 
+from projects.models import Project
+
+User = get_user_model()
+
 
 class IsProjectChatMember(BasePermission):
+    def has_permission(self, request, view) -> bool:
+        try:
+            project = Project.objects.get(pk=view.kwargs["pk"])
+        except Project.DoesNotExist:
+            return False
+        if request.user in project.get_collaborators_user_list():
+            return True
+        return False
+
     def has_object_permission(self, request, view, obj):
-        collaborators = [
-            collaborator.user for collaborator in obj.project.collaborator_set.all()
-        ]
-        if request.user in collaborators:
+        if request.user in obj.project.get_collaborators_user_list():
             return True
         return False

chats/views.py

@@ -62,6 +62,10 @@ def get(self, request, *args, **kwargs) -> Response:
 
             user1_id, user2_id = map(int, self.kwargs["pk"].split("_"))
 
+            assert (
+                request.user.id == user1_id or request.user.id == user2_id
+            ), "current user id is not present in pk"
+
             user1 = User.objects.get(pk=user1_id)
             user2 = User.objects.get(pk=user2_id)
 
@@ -116,7 +120,7 @@ def get_queryset(self):
 
 class ProjectChatMessageList(ListCreateAPIView):
     serializer_class = ProjectChatMessageListSerializer
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsProjectChatMember]
     pagination_class = MessageListPagination
 
     def get_queryset(self):

projects/managers.py

@@ -1,9 +1,12 @@
+from django.contrib.auth import get_user_model
 from django.db.models import Manager
 from django.db.models import Prefetch
 
 from industries.models import Industry
 from users.models import CustomUser
 
+User = get_user_model()
+
 
 class ProjectManager(Manager):
     def get_projects_for_list_view(self):

projects/models.py

@@ -70,6 +70,9 @@ class Project(models.Model):
     def get_short_description(self) -> Optional[str]:
         return self.description[:90] if self.description else None
 
+    def get_collaborators_user_list(self) -> list[User]:
+        return [collaborator.user for collaborator in self.collaborator_set.all()]
+
     def save(
         self, force_insert=False, force_update=False, using=None, update_fields=None
     ):

users/migrations/0039_alter_customuser_first_name_and_more.py

@@ -0,0 +1,38 @@
+# Generated by Django 4.2.3 on 2023-08-08 19:56
+
+from django.db import migrations, models
+import users.validators
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("users", "0038_alter_customuser_options_customuser_ordering_score"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="customuser",
+            name="first_name",
+            field=models.CharField(
+                max_length=255, validators=[users.validators.user_name_validator]
+            ),
+        ),
+        migrations.AlterField(
+            model_name="customuser",
+            name="last_name",
+            field=models.CharField(
+                max_length=255, validators=[users.validators.user_name_validator]
+            ),
+        ),
+        migrations.AlterField(
+            model_name="customuser",
+            name="patronymic",
+            field=models.CharField(
+                blank=True,
+                max_length=255,
+                null=True,
+                validators=[users.validators.user_name_validator],
+            ),
+        ),
+    ]