Refactor permission handling in ProjectViewSet to clarify access levels for different user roles and update project creation logic to set the creator as the project owner. Enhance error handling in createDefaultProject method in App.vue to provide more informative alerts based on specific error conditions.

fr4iser90 · fr4iser90 · commit 9326a7e1c463 · 2025-05-13T09:22:58.000+02:00
diff --git a/backend/core/views.py b/backend/core/views.py
@@ -40,24 +40,28 @@ class ProjectViewSet(viewsets.ModelViewSet):
     permission_classes = [IsAuthenticated] # Default for list and create
 
     def get_permissions(self):
-        if self.action == 'retrieve':
-            # For retrieve, user must be at least a viewer
-            return [IsAuthenticated(), IsProjectViewerOrHigher()]
-        elif self.action in ['update', 'partial_update', 'destroy']:
-            # For modifications, user must be a manager or owner
-            return [IsAuthenticated(), IsProjectManager()]
-        # For list, create, and other actions, IsAuthenticated is sufficient
-        # as get_queryset and perform_create handle specifics.
+        """
+        Instantiates and returns the list of permissions that this view requires.
+        Owners/Managers can do anything. Developers can read. Authenticated users can list/create.
+        """
+        if self.action in ['list', 'create']:
+            self.permission_classes = [permissions.IsAuthenticated] # Any authenticated user can list or create projects
+        elif self.action in ['retrieve', 'update', 'partial_update', 'destroy']:
+            # For specific project instances, check if user is owner or manager
+            self.permission_classes = [permissions.IsAuthenticated, IsProjectOwner]
+        else:
+            # Default to deny all for any other actions
+            self.permission_classes = [permissions.DenyAll]
         return super().get_permissions()
 
     def perform_create(self, serializer):
-        project = serializer.save(owner=self.request.user)
-        # Automatically make the creator a 'manager' of the project
-        ProjectMembership.objects.create(
-            user=self.request.user,
-            project=project,
-            role=ProjectMembership.Role.MANAGER
-        )
+        """Ensure the user creating the project is set as its owner."""
+        project = serializer.save(owner=self.request.user) # Pass owner directly
+        # Create a ProjectMembership for the creator as 'owner'
+        ProjectMembership.objects.create(user=self.request.user, project=project, role='owner')
+        # The direct owner field on the project model is now set by serializer.save()
+        # project.owner = self.request.user # This line is no longer strictly needed if owner is passed in save
+        # project.save() # And this save is also not needed as the first save includes the owner
 
     def get_queryset(self):
         user = self.request.user
diff --git a/frontend/src/App.vue b/frontend/src/App.vue
@@ -73,19 +73,25 @@ export default {
       this.currentProjectIdForConfigManager = projectId;
     },
     async createDefaultProject() {
-      const PROJECT_API_URL = '/api/v1/core/projects/';
-      console.log('Attempting to create default project...');
       try {
-        const response = await axios.post(PROJECT_API_URL, { name: 'Default Project' });
+        const response = await axios.post('/api/v1/core/projects/', { name: 'Default Project' });
         console.log('Default project created:', response.data);
-        // Trigger project list refresh in ScanRunner
-        if (this.$refs.scanRunner) {
+        alert('Default Project created successfully! The project list will refresh.');
+        // Refresh the project list in ScanRunner, assuming ScanRunner component has a ref and a method to fetch projects
+        if (this.$refs.scanRunner && typeof this.$refs.scanRunner.fetchProjects === 'function') {
           this.$refs.scanRunner.fetchProjects();
+        } else {
+          console.warn('ScanRunner component or fetchProjects method not available.');
+          // Optionally, emit an event that a parent component or global state manager can listen to
+          // this.$root.$emit('projectListShouldRefresh'); // Example if using root instance as event bus
         }
-        alert('Default Project created successfully! The project list will refresh.');
       } catch (error) {
-        console.error('Error creating default project:', error.response || error.message);
-        alert(`Failed to create default project: ${error.response?.data?.detail || error.message}`);
+        console.error('Failed to create default project:', error);
+        if (error.response && error.response.data && error.response.data.name && error.response.data.name[0].includes('project with this name already exists')) {
+          alert('Failed to create default project: A project with the name "Default Project" already exists.');
+        } else {
+          alert('Failed to create default project: Request failed with status code ' + (error.response ? error.response.status : 'unknown'));
+        }
       }
     }
   }
