From 3756a53915b58ee0d60ce34b97f6a9c10d82eab5 Mon Sep 17 00:00:00 2001
From: Julian Gonggrijp <dev@juliangonggrijp.com>
Date: Thu, 29 Jul 2021 17:13:11 +0200
Subject: [PATCH] Restrict semantic query API listing to user's own (#486 #163)

---
 backend/items/views.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/backend/items/views.py b/backend/items/views.py
index 8728035e..3940984a 100644
--- a/backend/items/views.py
+++ b/backend/items/views.py
@@ -315,6 +315,13 @@ class SemanticQueryViewSet(
 ):
     queryset = SemanticQuery.objects.all()
 
+    def get_queryset(self):
+        if self.action == 'list':
+            if self.request.user.is_anonymous:
+                return self.queryset.none()
+            return self.queryset.filter(creator=self.request.user)
+        return self.queryset
+
     def get_serializer_class(self):
         if self.action == 'retrieve':
             return SemanticQuerySerializerFull