Skip to content

Commit

Permalink
API V3: Only return notifications for a given organization (#11112)
Browse files Browse the repository at this point in the history
API V3: Only return notifications for given organization

---------

Co-authored-by: Santos Gallegos <[email protected]>
  • Loading branch information
saadmk11 and stsewd authored Feb 14, 2024
1 parent 57c5c8a commit f416445
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 8 deletions.
58 changes: 58 additions & 0 deletions readthedocs/api/v3/tests/test_organizations.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
import django_dynamic_fixture as fixture
from django.contrib.contenttypes.models import ContentType
from django.test import override_settings
from django.urls import reverse
from django.urls.exceptions import NoReverseMatch

from readthedocs.notifications.models import Notification
from readthedocs.organizations.models import Organization
from readthedocs.subscriptions.constants import TYPE_CONCURRENT_BUILDS
from readthedocs.subscriptions.products import RTDProductFeature

Expand Down Expand Up @@ -51,6 +55,38 @@ def test_organizations_notifications_list(self):
self._get_response_dict("organizations-notifications-list"),
)

def test_organizations_notifications_list_only_given_organization(self):
url = reverse(
"organizations-notifications-list",
kwargs={
"parent_lookup_organization__slug": self.organization.slug,
},
)
other_organization = fixture.get(
Organization,
pub_date=self.created,
modified_date=self.modified,
name="other_organization",
slug="other_organization",
owners=[self.me],
)

fixture.get(
Notification,
attached_to_content_type=ContentType.objects.get_for_model(
other_organization
),
attached_to_id=other_organization.pk,
)

self.client.credentials(HTTP_AUTHORIZATION=f"Token {self.token.key}")
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
self.assertDictEqual(
response.json(),
self._get_response_dict("organizations-notifications-list"),
)

def test_organizations_notifications_list_other_user(self):
url = reverse(
"organizations-notifications-list",
Expand Down Expand Up @@ -103,6 +139,28 @@ def test_organizations_notifications_detail(self):
self._get_response_dict("organizations-notifications-detail"),
)

def test_organizations_notifications_detail_other_organization(self):
other_organization = fixture.get(
Organization,
pub_date=self.created,
modified_date=self.modified,
name="new_org",
slug="new_org",
owners=[self.me],
)

url = reverse(
"organizations-notifications-detail",
kwargs={
"parent_lookup_organization__slug": other_organization.slug,
"notification_pk": self.notification_organization.pk,
},
)

self.client.credentials(HTTP_AUTHORIZATION=f"Token {self.token.key}")
response = self.client.get(url)
self.assertEqual(response.status_code, 404)

def test_organizations_notifications_detail_other(self):
url = reverse(
"organizations-notifications-detail",
Expand Down
10 changes: 2 additions & 8 deletions readthedocs/api/v3/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
from rest_framework_extensions.mixins import NestedViewSetMixin

from readthedocs.builds.models import Build, Version
from readthedocs.core.permissions import AdminPermission
from readthedocs.core.utils import trigger_build
from readthedocs.core.utils.extend import SettingsOverrideObject
from readthedocs.notifications.models import Notification
Expand Down Expand Up @@ -679,10 +678,5 @@ class NotificationsOrganizationViewSet(
permission_classes = [IsAuthenticated & IsOrganizationAdmin]

def get_queryset(self):
content_type = ContentType.objects.get_for_model(Organization)
return self.queryset.filter(
attached_to_content_type=content_type,
attached_to_id__in=AdminPermission.organizations(
self.request.user, owner=True, member=False
).values("id"),
)
organization = self._get_parent_organization()
return organization.notifications.all()

0 comments on commit f416445

Please sign in to comment.