From 5ef840f172483f113f85cb3df0e1e0c89b3ae18d Mon Sep 17 00:00:00 2001
From: mpeltriaux <michel.peltriaux@sgdnord.rlp.de>
Date: Tue, 21 May 2024 11:54:06 +0200
Subject: [PATCH] # 404 Extend API

* extends API shared record access with team based sharing
---
 api/utils/serializer/serializer.py      | 17 ++++++++++++++---
 api/utils/serializer/v1/compensation.py |  7 +++++--
 api/utils/serializer/v1/deduction.py    |  7 +++++--
 api/views/v1/views.py                   |  5 -----
 4 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/api/utils/serializer/serializer.py b/api/utils/serializer/serializer.py
index 04a0312..c3096cc 100644
--- a/api/utils/serializer/serializer.py
+++ b/api/utils/serializer/serializer.py
@@ -11,6 +11,7 @@ from abc import abstractmethod
 from django.contrib.gis import geos
 from django.contrib.gis.geos import GEOSGeometry
 from django.core.paginator import Paginator
+from django.db.models import Q
 
 from konova.sub_settings.lanis_settings import DEFAULT_SRID_RLP
 from konova.utils.message_templates import DATA_UNSHARED
@@ -32,8 +33,8 @@ class AbstractModelAPISerializer:
         self.lookup = {
             "id": None,  # must be set
             "deleted__isnull": True,
-            "users__in": [],  # must be set
         }
+        self.shared_lookup = Q()  # must be set, so user or team based share will be used properly
         super().__init__(*args, **kwargs)
 
     @abstractmethod
@@ -76,7 +77,11 @@ class AbstractModelAPISerializer:
         else:
             # Return certain object
             self.lookup["id"] = _id
-        self.lookup["users__in"] = [user]
+
+        self.shared_lookup = Q(
+            Q(users__in=[user]) |
+            Q(teams__in=list(user.shared_teams))
+        )
 
     def fetch_and_serialize(self):
         """ Serializes the model entry according to the given lookup data
@@ -86,7 +91,13 @@ class AbstractModelAPISerializer:
         Returns:
             serialized_data (dict)
         """
-        entries = self.model.objects.filter(**self.lookup).order_by("id")
+        entries = self.model.objects.filter(
+            **self.lookup
+        ).filter(
+            self.shared_lookup
+        ).order_by(
+            "id"
+        ).distinct()
         self.paginator = Paginator(entries, self.rpp)
         requested_entries = self.paginator.page(self.page_number)
 
diff --git a/api/utils/serializer/v1/compensation.py b/api/utils/serializer/v1/compensation.py
index 5b38b4c..81ea46c 100644
--- a/api/utils/serializer/v1/compensation.py
+++ b/api/utils/serializer/v1/compensation.py
@@ -6,6 +6,7 @@ Created on: 24.01.22
 
 """
 from django.db import transaction
+from django.db.models import Q
 
 from api.utils.serializer.v1.serializer import AbstractModelAPISerializerV1, AbstractCompensationAPISerializerV1Mixin
 from compensation.models import Compensation
@@ -21,8 +22,10 @@ class CompensationAPISerializerV1(AbstractModelAPISerializerV1, AbstractCompensa
 
     def prepare_lookup(self, id, user):
         super().prepare_lookup(id, user)
-        del self.lookup["users__in"]
-        self.lookup["intervention__users__in"] = [user]
+        self.shared_lookup = Q(
+            Q(intervention__users__in=[user]) |
+            Q(intervention__teams__in=user.shared_teams)
+        )
 
     def intervention_to_json(self, entry):
         return {
diff --git a/api/utils/serializer/v1/deduction.py b/api/utils/serializer/v1/deduction.py
index c66a212..708b377 100644
--- a/api/utils/serializer/v1/deduction.py
+++ b/api/utils/serializer/v1/deduction.py
@@ -6,6 +6,7 @@ Created on: 28.01.22
 
 """
 from django.core.exceptions import ObjectDoesNotExist
+from django.db.models import Q
 
 from api.utils.serializer.v1.serializer import DeductableAPISerializerV1Mixin, AbstractModelAPISerializerV1
 from compensation.models import EcoAccountDeduction, EcoAccount
@@ -28,9 +29,11 @@ class DeductionAPISerializerV1(AbstractModelAPISerializerV1,
 
         """
         super().prepare_lookup(_id, user)
-        del self.lookup["users__in"]
         del self.lookup["deleted__isnull"]
-        self.lookup["intervention__users__in"] = [user]
+        self.shared_lookup = Q(
+            Q(intervention__users__in=[user]) |
+            Q(intervention__teams__in=user.shared_teams)
+        )
 
     def _model_to_geo_json(self, entry):
         """ Adds the basic data
diff --git a/api/views/v1/views.py b/api/views/v1/views.py
index 8da5d49..5ab9f4b 100644
--- a/api/views/v1/views.py
+++ b/api/views/v1/views.py
@@ -23,11 +23,6 @@ class AbstractAPIViewV1(AbstractAPIView):
     """
 
     def __init__(self, *args, **kwargs):
-        self.lookup = {
-            "id": None,  # must be set in subclasses
-            "deleted__isnull": True,
-            "users__in": [],  # must be set in subclasses
-        }
         super().__init__(*args, **kwargs)
         self.serializer = self.serializer()
 
-- 
2.38.5