From 2bea7add6c36563d48f98595e6b3d4c66d38ea60 Mon Sep 17 00:00:00 2001
From: Samuel Gaist <samuel.gaist@idiap.ch>
Date: Fri, 24 Apr 2020 10:48:49 +0200
Subject: [PATCH] [search][api] Move from permissions mixin to use permissions

---
 beat/web/search/api.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/beat/web/search/api.py b/beat/web/search/api.py
index 01f005e27..5953f2b2c 100644
--- a/beat/web/search/api.py
+++ b/beat/web/search/api.py
@@ -38,7 +38,7 @@ from django.utils import six
 
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework import permissions
+from rest_framework import permissions as drf_permissions
 from rest_framework import generics
 from rest_framework import status
 
@@ -49,12 +49,12 @@ from ..experiments.models import Experiment
 from ..toolchains.models import Toolchain
 
 from ..common.models import Shareable
-from ..common.mixins import IsAuthorOrReadOnlyMixin
 from ..common.api import ShareView
 from ..common.utils import ensure_html
 from ..common.responses import BadRequestResponse
 from ..common.mixins import CommonContextMixin, SerializerFieldsMixin
 from ..common.utils import py3_cmp
+from ..common import permissions as beat_permissions
 
 from ..ui.templatetags.gravatar import gravatar_hash
 
@@ -86,7 +86,7 @@ class SearchView(APIView):
 
     """
 
-    permission_classes = [permissions.AllowAny]
+    permission_classes = [drf_permissions.AllowAny]
 
     FILTER_IEXACT = 0
     FILTER_ICONTAINS = 1
@@ -555,7 +555,7 @@ class SearchSaveView(
     """
 
     model = Search
-    permission_classes = [permissions.IsAuthenticated]
+    permission_classes = [drf_permissions.IsAuthenticated]
     serializer_class = SearchWriteSerializer
 
     def build_results(self, request, search):
@@ -599,7 +599,7 @@ class ListSearchView(CommonContextMixin, generics.ListAPIView):
     Lists all available search from a user
     """
 
-    permission_classes = [permissions.AllowAny]
+    permission_classes = [drf_permissions.AllowAny]
     serializer_class = SearchSerializer
 
     def get_queryset(self):
@@ -615,10 +615,7 @@ class ListSearchView(CommonContextMixin, generics.ListAPIView):
 
 
 class RetrieveDestroySearchAPIView(
-    CommonContextMixin,
-    SerializerFieldsMixin,
-    IsAuthorOrReadOnlyMixin,
-    generics.RetrieveDestroyAPIView,
+    CommonContextMixin, SerializerFieldsMixin, generics.RetrieveDestroyAPIView
 ):
     """
     Delete the given search
@@ -626,6 +623,7 @@ class RetrieveDestroySearchAPIView(
 
     model = Search
     serializer_class = SearchSerializer
+    permission_classes = [beat_permissions.IsAuthorOrReadOnly]
 
     def get_object(self):
         author_name = self.kwargs.get("author_name")
@@ -639,6 +637,8 @@ class RetrieveDestroySearchAPIView(
 
     def get(self, request, *args, **kwargs):
         search = self.get_object()
+        self.check_object_permissions(request, search)
+
         # Process the query string
         allow_sharing = request.user == search.author
 
@@ -659,7 +659,7 @@ class ShareSearchView(ShareView):
     """
 
     model = Search
-    permission_classes = [permissions.AllowAny]
+    permission_classes = [drf_permissions.AllowAny]
 
     def get_queryset(self):
         self.kwargs["version"] = 1
-- 
GitLab