| 20 | def decorator(view_func): |
| 21 | @wraps(view_func) |
| 22 | def _wrapped_view(instance, request, *args, **kwargs): |
| 23 | # Check for creator if required |
| 24 | if creator and model: |
| 25 | obj = model.objects.filter(id=kwargs["pk"], created_by=request.user).exists() |
| 26 | if obj: |
| 27 | return view_func(instance, request, *args, **kwargs) |
| 28 | |
| 29 | # Convert allowed_roles to their values if they are enum members |
| 30 | allowed_role_values = [role.value if isinstance(role, ROLE) else role for role in allowed_roles] |
| 31 | |
| 32 | # Check role permissions |
| 33 | if level == "WORKSPACE": |
| 34 | if WorkspaceMember.objects.filter( |
| 35 | member=request.user, |
| 36 | workspace__slug=kwargs["slug"], |
| 37 | role__in=allowed_role_values, |
| 38 | is_active=True, |
| 39 | ).exists(): |
| 40 | return view_func(instance, request, *args, **kwargs) |
| 41 | else: |
| 42 | is_user_has_allowed_role = ProjectMember.objects.filter( |
| 43 | member=request.user, |
| 44 | workspace__slug=kwargs["slug"], |
| 45 | project_id=kwargs["project_id"], |
| 46 | role__in=allowed_role_values, |
| 47 | is_active=True, |
| 48 | ).exists() |
| 49 | |
| 50 | # Return if the user has the allowed role else if they are workspace admin and part of the project regardless of the role # noqa: E501 |
| 51 | if is_user_has_allowed_role: |
| 52 | return view_func(instance, request, *args, **kwargs) |
| 53 | elif ( |
| 54 | ProjectMember.objects.filter( |
| 55 | member=request.user, |
| 56 | workspace__slug=kwargs["slug"], |
| 57 | project_id=kwargs["project_id"], |
| 58 | is_active=True, |
| 59 | ).exists() |
| 60 | and WorkspaceMember.objects.filter( |
| 61 | member=request.user, |
| 62 | workspace__slug=kwargs["slug"], |
| 63 | role=ROLE.ADMIN.value, |
| 64 | is_active=True, |
| 65 | ).exists() |
| 66 | ): |
| 67 | return view_func(instance, request, *args, **kwargs) |
| 68 | |
| 69 | # Return permission denied if no conditions are met |
| 70 | return Response( |
| 71 | {"error": "You don't have the required permissions."}, |
| 72 | status=status.HTTP_403_FORBIDDEN, |
| 73 | ) |
| 74 | |
| 75 | return _wrapped_view |
| 76 | |