Skip to content

Commit

Permalink
Update datasession and dataoperation get permissions to only those th…
Browse files Browse the repository at this point in the history
…e user has access to
  • Loading branch information
Jon committed May 20, 2024
1 parent a874463 commit bcb344d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions datalab/datalab_session/viewsets.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ class DataOperationViewSet(viewsets.ModelViewSet):
serializer_class = DataOperationSerializer

def get_queryset(self):
return DataOperation.objects.filter(session=self.kwargs['session_pk'])
return DataOperation.objects.filter(session=self.kwargs['session_pk'], session__user=self.request.user)

def perform_create(self, serializer):
operation = available_operations().get(serializer.validated_data['name'])(serializer.validated_data['input_data'])
Expand All @@ -30,7 +30,7 @@ class DataSessionViewSet(viewsets.ModelViewSet):
ordering = ('created',)

def get_queryset(self):
return DataSession.objects.all()
return DataSession.objects.filter(user=self.request.user).prefetch_related('operations')

def perform_create(self, serializer):
serializer.save(user=self.request.user)

0 comments on commit bcb344d

Please sign in to comment.