diff --git a/api/goods/filters.py b/api/goods/filters.py new file mode 100644 index 0000000000..45cefe7253 --- /dev/null +++ b/api/goods/filters.py @@ -0,0 +1,6 @@ +from rest_framework import filters + + +class GoodFilter(filters.BaseFilterBackend): + def filter_queryset(self, request, queryset, view): + return queryset.filter(good_id=view.kwargs["pk"]) diff --git a/api/goods/permissions.py b/api/goods/permissions.py new file mode 100644 index 0000000000..1f078c0b86 --- /dev/null +++ b/api/goods/permissions.py @@ -0,0 +1,8 @@ +from rest_framework import permissions + +from api.organisations.libraries.get_organisation import get_request_user_organisation_id + + +class IsDocumentInOrganisation(permissions.BasePermission): + def has_object_permission(self, request, view, obj): + return obj.organisation_id == get_request_user_organisation_id(request) diff --git a/api/goods/urls.py b/api/goods/urls.py index 1cda5dc63f..d51dffa0c7 100644 --- a/api/goods/urls.py +++ b/api/goods/urls.py @@ -23,6 +23,11 @@ views.GoodDocumentDetail.as_view(), name="document", ), + path( + "/documents//stream/", + views.GoodDocumentStream.as_view(), + name="document_stream", + ), path( "document_internal_good_on_application//", views.DocumentGoodOnApplicationInternalView.as_view(), diff --git a/api/goods/views.py b/api/goods/views.py index 9bd33c6d69..31452bec87 100644 --- a/api/goods/views.py +++ b/api/goods/views.py @@ -18,9 +18,11 @@ from api.core.authentication import ExporterAuthentication, SharedAuthentication, GovAuthentication from api.core.exceptions import BadRequestError from api.core.helpers import str_to_bool +from api.core.views import DocumentStreamAPIView from api.documents.libraries.delete_documents_on_bad_request import delete_documents_on_bad_request from api.documents.models import Document from api.goods.enums import GoodStatus, GoodPvGraded, ItemCategory +from api.goods.filters import GoodFilter from api.goods.goods_paginator import GoodListPaginator from api.goods.helpers import ( FIREARMS_CORE_TYPES, @@ -31,6 +33,7 @@ from api.goods.libraries.get_goods import get_good, get_good_document from api.goods.libraries.save_good import create_or_update_good from api.goods.models import Good, GoodDocument +from api.goods.permissions import IsDocumentInOrganisation from api.goods.serializers import ( GoodAttachingSerializer, GoodCreateSerializer, @@ -539,6 +542,16 @@ def delete(self, request, pk, doc_pk): return JsonResponse({"document": "deleted success"}) +class GoodDocumentStream(DocumentStreamAPIView): + authentication_classes = (ExporterAuthentication,) + filter_backends = (GoodFilter,) + queryset = GoodDocument.objects.all() + permission_classes = (IsDocumentInOrganisation,) + + def get_document(self, instance): + return instance + + class DocumentGoodOnApplicationInternalView(APIView): authentication_classes = (GovAuthentication,) serializer_class = GoodOnApplicationInternalDocumentCreateSerializer