From 199992d584daf6681a95dae90200662b427115df Mon Sep 17 00:00:00 2001
From: Ernesto Rico Schmidt <ernesto@helsinki.at>
Date: Tue, 12 Dec 2023 17:44:23 -0400
Subject: [PATCH] feat: use Django model permissions for Note, RRule, Schedule
 and Timeslot

---
 program/views.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/program/views.py b/program/views.py
index 5ff357b1..c84314c6 100644
--- a/program/views.py
+++ b/program/views.py
@@ -418,6 +418,7 @@ class APIShowViewSet(DisabledObjectPermissionCheckMixin, viewsets.ModelViewSet):
     list=extend_schema(summary="List all rrule."),
 )
 class APIRRuleViewSet(viewsets.ModelViewSet):
+    permission_classes = [permissions.DjangoModelPermissionsOrAnonReadOnly]
     queryset = RRule.objects.all()
     serializer_class = RRuleSerializer
 
@@ -513,10 +514,11 @@ class APIScheduleViewSet(
         "show_pk": "show",
     }
 
+    filterset_class = filters.ScheduleFilterSet
+    pagination_class = LimitOffsetPagination
+    permission_classes = [permissions.DjangoModelPermissionsOrAnonReadOnly]
     queryset = Schedule.objects.all()
     serializer_class = ScheduleSerializer
-    pagination_class = LimitOffsetPagination
-    filterset_class = filters.ScheduleFilterSet
 
     def get_serializer_class(self):
         if self.action in ("create", "update", "partial_update"):
@@ -645,10 +647,11 @@ class APITimeSlotViewSet(
         "schedule_pk": "schedule",
     }
 
-    serializer_class = TimeSlotSerializer
+    filterset_class = filters.TimeSlotFilterSet
     pagination_class = LimitOffsetPagination
+    permission_classes = [permissions.DjangoModelPermissionsOrAnonReadOnly]
     queryset = TimeSlot.objects.all().order_by("-start")
-    filterset_class = filters.TimeSlotFilterSet
+    serializer_class = TimeSlotSerializer
 
     def update(self, request, *args, **kwargs):
         show_pk = get_values(self.kwargs, "show_pk")
@@ -692,10 +695,12 @@ class APINoteViewSet(
         "show_pk": "timeslot__show",
         "timeslot_pk": "timeslot",
     }
+
+    filterset_class = filters.NoteFilterSet
+    pagination_class = LimitOffsetPagination
+    permission_classes = [permissions.DjangoModelPermissionsOrAnonReadOnly]
     queryset = Note.objects.all()
     serializer_class = NoteSerializer
-    pagination_class = LimitOffsetPagination
-    filterset_class = filters.NoteFilterSet
 
     def get_serializer_context(self):
         # the serializer needs the request in the context
-- 
GitLab