improve permissions and remove old PreprintInstitutionsList

CenterForOpenScience · Jul 5, 2024 · 27db54a · 27db54a
1 parent 3a7bbb0
commit 27db54a
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 44 deletions.
diff --git a/api/base/permissions.py b/api/base/permissions.py
@@ -9,6 +9,7 @@
 from framework.auth.cas import CasResponse
 
 from osf.models import ApiOAuth2Application, ApiOAuth2PersonalToken
+from osf.utils import permissions as osf_permissions
 from website.util.sanitize import is_iterable_but_not_string
 from api.base.utils import get_user_auth
 
@@ -170,6 +171,6 @@ def has_object_permission(self, request, view, obj):
  if request.method in permissions.SAFE_METHODS:
  return resource.is_public or resource.can_view(auth)
  else:
- return resource.has_permission(auth.user, 'write')
+ return resource.has_permission(auth.user, osf_permissions.WRITE)
 
 
diff --git a/api/preprints/permissions.py b/api/preprints/permissions.py
@@ -138,18 +138,3 @@ def has_object_permission(self, request, view, obj):
  raise exceptions.PermissionDenied(detail='Withdrawn preprints may not be edited')
  return True
  raise exceptions.NotFound
-
-
-class PreprintInstitutionPermission(permissions.BasePermission):
- def has_object_permission(self, request, view, obj):
- if obj.is_public:
- return True
-
- auth = get_user_auth(request)
- if not auth.user:
- return False
-
- if request.method in permissions.SAFE_METHODS:
- return obj.has_permission(auth.user, 'read')
- else:
- return obj.has_permission(auth.user, 'write')
diff --git a/api/preprints/views.py b/api/preprints/views.py
@@ -58,7 +58,6 @@
  AdminOrPublic,
  ContributorDetailPermissions,
  PreprintFilesPermissions,
- PreprintInstitutionPermission,
 )
 from api.nodes.permissions import ContributorOrPublic
 from api.base.permissions import WriteOrPublicForRelationshipInstitutions
@@ -68,7 +67,6 @@
 from api.subjects.views import BaseResourceSubjectsList
 from api.base.metrics import PreprintMetricsViewMixin
 from osf.metrics import PreprintDownload, PreprintView
-from api.institutions.serializers import InstitutionSerializer
 
 
 class PreprintMixin(NodeMixin):
@@ -625,32 +623,6 @@ def get_queryset(self):
  return self.get_queryset_from_request()
 
 
-class PreprintInstitutionsList(JSONAPIBaseView, generics.ListAPIView, ListFilterMixin, PreprintMixin):
- """The documentation for this endpoint can be found [here](https://developer.osf.io/#operation/preprint_institutions_list).
- """
- permission_classes = (
- drf_permissions.IsAuthenticatedOrReadOnly,
- base_permissions.TokenHasScope,
- PreprintInstitutionPermission,
- )
-
- required_read_scopes = [CoreScopes.PREPRINTS_READ, CoreScopes.INSTITUTION_READ]
- required_write_scopes = [CoreScopes.NULL]
- serializer_class = InstitutionSerializer
-
- model = Institution
- view_category = 'preprints'
- view_name = 'preprints-institutions'
-
- ordering = ('-id',)
-
- def get_resource(self):
- return self.get_preprint()
-
- def get_queryset(self):
- return self.get_resource().affiliated_institutions.all()
-
-
 class PreprintInstitutionsRelationshipList(JSONAPIBaseView, generics.RetrieveUpdateDestroyAPIView, generics.CreateAPIView, PreprintMixin):
  """ """
  permission_classes = (