improve permissions and remove old PreprintInstitutionsList

api/base/permissions.py

@@ -9,6 +9,7 @@
 from framework.auth.cas import CasResponse
 
 from osf.models import ApiOAuth2Application, ApiOAuth2PersonalToken
+from osf.utils import permissions as osf_permissions
 from website.util.sanitize import is_iterable_but_not_string
 from api.base.utils import get_user_auth
 
@@ -170,6 +171,6 @@ def has_object_permission(self, request, view, obj):
  if request.method in permissions.SAFE_METHODS:
  return resource.is_public or resource.can_view(auth)
  else:
- return resource.has_permission(auth.user, 'write')
+ return resource.has_permission(auth.user, osf_permissions.WRITE)
 
 

api/preprints/permissions.py

@@ -138,18 +138,3 @@ def has_object_permission(self, request, view, obj):
  raise exceptions.PermissionDenied(detail='Withdrawn preprints may not be edited')
  return True
  raise exceptions.NotFound
-
-
-class PreprintInstitutionPermission(permissions.BasePermission):
- def has_object_permission(self, request, view, obj):
- if obj.is_public:
- return True
-
- auth = get_user_auth(request)
- if not auth.user:
- return False
-
- if request.method in permissions.SAFE_METHODS:
- return obj.has_permission(auth.user, 'read')
- else:
- return obj.has_permission(auth.user, 'write')

api/preprints/urls.py

@@ -19,6 +19,5 @@
  re_path(r'^(?P<preprint_id>\w+)/review_actions/$', views.PreprintActionList.as_view(), name=views.PreprintActionList.view_name),
  re_path(r'^(?P<preprint_id>\w+)/requests/$', views.PreprintRequestListCreate.as_view(), name=views.PreprintRequestListCreate.view_name),
  re_path(r'^(?P<preprint_id>\w+)/subjects/$', views.PreprintSubjectsList.as_view(), name=views.PreprintSubjectsList.view_name),
- re_path(r'^(?P<preprint_id>\w+)/institutions/$', views.PreprintInstitutionsList.as_view(), name=views.PreprintInstitutionsList.view_name),
  re_path(r'^(?P<preprint_id>\w+)/relationships/institutions/$', views.PreprintInstitutionsRelationshipList.as_view(), name=views.PreprintInstitutionsRelationshipList.view_name),
 ]

api/preprints/views.py

@@ -41,7 +41,7 @@
  PreprintStorageProviderSerializer,
  PreprintNodeRelationshipSerializer,
  PreprintContributorsCreateSerializer,
- PreprintsInstitutionsRelationshipSerializer
+ PreprintsInstitutionsRelationshipSerializer,
 )
 from api.files.serializers import OsfStorageFileSerializer
 from api.nodes.serializers import (
@@ -58,7 +58,6 @@
  AdminOrPublic,
  ContributorDetailPermissions,
  PreprintFilesPermissions,
- PreprintInstitutionPermission,
 )
 from api.nodes.permissions import ContributorOrPublic
 from api.base.permissions import WriteOrPublicForRelationshipInstitutions
@@ -68,7 +67,6 @@
 from api.subjects.views import BaseResourceSubjectsList
 from api.base.metrics import PreprintMetricsViewMixin
 from osf.metrics import PreprintDownload, PreprintView
-from api.institutions.serializers import InstitutionSerializer
 
 
 class PreprintMixin(NodeMixin):
@@ -625,32 +623,6 @@ def get_queryset(self):
  return self.get_queryset_from_request()
 
 
-class PreprintInstitutionsList(JSONAPIBaseView, generics.ListAPIView, ListFilterMixin, PreprintMixin):
- """The documentation for this endpoint can be found [here](https://developer.osf.io/#operation/preprint_institutions_list).
- """
- permission_classes = (
- drf_permissions.IsAuthenticatedOrReadOnly,
- base_permissions.TokenHasScope,
- PreprintInstitutionPermission,
- )
-
- required_read_scopes = [CoreScopes.PREPRINTS_READ, CoreScopes.INSTITUTION_READ]
- required_write_scopes = [CoreScopes.NULL]
- serializer_class = InstitutionSerializer
-
- model = Institution
- view_category = 'preprints'
- view_name = 'preprints-institutions'
-
- ordering = ('-id',)
-
- def get_resource(self):
- return self.get_preprint()
-
- def get_queryset(self):
- return self.get_resource().affiliated_institutions.all()
-
-
 class PreprintInstitutionsRelationshipList(JSONAPIBaseView, generics.RetrieveUpdateDestroyAPIView, generics.CreateAPIView, PreprintMixin):
  """ """
  permission_classes = (