From 28039cc6e4a7b9ad2e631c8ce88bc90fb0a9a826 Mon Sep 17 00:00:00 2001 From: saadmk11 Date: Wed, 13 Nov 2019 17:48:42 +0600 Subject: [PATCH 1/2] Show only users projects in the APIv3 browseable form --- readthedocs/api/v3/serializers.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/readthedocs/api/v3/serializers.py b/readthedocs/api/v3/serializers.py index 5b3361259ef..004dad5ff65 100644 --- a/readthedocs/api/v3/serializers.py +++ b/readthedocs/api/v3/serializers.py @@ -526,7 +526,7 @@ class SubprojectCreateSerializer(FlexFieldsModelSerializer): child = serializers.SlugRelatedField( slug_field='slug', - queryset=Project.objects.all(), + queryset=Project.objects.none(), ) class Meta: @@ -545,6 +545,9 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) + user = self.context['request'].user + self.fields['child'].queryset = user.projects.all() + def validate_child(self, value): # Check the user is maintainer of the child project user = self.context['request'].user From 279668ecf6a72bb8c7625bcc42b164cea0b421a2 Mon Sep 17 00:00:00 2001 From: saadmk11 Date: Thu, 14 Nov 2019 16:26:29 +0600 Subject: [PATCH 2/2] Added TODO --- readthedocs/api/v3/serializers.py | 1 + 1 file changed, 1 insertion(+) diff --git a/readthedocs/api/v3/serializers.py b/readthedocs/api/v3/serializers.py index 004dad5ff65..8ef11514ecb 100644 --- a/readthedocs/api/v3/serializers.py +++ b/readthedocs/api/v3/serializers.py @@ -546,6 +546,7 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) user = self.context['request'].user + # TODO: Filter projects using project restrictions for subproject. self.fields['child'].queryset = user.projects.all() def validate_child(self, value):