diff --git a/src/newsreader/news/core/endpoints.py b/src/newsreader/news/core/endpoints.py index 184515b..39a8ecb 100644 --- a/src/newsreader/news/core/endpoints.py +++ b/src/newsreader/news/core/endpoints.py @@ -1,3 +1,4 @@ +from django.db.models import Prefetch from rest_framework import status from rest_framework.generics import ( GenericAPIView, @@ -11,6 +12,7 @@ from rest_framework.response import Response from newsreader.accounts.permissions import IsPostOwner from newsreader.core.pagination import CursorPagination +from newsreader.news.collection.models import CollectionRule from newsreader.news.collection.serializers import RuleSerializer from newsreader.news.core.filters import ReadFilter, SavedFilter from newsreader.news.core.models import Category, Post @@ -63,10 +65,9 @@ class NestedRuleCategoryView(ListAPIView): class NestedPostCategoryView(ListAPIView): - queryset = Category.objects.prefetch_related("rules", "rules__posts").all() serializer_class = PostSerializer pagination_class = CursorPagination - filter_backends = [ReadFilter] + filter_backends = [ReadFilter] # TODO: remove read filter usage def get_queryset(self): lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field @@ -75,13 +76,18 @@ class NestedPostCategoryView(ListAPIView): # filtered on the user. filter_kwargs = {self.lookup_field: self.kwargs[lookup_url_kwarg]} - category = get_object_or_404(self.queryset, **filter_kwargs) + rules_queryset = CollectionRule.objects.filter(user=self.request.user) + prefetch = Prefetch("rules", queryset=rules_queryset, to_attr="user_rules") + category_queryset = ( + Category.objects + .prefetch_related(prefetch) + .filter(user=self.request.user) + ) + category = get_object_or_404(category_queryset, **filter_kwargs) + self.check_object_permissions(self.request, category) - rules = category.rules.values_list("id", flat=True) - queryset = Post.objects.filter(rule__in=rules) - - return queryset + return Post.objects.filter(rule__in=category.user_rules, read=False) class CategoryReadView(GenericAPIView):