fix: quiblet api permission for accessing resource

stabldev · stabldev · commit b01ae1090a6e · 2024-12-08T19:58:47.000+05:30
diff --git a/backend/apps/quiblet/api/v1/permissions.py b/backend/apps/quiblet/api/v1/permissions.py
@@ -6,11 +6,11 @@ class IsRangerOrReadOnly(BasePermission):
     Custom permission to allow only rangers of a Quiblet to edit it.
     """
 
-    def has_object_permission(self, request, view, obj):  # type: ignore
+    def has_permission(self, request, view):  # type: ignore
         if request.method in SAFE_METHODS:
             return True
 
-        if request.user and request.user.is_authenticated:
-            return obj.rangers.filter(id=request.user_profile.id).exists()
-        else:
-            return False
+        return request.user and request.user.is_authenticated
+
+    def has_object_permission(self, request, view, obj):  # type: ignore
+        return obj.rangers.filter(id=request.user_profile.id).exists()
diff --git a/backend/apps/quiblet/api/v1/viewsets.py b/backend/apps/quiblet/api/v1/viewsets.py
@@ -12,5 +12,8 @@ class QuibletViewSet(ModelViewSet):
     permission_classes = (IsRangerOrReadOnly,)
 
     def perform_create(self, serializer):
-        quibber = self.request.user_profile  # type: ignore
-        serializer.save(quibber=quibber)
+        creator = self.request.user_profile  # type: ignore
+
+        quiblet = serializer.save()
+        quiblet.members.add(creator)
+        quiblet.rangers.add(creator)
