diff --git a/backend/secfit/comments/views.py b/backend/secfit/comments/views.py
index 7f9c8438dd71bb8c9cf11d48ebbd9b0880e472a3..84310441fff4de46fc4e3f9ea6a02bbebadc5557 100644
--- a/backend/secfit/comments/views.py
+++ b/backend/secfit/comments/views.py
@@ -1,6 +1,5 @@
from rest_framework import generics, mixins
from rest_framework.filters import OrderingFilter
-from django.db.models import Q
from rest_framework import permissions
from comments.models import Comment, Like
from comments.permissions import IsCommentVisibleToUser
@@ -16,9 +15,11 @@ class CommentList(
HTTP methods: GET, POST
"""
- # queryset = Comment.objects.all()
+ queryset = Comment.objects.all()
serializer_class = CommentSerializer
- permission_classes = [permissions.IsAuthenticated]
+ permission_classes = [
+ permissions.IsAuthenticated & IsCommentVisibleToUser & (IsOwner | IsReadOnly)
+ ]
filter_backends = [OrderingFilter]
ordering_fields = ["timestamp"]
@@ -31,35 +32,6 @@ class CommentList(
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
- def get_queryset(self):
- workout_pk = self.kwargs.get("pk")
- qs = Comment.objects.none()
-
- if workout_pk:
- qs = Comment.objects.filter(workout=workout_pk)
- elif self.request.user:
- """A comment should be visible to the requesting user if any of the following hold:
- - The comment is on a public visibility workout
- - The comment was written by the user
- - The comment is on a coach visibility workout and the user is the workout owner's coach
- - The comment is on a workout owned by the user
- """
- # The code below is kind of duplicate of the one in ./permissions.py
- # We should replace it with a better solution.
- # Or maybe not.
-
- qs = Comment.objects.filter(
- Q(workout__visibility="PU")
- | Q(owner=self.request.user)
- | (
- Q(workout__visibility="CO")
- & Q(workout__owner__coach=self.request.user)
- )
- | Q(workout__owner=self.request.user)
- ).distinct()
-
- return qs
-
# Details of comment
class CommentDetail(
mixins.RetrieveModelMixin,