From 0d9940297b69a8510cc56f2b2fdb0d85328cc99e Mon Sep 17 00:00:00 2001
From: Hironsan <light.tree.1.13@gmail.com>
Date: Tue, 31 Jul 2018 16:28:10 +0900
Subject: [PATCH] Add project permission

---
 app/db.sqlite3      | Bin 258048 -> 258048 bytes
 app/server/views.py |  18 +++++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/app/db.sqlite3 b/app/db.sqlite3
index 769bddc9a760f2ab6de1584e21a3c0fb7fb79d2e..3f2a393a8b31af6059b17d386a77c4f9225918ec 100644
GIT binary patch
delta 973
zcmaiyPiz!b9LL|E=`h=!dA}{RVxZckE-E4I&P;c9XO>i5Fp$`kpb2Ot&F;3-ZFkrG
z!!8SjQVNxNRIrEPwwRD!NL1L6i5HOq2QOw%?L`VUkO0LC5+G=TZw=AF#dmm@Uq0XO
z?|t9**iATg6Hczj)l==;aP@rRn~wGD0g~Bi0q#OO%)uqlnG11<vC}|m?fwPU21k((
zmq$tmMoRHwsgQYfEj6(7TMD<nDYg>Yh3!l-KU#<<?OZw^|Ew@-DPG!vla>8r@e1e2
zY%JI-z)8ev)4}P4L|7d`iq&fy)T?aj_!^?1<C|hqo1#dbm{J_d+9^F=9!u&*IH0MG
z6WCweX@z!;?%5R{{WMTYr^=CiBWCCWy>Hk)nEq(s(C%!gxHVW9AMg86-)4MV=^IGy
z2yPz8_Ufu;cBzrB9?h>tqIx)LXx%-Qs#|KdGF0HxwJ(l)jP8i8S&`6es+v(a5s9is
zx2_tRHhaDLmPB9$!9!T7wIpu9D-vzP4ISd8uX)DOr9!@(%qulqeAaQHF4RSfokQ%r
zBb~vY5O&T@oWVPo+(a>Mwi>r!y6(5QA5)9na#nqh3zXeuZi|m(nRE0R3A^hq;d}2j
zi?E2`Pwu*SQ6@iwv`WAj6Cye{fNbQ`B?N!LBUo}}AE|@bP$r^#tAqG`J`olWJcU2t
zKHP>SSm1llgCvRqYDl<C?~*tCUga`sk|z*MvG-j$K`tr+Lg;hnT8>OPmviKu)z8!8
zacJFPlmCh7wB$*`eV8Xcje9INHh2sV;CHwK%iQCaf7iJ49clkb7Q7N-^U4W%yH~1d
z{wK|EPj3;L`cE{)h9kp6wymea<NL;pp>n!Mt(3!uE1I6s52PyxHCLUW5@!GXL?omc
z?)D?}M=A@DL+~}Ykb_^j=^z9Gv>*SUqI2piTITEwf@Qb@XJLl36>w&%)VJnEAK`Tx
z!%k+Bu5;(BbgSAb$#V!C7-T;vE6Nv2uR`TH{+=&oX|Lr$5X8G3V-c(W)V|y~I5|1k
z{89s-XBZ0c5KWG>c{XEDOmDPk??h+PwnyyFsDFZ!!b@a0%FAi$rXDig-s|+r>c0Ur
CDi6c}

delta 646
zcmah_OH31C5dI&#*vIZat0EFXTOvjcQM#43fT?DE;EBYe2T5BjMH;%bZLAm+NCht@
zLh0e>R!oRTUk&-=1rbgr9(ppG@X}y{N;oJnMvb^$OguT6xqS0|GxN>R3Jk5lSPd@Z
zYft0C<M2IK4Jb%q6B2xYU2q?s!2lBw0)tJk&!t-TD<)U(rasKy#&D%yh6ZG}XS&ka
zN<xp|Xgp$eCqt2FqQ?yNCc6VLhN|$Nc2_!-=}LL6ikN1>Xbeh<le$W|#$31pLkvNz
zv^{(g3bA5b^|k8WR<HkPvlX7gV)392!zQxQVR6<#b<(}|%RT9&nTeQc318WAJt<3N
zDZm8cj!Aq$L?`h%mY>vwc!1k64X_Qq?Ga9v>O6f+Y|P*)!zRNrf*-Is&BzPLpLg(O
zAO|dT6~RyVDwsyf7Hku%F5=dh3`+>U!xvbG_poGL@e;(+NwVMVWGN&o{Rjrt=RygS
zX_cQb$qBxdAZPiV1W|b9AgQw>gl;t$hT6h^nZ(E0C;|R@fK>61N#fvd?h>uSqU2Gd
z*ffcz3u%_DfmnY?s%I6dv>`U94l8X=TS<3+a~#SYm*n<g+30M}_9kM9KxZ`Dq&Kx>
zb<>x*)R*yH>q+^e`t@VN(@$-f{e5SP?hW`w+YLHH6$;}B#zDXWELeUzpuV2A<Nr<M
z`B9p&v{MM)!8}aCh^4&>e56RVo&WBU_E7`#_)WS;%oXV=k5-`u5pd{WPt{NAZ8d0l
MIjoA{BAwsy8zhOwvj6}9

diff --git a/app/server/views.py b/app/server/views.py
index 3ebb93be..ec2c2b63 100644
--- a/app/server/views.py
+++ b/app/server/views.py
@@ -39,11 +39,10 @@ class ProjectAdminView(LoginRequiredMixin, DetailView):
     template_name = 'project_admin.html'
 
 
-class ProjectsView(ListView):
+class ProjectsView(LoginRequiredMixin, ListView):
     model = Project
     paginate_by = 100
     template_name = 'projects.html'
-    permission_classes = (IsAuthenticated,)
 
 
 class RawDataAPI(View):
@@ -86,11 +85,24 @@ class ProjectViewSet(viewsets.ModelViewSet):
         return Response({'total': total, 'remaining': remaining})
 
 
+from rest_framework import permissions
+
+
+class ProjectPermission(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        user = request.user
+        project_id = view.kwargs.get('project_id')
+        project = get_object_or_404(Project, pk=project_id)
+
+        return user in project.users.all()
+
+
 class ProjectLabelsAPI(generics.ListCreateAPIView):
     queryset = Label.objects.all()
     serializer_class = LabelSerializer
     pagination_class = None
-    permission_classes = (IsAuthenticated,)
+    permission_classes = (IsAuthenticated, ProjectPermission)
 
     def get_queryset(self):
         project_id = self.kwargs['project_id']