From 7ee3e390a6111b759b4ae755c7c0154e2f346646 Mon Sep 17 00:00:00 2001
From: youichiro <cinnamon416@gmail.com>
Date: Wed, 18 Aug 2021 21:33:58 +0900
Subject: [PATCH] filter by role in the confirm API

---
 backend/api/views/example_state.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/api/views/example_state.py b/backend/api/views/example_state.py
index 38a82217..2badef76 100644
--- a/backend/api/views/example_state.py
+++ b/backend/api/views/example_state.py
@@ -2,7 +2,7 @@ from django.shortcuts import get_object_or_404
 from rest_framework import generics
 from rest_framework.permissions import IsAuthenticated
 
-from ..models import Example, ExampleState, Project
+from ..models import Example, ExampleState, Project, RoleMapping
 from ..permissions import IsInProjectOrAdmin
 from ..serializers import ExampleStateSerializer
 
@@ -20,6 +20,9 @@ class ExampleStateList(generics.ListCreateAPIView):
         queryset = ExampleState.objects.filter(example=self.kwargs['example_id'])
         if self.can_confirm_per_user:
             queryset = queryset.filter(confirmed_by=self.request.user)
+        current_user_role = RoleMapping.objects.get(user_id=self.request.user.id, project_id=self.kwargs['project_id']).role
+        ids = [q.id for q in queryset if q.confirmed_user_role == current_user_role]
+        queryset = queryset.filter(id__in=ids)
         return queryset
 
     def perform_create(self, serializer):