From ff51403daf230b9a4c7e7530016130431edec545 Mon Sep 17 00:00:00 2001
From: "J.-S. Caux" <J.S.Caux@uva.nl>
Date: Sun, 18 Oct 2020 14:18:12 +0200
Subject: [PATCH] Debug tag functionality

---
 apimail/api/views.py   |  3 +--
 apimail/permissions.py | 16 ++++++++--------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/apimail/api/views.py b/apimail/api/views.py
index 250465d09..6fa4bddd8 100644
--- a/apimail/api/views.py
+++ b/apimail/api/views.py
@@ -225,7 +225,6 @@ class StoredMessageUpdateReadAPIView(UpdateAPIView):
     queryset = StoredMessage.objects.all()
     serializer_class = StoredMessageSerializer
     lookup_field = 'uuid'
-    filter_backends = [StoredMessageFilterBackend,]
 
     def partial_update(self, request, *args, **kwargs):
         instance = self.get_object()
@@ -270,7 +269,7 @@ class StoredMessageUpdateTagAPIView(UpdateAPIView):
     Adds or removes a user tag on a StoredMessage.
     """
 
-    permission_classes = [IsAuthenticated, CanHandleStoredMessage]
+    permission_classes = [IsAuthenticated, CanReadStoredMessage]
     queryset = StoredMessage.objects.all()
     serializer_class = StoredMessageSerializer
     lookup_field = 'uuid'
diff --git a/apimail/permissions.py b/apimail/permissions.py
index e732cc28e..ef0d2a528 100644
--- a/apimail/permissions.py
+++ b/apimail/permissions.py
@@ -33,10 +33,10 @@ class CanHandleStoredMessage(permissions.BasePermission):
         # Check, based on account accesses
         for access in request.user.email_account_accesses.filter(
                 rights=EmailAccountAccess.CRUD):
-            if ((access.account.email == obj.data.sender or
-                 access.account.email in obj.data.recipients)
-                and access.date_from < obj.datetimestamp
-                and access.data_until > obj.datetimestamp):
+            if ((access.account.email == obj.data['sender'] or
+                 access.account.email in obj.data['recipients'])
+                and access.date_from < obj.datetimestamp.date()
+                and access.date_until > obj.datetimestamp.date()):
                 return True
         return False
 
@@ -53,9 +53,9 @@ class CanReadStoredMessage(permissions.BasePermission):
 
         # Check, based on account accesses
         for access in request.user.email_account_accesses.all():
-            if ((access.account.email == obj.data.sender or
-                 access.account.email in obj.data.recipients)
-                and access.date_from < obj.datetimestamp
-                and access.data_until > obj.datetimestamp):
+            if ((access.account.email == obj.data['sender'] or
+                 access.account.email in obj.data['recipients'])
+                and access.date_from < obj.datetimestamp.date()
+                and access.date_until > obj.datetimestamp.date()):
                 return True
         return False
-- 
GitLab