Fix PassUserMixin not properly being used in DocumentViewSet

diff --git a/src/documents/tests/test_api.py b/src/documents/tests/test_api.py
index e8c6dee7c4b4248cbaf1c8416f4fa303a3736c52..29829c8ab4ad12dfcf595e76cfa6a70657ad309f 100644 (file)
--- a/src/documents/tests/test_api.py
+++ b/src/documents/tests/test_api.py
@@ -3533,9 +3533,28 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
         )
 
     def test_dynamic_permissions_fields(self):
+        user1 = User.objects.create_user(username="user1")
+        user1.user_permissions.add(*Permission.objects.filter(codename="view_document"))
+        user2 = User.objects.create_user(username="user2")
+
         Document.objects.create(title="Test", content="content 1", checksum="1")
+        doc2 = Document.objects.create(
+            title="Test2",
+            content="content 2",
+            checksum="2",
+            owner=user2,
+        )
+        doc3 = Document.objects.create(
+            title="Test3",
+            content="content 3",
+            checksum="3",
+            owner=user2,
+        )
+
+        assign_perm("view_document", user1, doc2)
+        assign_perm("view_document", user1, doc3)
+        assign_perm("change_document", user1, doc3)
 
-        user1 = User.objects.create_superuser(username="test1")
         self.client.force_authenticate(user1)
 
         response = self.client.get(
@@ -3549,6 +3568,9 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
 
         self.assertNotIn("permissions", resp_data["results"][0])
         self.assertIn("user_can_change", resp_data["results"][0])
+        self.assertEqual(resp_data["results"][0]["user_can_change"], True)  # doc1
+        self.assertEqual(resp_data["results"][1]["user_can_change"], False)  # doc2
+        self.assertEqual(resp_data["results"][2]["user_can_change"], True)  # doc3
 
         response = self.client.get(
             "/api/documents/?full_perms=true",

diff --git a/src/documents/views.py b/src/documents/views.py
index 0b450c3b30c354b8532468c5632964e363deb6b1..bfe2b3e6fee7453321cb46ccdec54341064cc114 100644 (file)
--- a/src/documents/views.py
+++ b/src/documents/views.py
@@ -270,11 +270,9 @@ class DocumentViewSet(
         return Document.objects.distinct().annotate(num_notes=Count("notes"))
 
     def get_serializer(self, *args, **kwargs):
-        super().get_serializer(*args, **kwargs)
         fields_param = self.request.query_params.get("fields", None)
         fields = fields_param.split(",") if fields_param else None
         truncate_content = self.request.query_params.get("truncate_content", "False")
-        serializer_class = self.get_serializer_class()
         kwargs.setdefault("context", self.get_serializer_context())
         kwargs.setdefault("fields", fields)
         kwargs.setdefault("truncate_content", truncate_content.lower() in ["true", "1"])
@@ -282,7 +280,7 @@ class DocumentViewSet(
             "full_perms",
             self.request.query_params.get("full_perms", False),
         )
-        return serializer_class(*args, **kwargs)
+        return super().get_serializer(*args, **kwargs)
 
     def update(self, request, *args, **kwargs):
         response = super().update(request, *args, **kwargs)