feat(import) : add method to Destination to filter by a user's permis…

…sion + change GET route /destinations/

backend/geonature/core/imports/models.py

@@ -2,6 +2,7 @@
 from collections.abc import Mapping
 import re
 from typing import Iterable, List
+from geonature.core.gn_permissions.models import PermAction, Permission
 from packaging import version
 
 from flask import g
@@ -22,6 +23,7 @@
 else:  # retro-compatibility Flask-SQLAlchemy 2
     from flask_sqlalchemy import BaseQuery as Query
 
+from utils_flask_sqla.models import qfilter
 from utils_flask_sqla.serializers import serializable
 
 from geonature.utils.env import db
@@ -149,6 +151,22 @@ def actions(self):
             """
             raise AttributeError(f"Is your module of type '{self.module.type}' installed?") from exc
 
+    @staticmethod
+    def filter_by_permissions(user: User):
+
+        action_create = db.session.scalar(
+            sa.select(PermAction.id_action).where(PermAction.code_action == "C"),
+        )
+        query = sa.select(Destination).where(
+            sa.or_(
+                Permission.id_role == user.id_role,
+                Permission.role.has(User.members.any(User.id_role == user.id_role)),
+            ),
+            Permission.id_module == Destination.id_module,
+            Permission.id_action == action_create,
+        )
+        return db.session.scalars(query).all()
+
 
 @serializable
 class BibThemes(db.Model):

backend/geonature/core/imports/routes/__init__.py

@@ -5,14 +5,14 @@
 from geonature.core.imports.schemas import DestinationSchema
 from geonature.core.imports.blueprint import blueprint
 from geonature.utils.env import db
+from flask_login import current_user
 
 
 @blueprint.route("/destinations/", methods=["GET"])
 @login_required
 def list_destinations():
     schema = DestinationSchema()
-    destinations = Destination.query.all()
-    # FIXME: filter with C permissions?
+    destinations = Destination.filter_by_permissions(current_user)
     return schema.dump(destinations, many=True)