feat: fix permission on the retrieve history endpoint (#306)

chats/apps/history/views/permissions.py

@@ -17,7 +17,6 @@ def has_object_permission(self, request, view, obj) -> bool:
         if isinstance(request.user, AnonymousUser):
             return False
         try:
-            perm = obj.get_permission(request.user)
+            return obj.can_retrieve(request.user)
         except ProjectPermission.DoesNotExist:
             return False
-        return perm.is_admin

chats/apps/queues/models.py

@@ -76,6 +76,9 @@ def available_agents(self):
             "active_rooms_count"
         )
 
+    def is_agent(self, user):
+        return self.authorizations.filter(permission__user=user).exists()
+
     def get_or_create_user_authorization(self, user):
         sector_auth, created = self.authorizations.get_or_create(permission__user=user)
         return sector_auth

chats/apps/rooms/models.py

@@ -93,6 +93,17 @@ def get_permission(self, user):
         except ObjectDoesNotExist:
             return None
 
+    def can_retrieve(self, user):
+        permission = self.get_permission(user)
+        if not permission:
+            return False
+        if permission.is_admin:
+            return True
+        if user == self.user:
+            return True
+
+        return self.queue.is_agent(user) or self.queue.sector.is_manager(user)
+
     def get_is_waiting(self):
         """If the room does not have any contact message, then it is waiting"""
         check_messages = (

chats/apps/sectors/models.py

@@ -196,6 +196,9 @@ def is_attending(self, created_on):
 
         return start.time() < created_on.time() < end.time()
 
+    def is_manager(self, user):
+        return self.authorizations.filter(permission__user=user).exists()
+
     def get_or_create_user_authorization(self, user):
         sector_auth, created = self.authorizations.get_or_create(user=user)