From 5c4d435b9482d7a76d11d623b4d6a1fcc242f925 Mon Sep 17 00:00:00 2001
From: Helder Souza <42891390+helllllllder@users.noreply.github.com>
Date: Mon, 30 Oct 2023 17:48:33 -0300
Subject: [PATCH] feat: fix permission on the retrieve history endpoint (#306)

---
 chats/apps/history/views/permissions.py |  3 +--
 chats/apps/queues/models.py             |  3 +++
 chats/apps/rooms/models.py              | 11 +++++++++++
 chats/apps/sectors/models.py            |  3 +++
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/chats/apps/history/views/permissions.py b/chats/apps/history/views/permissions.py
index f61f6626..2e3a97fc 100644
--- a/chats/apps/history/views/permissions.py
+++ b/chats/apps/history/views/permissions.py
@@ -17,7 +17,6 @@ def has_object_permission(self, request, view, obj) -> bool:
         if isinstance(request.user, AnonymousUser):
             return False
         try:
-            perm = obj.get_permission(request.user)
+            return obj.can_retrieve(request.user)
         except ProjectPermission.DoesNotExist:
             return False
-        return perm.is_admin
diff --git a/chats/apps/queues/models.py b/chats/apps/queues/models.py
index 40420460..658ddc3c 100644
--- a/chats/apps/queues/models.py
+++ b/chats/apps/queues/models.py
@@ -76,6 +76,9 @@ def available_agents(self):
             "active_rooms_count"
         )
 
+    def is_agent(self, user):
+        return self.authorizations.filter(permission__user=user).exists()
+
     def get_or_create_user_authorization(self, user):
         sector_auth, created = self.authorizations.get_or_create(permission__user=user)
         return sector_auth
diff --git a/chats/apps/rooms/models.py b/chats/apps/rooms/models.py
index 5eb48c73..7e766778 100644
--- a/chats/apps/rooms/models.py
+++ b/chats/apps/rooms/models.py
@@ -93,6 +93,17 @@ def get_permission(self, user):
         except ObjectDoesNotExist:
             return None
 
+    def can_retrieve(self, user):
+        permission = self.get_permission(user)
+        if not permission:
+            return False
+        if permission.is_admin:
+            return True
+        if user == self.user:
+            return True
+
+        return self.queue.is_agent(user) or self.queue.sector.is_manager(user)
+
     def get_is_waiting(self):
         """If the room does not have any contact message, then it is waiting"""
         check_messages = (
diff --git a/chats/apps/sectors/models.py b/chats/apps/sectors/models.py
index 30af5435..dda76f07 100644
--- a/chats/apps/sectors/models.py
+++ b/chats/apps/sectors/models.py
@@ -196,6 +196,9 @@ def is_attending(self, created_on):
 
         return start.time() < created_on.time() < end.time()
 
+    def is_manager(self, user):
+        return self.authorizations.filter(permission__user=user).exists()
+
     def get_or_create_user_authorization(self, user):
         sector_auth, created = self.authorizations.get_or_create(user=user)