Skip to content

Commit ffc6bd9

Browse files
keshav-spacekeshav-space
committed
wip2
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
1 parent 6082360 commit ffc6bd9

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

vulnerabilities/api_extension.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333
from vulnerabilities.models import VulnerabilitySeverity
3434
from vulnerabilities.models import Weakness
3535
from vulnerabilities.models import get_purl_query_lookups
36-
from vulnerabilities.throttling import StaffUserRateThrottle
36+
from vulnerabilities.throttling import GroupUserRateThrottle
3737

3838

3939
class SerializerExcludeFieldsMixin:
@@ -259,7 +259,7 @@ class V2PackageViewSet(viewsets.ReadOnlyModelViewSet):
259259
lookup_field = "purl"
260260
filter_backends = (filters.DjangoFilterBackend,)
261261
filterset_class = V2PackageFilterSet
262-
throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
262+
throttle_classes = [GroupUserRateThrottle, AnonRateThrottle]
263263

264264
def get_queryset(self):
265265
return super().get_queryset().with_is_vulnerable().prefetch_related("vulnerabilities")
@@ -345,7 +345,7 @@ class VulnerabilityViewSet(viewsets.ReadOnlyModelViewSet):
345345
lookup_field = "vulnerability_id"
346346
filter_backends = (filters.DjangoFilterBackend,)
347347
filterset_class = V2VulnerabilityFilterSet
348-
throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
348+
throttle_classes = [GroupUserRateThrottle, AnonRateThrottle]
349349

350350
def get_queryset(self):
351351
"""
@@ -381,7 +381,7 @@ class CPEViewSet(viewsets.ReadOnlyModelViewSet):
381381
).distinct()
382382
serializer_class = V2VulnerabilitySerializer
383383
filter_backends = (filters.DjangoFilterBackend,)
384-
throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
384+
throttle_classes = [GroupUserRateThrottle, AnonRateThrottle]
385385
filterset_class = CPEFilterSet
386386

387387
@action(detail=False, methods=["post"])
@@ -420,4 +420,4 @@ class AliasViewSet(viewsets.ReadOnlyModelViewSet):
420420
serializer_class = V2VulnerabilitySerializer
421421
filter_backends = (filters.DjangoFilterBackend,)
422422
filterset_class = AliasFilterSet
423-
throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
423+
throttle_classes = [GroupUserRateThrottle, AnonRateThrottle]

vulnerabilities/throttling.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,11 @@ def allow_request(self, request, view):
2222
if user.is_superuser or user.is_staff:
2323
return True
2424

25-
if user.groups.filter(name="gold").exists():
25+
user_groups = user.groups.all()
26+
if any([group.name == "gold" for group in user_groups]):
2627
return True
2728

28-
if user.groups.filter(name="silver").exists():
29+
if any([group.name == "silver" for group in user_groups]):
2930
self.scope = "silver"
3031

3132
self.rate = self.THROTTLE_RATES.get(self.scope)

0 commit comments

Comments
 (0)