From 179ee772161ab02b23825033043a6edbd2db1bee Mon Sep 17 00:00:00 2001
From: dbessey <daniel.bessey@unistra.fr>
Date: Tue, 10 Sep 2024 16:47:35 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9A=A1=20Remove=20unnecessary=20filters?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

community/pount/pount-api#425
---
 pount/apps/api/tests/api/test_item.py        | 2 +-
 pount/apps/api/tests/api/test_item_export.py | 2 +-
 pount/apps/api/views/item.py                 | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/pount/apps/api/tests/api/test_item.py b/pount/apps/api/tests/api/test_item.py
index 2b2247f4..14b493fb 100644
--- a/pount/apps/api/tests/api/test_item.py
+++ b/pount/apps/api/tests/api/test_item.py
@@ -290,7 +290,7 @@ class ViewItemTest(SetUpMixin, APITestCase):
         user = User.objects.create_user("user")
         self.client.force_login(user)
         response = self.client.get(reverse("item-detail", kwargs={"pk": self.private_item.pk}))
-        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_set_must_be_public_to_view_public_item(self):
         self.public_item.set = self.set
diff --git a/pount/apps/api/tests/api/test_item_export.py b/pount/apps/api/tests/api/test_item_export.py
index eb9aa009..633e9d2d 100644
--- a/pount/apps/api/tests/api/test_item_export.py
+++ b/pount/apps/api/tests/api/test_item_export.py
@@ -108,7 +108,7 @@ class XmlExportTest(SetUpMixin, APITestCase):
     def test_other_project_member_can_not_export_xml(self):
         self.client.force_login(self.project2_member)
         response = self._get_response()
-        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_view_returns_exported_datacite_xml(self):
         self.client.force_login(self.creator)
diff --git a/pount/apps/api/views/item.py b/pount/apps/api/views/item.py
index c17f4174..dbd622e0 100644
--- a/pount/apps/api/views/item.py
+++ b/pount/apps/api/views/item.py
@@ -49,7 +49,8 @@ class ItemViewSet(ThumbnailMixin, viewsets.ModelViewSet):
 
     def get_queryset(self):
         queryset = super().get_queryset()
-        queryset = queryset.is_public_or_user_is_project_member(self.request.user)
+        # There is no need to filter. If the user has access to the set, they can access the items
+        # queryset = queryset.is_public_or_user_is_project_member(self.request.user)
         if self.action == "retrieve":
             # we need the parent objects to determine if it can be shared
             queryset = queryset.select_related("set", "set__project")
-- 
GitLab