makeplane · pushya22 · Oct 24, 2024 · Oct 24, 2024 · coderabbitai · Oct 24, 2024
diff --git a/apiserver/plane/app/views/asset/base.py b/apiserver/plane/app/views/asset/base.py
@@ -50,7 +50,7 @@ def delete(self, request, workspace_id, asset_key):
         asset_key = str(workspace_id) + "/" + asset_key
         file_asset = FileAsset.objects.get(asset=asset_key)
         file_asset.is_deleted = True
-        file_asset.save()
+        file_asset.save(update_fields=["is_deleted"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -59,7 +59,7 @@ def restore(self, request, workspace_id, asset_key):
         asset_key = str(workspace_id) + "/" + asset_key
         file_asset = FileAsset.objects.get(asset=asset_key)
         file_asset.is_deleted = False
-        file_asset.save()
+        file_asset.save(update_fields=["is_deleted"])
-        file_asset.save(update_fields=["is_deleted"])
+def restore(self, request, workspace_id, asset_key):
+    asset_key = str(workspace_id) + "/" + asset_key
+    try:
+        file_asset = FileAsset.objects.get(asset=asset_key)
+        
+        # Add permission check
+        if not request.user.has_workspace_permission(workspace_id, "update"):
+            return Response(
+                {"error": "You don't have permission to restore this asset"},
+                status=status.HTTP_403_FORBIDDEN
+            )
+            
+        file_asset.is_deleted = False
+        file_asset.save(update_fields=["is_deleted"])
+        return Response(status=status.HTTP_204_NO_CONTENT)
+    except FileAsset.DoesNotExist:
+        return Response(
+            {"error": "Asset not found"},
+            status=status.HTTP_404_NOT_FOUND
+        )
-        file_asset.save(update_fields=["is_deleted"])
+def restore(self, request, workspace_id, asset_key):
+    asset_key = str(workspace_id) + "/" + asset_key
+    try:
+        file_asset = FileAsset.objects.get(asset=asset_key)
+        
+        # Add permission check
+        if not request.user.has_workspace_permission(workspace_id, "update"):
+            return Response(
+                {"error": "You don't have permission to restore this asset"},
+                status=status.HTTP_403_FORBIDDEN
+            )
+            
+        file_asset.is_deleted = False
+        file_asset.save(update_fields=["is_deleted"])
+        return Response(status=status.HTTP_204_NO_CONTENT)
+    except FileAsset.DoesNotExist:
+        return Response(
+            {"error": "Asset not found"},
+            status=status.HTTP_404_NOT_FOUND
+        )
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -96,5 +96,5 @@ def delete(self, request, asset_key):
             asset=asset_key, created_by=request.user
         )
         file_asset.is_deleted = True
-        file_asset.save()
+        file_asset.save(update_fields=["is_deleted"])
         return Response(status=status.HTTP_204_NO_CONTENT)
diff --git a/apiserver/plane/app/views/asset/v2.py b/apiserver/plane/app/views/asset/v2.py
@@ -34,7 +34,7 @@ def asset_delete(self, asset_id):
             return
         asset.is_deleted = True
         asset.deleted_at = timezone.now()
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return
 
     def entity_asset_save(self, asset_id, entity_type, asset, request):
@@ -209,8 +209,7 @@ def patch(self, request, asset_id):
         # update the attributes
         asset.attributes = request.data.get("attributes", asset.attributes)
         # save the asset
-        asset.created_by = request.user
-        asset.save()
+        asset.save(update_fields=["is_uploaded", "attributes"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def delete(self, request, asset_id):
@@ -221,7 +220,7 @@ def delete(self, request, asset_id):
         self.entity_asset_delete(
             entity_type=asset.entity_type, asset=asset, request=request
         )
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -280,7 +279,7 @@ def asset_delete(self, asset_id):
         # Mark the asset as deleted
         asset.is_deleted = True
         asset.deleted_at = timezone.now()
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return
 
     def entity_asset_save(self, asset_id, entity_type, asset, request):
@@ -460,8 +459,7 @@ def patch(self, request, slug, asset_id):
         # update the attributes
         asset.attributes = request.data.get("attributes", asset.attributes)
         # save the asset
-        asset.created_by = request.user
-        asset.save()
+        asset.save(update_fields=["is_uploaded", "attributes"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def delete(self, request, slug, asset_id):
@@ -472,7 +470,7 @@ def delete(self, request, slug, asset_id):
         self.entity_asset_delete(
             entity_type=asset.entity_type, asset=asset, request=request
         )
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def get(self, request, slug, asset_id):
@@ -551,7 +549,7 @@ def post(self, request, slug, asset_id):
         asset = FileAsset.all_objects.get(id=asset_id, workspace__slug=slug)
         asset.is_deleted = False
         asset.deleted_at = None
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -692,8 +690,7 @@ def patch(self, request, slug, project_id, pk):
         # update the attributes
         asset.attributes = request.data.get("attributes", asset.attributes)
         # save the asset
-        asset.created_by = request.user
-        asset.save()
+        asset.save(update_fields=["is_uploaded", "attributes"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
@@ -708,7 +705,7 @@ def delete(self, request, slug, project_id, pk):
         asset.is_deleted = True
         asset.deleted_at = timezone.now()
         # Save the asset
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])

diff --git a/apiserver/plane/bgtasks/storage_metadata_task.py b/apiserver/plane/bgtasks/storage_metadata_task.py
@@ -19,7 +19,7 @@ def get_asset_object_metadata(asset_id):
             object_name=asset.asset.name
         )
         # Save the asset
-        asset.save()
+        asset.save(update_fields=["storage_metadata"])
         return
     except FileAsset.DoesNotExist:
         return

diff --git a/apiserver/plane/space/views/asset.py b/apiserver/plane/space/views/asset.py
@@ -169,8 +169,7 @@ def patch(self, request, anchor, pk):
         # update the attributes
         asset.attributes = request.data.get("attributes", asset.attributes)
         # save the asset
-        asset.created_by = request.user
-        asset.save()
+        asset.save(update_fields=["attributes", "is_uploaded"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def delete(self, request, anchor, pk):
@@ -194,7 +193,7 @@ def delete(self, request, anchor, pk):
         asset.is_deleted = True
         asset.deleted_at = timezone.now()
         # Save the asset
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -219,7 +218,7 @@ def post(self, request, anchor, asset_id):
         )
         asset.is_deleted = False
         asset.deleted_at = None
-        asset.save()
+        asset.save(update_fields=["is_deleted", "deleted_at"])
         return Response(status=status.HTTP_204_NO_CONTENT)