From 5d9b0be8ddb5d89f28bf2a3c485f6ded604b57bf Mon Sep 17 00:00:00 2001 From: Mitchell Kotler Date: Thu, 22 Jan 2026 16:14:22 -0500 Subject: [PATCH] only show organization credit fields for single retrieves --- documentcloud/organizations/serializers.py | 8 +++++++- documentcloud/users/tests/test_views.py | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/documentcloud/organizations/serializers.py b/documentcloud/organizations/serializers.py index d8995fe4..31828887 100644 --- a/documentcloud/organizations/serializers.py +++ b/documentcloud/organizations/serializers.py @@ -82,10 +82,16 @@ def to_representation(self, instance): if "monthly_credits" in self.fields: # skip checks if we have already removed the fields request = self.context and self.context.get("request") + view = self.context and self.context.get("view") + action = view.action if view else None user = request and request.user is_org = isinstance(instance, Organization) if not ( - is_org and user and user.is_authenticated and instance.has_member(user) + is_org + and user + and user.is_authenticated + and instance.has_member(user) + and action == "retrieve" ): # only members may see AI credit information self.fields.pop("monthly_credits") diff --git a/documentcloud/users/tests/test_views.py b/documentcloud/users/tests/test_views.py index d67a81da..a937cf6f 100644 --- a/documentcloud/users/tests/test_views.py +++ b/documentcloud/users/tests/test_views.py @@ -114,6 +114,7 @@ def test_retrieve_me_expanded(self, client, user): response_json = json.loads(response.content) context = {"request": MagicMock(), "view": MagicMock()} context["request"].user = user + context["view"].action = "retrieve" organization_serializer = OrganizationSerializer( user.organization, context=context )