feat(workspaces): expose role-aware membership details

apps/workspaces/api/views.py

@@ -33,6 +33,7 @@ from apps.workspaces.models import PriceUnit, Workspace, WorkspaceMembership, Wo
 from apps.workspaces.services import (
     WORKSPACE_MEMBERS_VIEW,
     WORKSPACE_EDIT,
+    WORKSPACE_VIEW,
     can_assign_workspace_role,
     can_change_workspace_membership,
     has_workspace_capability,
@@ -102,7 +103,9 @@ class WorkspaceMembershipViewSet(ModelViewSet):
         ).distinct()
 
     def get_permissions(self):
-        if self.action in ["list", "retrieve", "create", "update", "partial_update"]:
+        if self.action in ["list", "retrieve"]:
+            return [IsAuthenticated()]
+        if self.action in ["create", "update", "partial_update"]:
             return [IsAuthenticated(), CanWorkspaceManageMembers()]
         if self.action in ["destroy"]:
             return [IsAuthenticated(), CanWorkspaceManageMembers()]
@@ -118,7 +121,7 @@ class WorkspaceMembershipViewSet(ModelViewSet):
             )
 
         workspace = get_object_or_404(Workspace, id=workspace_id, is_deleted=False)
-        if not has_workspace_capability(request.user, workspace, WORKSPACE_MEMBERS_VIEW):
+        if not has_workspace_capability(request.user, workspace, WORKSPACE_VIEW):
             return Response(
                 {"detail": "You do not have permission to view workspace members."},
                 status=status.HTTP_403_FORBIDDEN,