A user can access what teams they are on.

2026-01-10 15:32:07 -03:30 · 2013-04-01 18:49:32 -04:00 · 2013-04-01 18:49:32 -04:00 · 0d41b7bf07
commit 0d41b7bf07
parent 6bf4c1604f
2 changed files with 22 additions and 4 deletions
--- a/lib/main/models/init.py
+++ b/lib/main/models/init.py
@ -110,7 +110,7 @@ class UserHelper(object):
            return 'partial'
        if user.is_superuser:
            return True
-        matching_orgs = len(set(obj.organizations.all()) & set(user.admin_of_organizations.all()))
+        matching_orgs = obj.organizations.filter(admins__in = [user]).count()
        return matching_orgs

    @classmethod
@ -123,7 +123,7 @@ class UserHelper(object):
    def can_user_delete(cls, user, obj):
        if user.is_superuser:
            return True
-        matching_orgs = len(set(obj.organizations.all()) & set(user.admin_of_organizations.all()))
+        matching_orgs = obj.organizations.filter(admins__in = [user]).count()
        return matching_orgs


--- a/lib/main/tests/projects.py
+++ b/lib/main/tests/projects.py
@ -246,12 +246,30 @@ class ProjectsTest(BaseTest):

        self.assertEquals(Team.objects.get(pk=team.pk).users.count(), 0)

+        # =====================================================================
+        # USER TEAMS
+
        # from a user, can see what teams they are on (related resource)
-        print "TEAMS?"
-        print User.objects.get(username = 'other').teams.all()
+        other = User.objects.get(username = 'other')
+        url = '/api/v1/users/%s/teams/' % other.pk
+        self.get(url, expect=401)
+        self.get(url, expect=401, auth=self.get_invalid_credentials())
+        self.get(url, expect=403, auth=self.get_nobody_credentials())
+        other.organizations.add(Organization.objects.get(pk=2))
+        other.save()
+        my_teams1 = self.get(url, expect=200, auth=self.get_normal_credentials())
+        my_teams2 = self.get(url, expect=200, auth=self.get_other_credentials())
+        self.assertEqual(my_teams1['count'], 2)
+        self.assertEqual(my_teams1, my_teams2)
+
+        # =====================================================================
+        # USER PROJECTS
+
+        url = '/api/v1/users/%s/projects/' % other.pk

        # from a user, can see what projects they can see based on team association
        # though this resource doesn't do anything else
+        raise Exception("STOP")

        # =====================================================================
        # CREDENTIALS