Some hacks to make organizational user object creation possible by posting directly to the subcollection. This is a little complex due to the user (being a Django object) not having any FKs

to our objects. This should be refactored later but is at least sufficiently operational for the two cases it is used here.
2026-02-15 10:10:01 -03:30 · 2013-04-29 10:36:16 -04:00
parent 69a9916423
commit 21f4e3a680
3 changed files with 60 additions and 5 deletions
--- a/lib/main/models/init.py
+++ b/lib/main/models/init.py
@@ -130,6 +130,14 @@ class UserHelper(object):
        matching_orgs = obj.organizations.filter(admins__in = [user]).count()
        return matching_orgs

+    @classmethod
+    def can_user_add(cls, user, data):
+        # TODO: reuse. make helper functions like "is user an org admin"
+        # apply throughout permissions code
+        if user.is_superuser:
+            return True
+        return user.admin_of_organizations.count() > 0
+
    @classmethod
    def can_user_attach(cls, user, obj, sub_obj, relationship_type, data):
        if type(sub_obj) != User:
@@ -193,7 +201,9 @@ class PrimordialModel(models.Model):

        # in order to attach something you also be able to read what you are attaching
        if type(sub_obj) == User:
-            return UserHelper.can_user_read(user, sub_obj)
+            # we already check that the user is an admin or org admin up in base_views.py
+            # because the user doesn't have the attributes on it directly to tie it to the org
+            return True
        else:
            return sub_obj.__class__.can_user_read(user, sub_obj)