From 2c2c26860f86b9ab0619e5bc3eed378ce1ee3756 Mon Sep 17 00:00:00 2001
From: Michael DeHaan <michael@ansibleworks.com>
Date: Thu, 4 Apr 2013 12:38:41 -0400
Subject: [PATCH] Wiring up team credentials service (WIP).

---
 lib/main/models/__init__.py |  5 +++--
 lib/main/views.py           | 20 ++++++++++++++++++++
 lib/urls.py                 |  3 +++
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py
index 1fd1b99916..63eaac4afd 100644
--- a/lib/main/models/__init__.py
+++ b/lib/main/models/__init__.py
@@ -557,8 +557,9 @@ class Credential(CommonModelNameNotUnique):
             user_obj = User.objects.get(pk=data['user'])
             return UserHelper.can_user_administrate(user, user_obj)
         if 'team' in data:
-            team_obj = Team.objects.get(pk=data['user'])
-            return team_obj.organization.users.filter(admins__in = [user]).count()
+            raise Exception("FIXME")
+            #team_obj = Team.objects.get(pk=data['team'])
+            #return team_obj.organization.users.filter(admins__in = [user]).count()
 
     def get_absolute_url(self):
         import lib.urls
diff --git a/lib/main/views.py b/lib/main/views.py
index a8ccb79c62..6f3d330caa 100644
--- a/lib/main/views.py
+++ b/lib/main/views.py
@@ -214,6 +214,26 @@ class TeamsUsersList(BaseSubList):
             return base
         raise PermissionDenied()
 
+class TeamsCredentialsList(BaseSubList):
+
+    model = Credential
+    serializer_class = CredentialSerializer
+    permission_classes = (CustomRbac,)
+    parent_model = Team
+    relationship = 'credentials'
+    postable = True
+    inject_primary_key_on_post_as = 'team'
+
+    def _get_queryset(self):
+        team = Team.objects.get(pk=self.kwargs['pk'])
+        if not Team.can_user_read(self.request.user, team):
+            raise PermissionDenied()
+        project_credentials = Credential.objects.filter(
+            projects__teams__users__in = [ user ]
+        )
+        return user.credentials.distinct() | project_credentials.distinct()
+
+
 class ProjectsList(BaseList):
 
     model = Project
diff --git a/lib/urls.py b/lib/urls.py
index fcfe9c8b6e..901a78691d 100644
--- a/lib/urls.py
+++ b/lib/urls.py
@@ -50,6 +50,8 @@ views_ProjectsOrganizationsList    = views.ProjectsOrganizationsList.as_view()
 views_TeamsList                    = views.TeamsList.as_view()
 views_TeamsDetail                  = views.TeamsDetail.as_view()
 views_TeamsUsersList               = views.TeamsUsersList.as_view()
+views_TeamsCredentialsList         = views.TeamsCredentialsList.as_view()
+views_TeamsCredentialsList         = views.TeamsCredentialsList.as_view()
 
 # inventory service
 views_InventoryList                = views.InventoryList.as_view()
@@ -121,6 +123,7 @@ urlpatterns = patterns('',
     url(r'^api/v1/teams/$',                                       views_TeamsList),
     url(r'^api/v1/teams/(?P<pk>[0-9]+)/$',                        views_TeamsDetail),
     url(r'^api/v1/teams/(?P<pk>[0-9]+)/users/$',                  views_TeamsUsersList),
+    url(r'^api/v1/teams/(?P<pk>[0-9]+)/credentials/$',            views_TeamsCredentialsList),
 
     # api/v1/teams/N/
     # api/v1/teams/N/users/