List the projects that a user can see.

2026-01-09 23:12:08 -03:30 · 2013-04-01 19:43:14 -04:00 · 2013-04-01 19:43:14 -04:00 · 791003995c
commit 791003995c
parent 0d41b7bf07
3 changed files with 25 additions and 36 deletions
--- a/lib/main/tests/projects.py
+++ b/lib/main/tests/projects.py
@ -269,43 +269,14 @@ class ProjectsTest(BaseTest):

        # from a user, can see what projects they can see based on team association
        # though this resource doesn't do anything else
-        raise Exception("STOP")
+        got = self.get(url, expect=200, auth=self.get_other_credentials())
+        self.assertEquals(got['count'], 5)
+        got = self.get(url, expect=403, auth=self.get_nobody_credentials())
+        got = self.get(url, expect=401, auth=self.get_invalid_credentials())
+        got = self.get(url, expect=401)
+        got = self.get(url, expect=200, auth=self.get_super_credentials())
+        

-        # =====================================================================
-        # CREDENTIALS
-
-        credentials = '/api/v1/credentials/'
-        team_creds = '/api/v1/teams/1/credentials/'
-        user_creds = '/api/v1/users/1/credentials/'
-
-        # can add credentials for a team
-
-        # can add credentials for a user
-
-        # can list credentials belonging to a user
-
-        # can list credentials belonging to a team
-
-        # can access all credentials for a user (team+project) in one view
-
-        # ======================================================================
-        # PERMISSIONS
-
-        permissions = '/api/v1/permissions/'
-        user_permissions = '/api/v1/users/1/permissions/'
-        team_permissions = '/api/v1/teams/1/permissions/'
-
-        # can add permissions to a user
-
-        # can add permissions to a team
-
-        # can list permissions
-
-        # can list permissions that match a user
-
-        # can list permissions that match a project
-
-        # can remove permissions


        
--- a/lib/main/views.py
+++ b/lib/main/views.py
@ -319,6 +319,22 @@ class UsersTeamsList(BaseSubList):
            raise PermissionDenied()
        return Team.objects.filter(users__in = [ user ])

+class UsersProjectsList(BaseSubList):
+
+    model = Project
+    serializer_class = ProjectSerializer
+    permission_classes = (CustomRbac,)
+    parent_model = User
+    relationship = 'teams'
+    postable = False
+
+    def _get_queryset(self):
+        user = User.objects.get(pk=self.kwargs['pk'])
+        if not UserHelper.can_user_administrate(self.request.user, user):
+            raise PermissionDenied()
+        teams = user.teams.all()
+        return Project.objects.filter(teams__in = teams)
+
 class UsersOrganizationsList(BaseSubList):

    model = Organization
--- a/lib/urls.py
+++ b/lib/urls.py
@ -36,6 +36,7 @@ views_UsersMeList                  = views.UsersMeList.as_view()
 views_UsersTeamsList               = views.UsersTeamsList.as_view()
 views_UsersOrganizationsList       = views.UsersOrganizationsList.as_view()
 views_UsersAdminOrganizationsList  = views.UsersAdminOrganizationsList.as_view()
+views_UsersProjectsList            = views.UsersProjectsList.as_view()

 # projects service
 views_ProjectsList                 = views.ProjectsList.as_view()
@ -98,6 +99,7 @@ urlpatterns = patterns('',
    url(r'^api/v1/users/(?P<pk>[0-9]+)/teams/$',                  views_UsersTeamsList),
    url(r'^api/v1/users/(?P<pk>[0-9]+)/organizations/$',          views_UsersOrganizationsList),
    url(r'^api/v1/users/(?P<pk>[0-9]+)/admin_of_organizations/$', views_UsersAdminOrganizationsList),
+    url(r'^api/v1/users/(?P<pk>[0-9]+)/projects/$',               views_UsersProjectsList),

    # projects service
    url(r'^api/v1/projects/$',                                    views_ProjectsList),