misc cleanup

lib/main/base_views.py

@@ -45,14 +45,12 @@ class BaseSubList(BaseList):
   
         if not 'disassociate' in request.DATA:
             if not request.user.is_superuser or not self.__class__.parent_model.can_user_attach(request.user, main, sub, self.__class__.relationship):
-                print "cond1"
                 raise PermissionDenied()
             if sub in relationship.all():
                 return Response(status=status.HTTP_409_CONFLICT)
             relationship.add(sub)
         else:
             if not request.user.is_superuser and not self.__class__.parent_model.can_user_unattach(request.user, main, sub, self.__class__.relationship):
-                print "cond2"
                 raise PermissionDenied()
             relationship.remove(sub)
         return Response(status=status.HTTP_204_NO_CONTENT)
@@ -61,7 +59,7 @@ class BaseSubList(BaseList):
 class BaseDetail(generics.RetrieveUpdateDestroyAPIView):
 
     def pre_save(self, obj):
-       obj.created_by = owner = self.request.user
+        obj.created_by = self.request.user
 
     def destroy(self, request, *args, **kwargs):
         # somewhat lame that delete has to call it's own permissions check

lib/main/models/__init__.py

@@ -33,11 +33,12 @@ class CommonModel(models.Model):
 
     @classmethod 
     def can_user_administrate(cls, user, obj):
+        # FIXME: do we want a seperate method to override put?  This is kind of general purpose
         raise exceptions.NotImplementedError()
 
     @classmethod 
     def can_user_delete(cls, user, obj):
-        raise exceptions.NotImplementedError
+        raise exceptions.NotImplementedError()
 
     @classmethod 
     def can_user_read(cls, user, obj):
@@ -45,6 +46,7 @@ class CommonModel(models.Model):
 
     @classmethod
     def can_user_attach(cls, user, obj, sub_obj, relationship):
+        ''' whether you can add sub_obj to obj using the relationship type in a subobject view '''
         if relationship in [ 'projects', 'admins', 'users' ]:
             if not sub_obj.can_user_read(user, sub_obj):
                 return False
@@ -108,6 +110,7 @@ class Organization(CommonModel):
 
     @classmethod 
     def can_user_administrate(cls, user, obj):
+        # FIXME: super user checks should be higher up so we don't have to repeat them
         if user.is_superuser:
             return True
         rc = user in obj.admins.all()
@@ -118,7 +121,6 @@ class Organization(CommonModel):
         rc =  cls.can_user_administrate(user,obj) or user in obj.users.all()
         return rc
 
-
     @classmethod 
     def can_user_delete(cls, user, obj):
         return cls.can_user_administrate(user, obj)

lib/main/views.py

@@ -91,11 +91,12 @@ class OrganizationsAdminsList(BaseList):
 class OrganizationsProjectsList(BaseSubList):
     
     model = Project
-    parent_model = Organization
-    relationship = 'projects'
     serializer_class = ProjectSerializer
     permission_classes = (CustomRbac,)
 
+    parent_model = Organization  # for sub list
+    relationship = 'projects'    # " "
+    
     # I can see the projects from the organization if:
     #    I'm the superuser
     #    I am a an administrator of the organization