Ability to add tags to an organization.

lib/main/models/__init__.py

@@ -50,16 +50,13 @@ class CommonModel(models.Model):
         return user.is_superuser
 
     @classmethod
-    def can_user_attach(cls, user, obj, sub_obj, relationship):
+    def can_user_attach(cls, user, obj, sub_obj, relationship_type):
         ''' whether you can add sub_obj to obj using the relationship type in a subobject view '''
-        if relationship in [ 'projects', 'admins', 'users' ]:
+        if type(sub_obj) != User:
-            if type(sub_obj) != User:
+            if not sub_obj.can_user_read(user, sub_obj):
-                if not sub_obj.can_user_read(user, sub_obj):
+                return False
-                    return False
+        rc = cls.can_user_administrate(user, obj)
-            rc = cls.can_user_administrate(user, obj)
+        return rc
-            return rc
-
-        raise Exception("unknown relationship type: %s" % relationship)
  
     @classmethod
     def can_user_unattach(cls, user, obj, sub_obj, relationship):
@@ -82,6 +79,17 @@ class Tag(models.Model):
         import lib.urls
         return reverse(lib.urls.views_TagsDetail, args=(self.pk,))
 
+    @classmethod
+    def can_user_add(cls, user):
+        # anybody can make up tags
+        return True
+
+    @classmethod
+    def can_user_read(cls, user, obj):
+        # anybody can read tags, we won't show much detail other than the names
+        return True
+
+ 
 class AuditTrail(CommonModel):
     ''' 
     changing any object records the change 

lib/main/tests.py

@@ -356,10 +356,24 @@ class OrganizationsTest(BaseTest):
         self.assertEqual(users['count'], 2)
 
     def test_post_item_subobjects_admins(self):
-        pass
+
+        url = '/api/v1/organizations/2/admins/'
+        admins = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEqual(admins['count'], 1)
+        self.post(url, dict(id=1), expect=204, auth=self.get_normal_credentials())
+        admins = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEqual(admins['count'], 2)
 
     def test_post_item_subobjects_tags(self):
-        pass
+
+        tag = Tag.objects.create(name='blippy')
+        url = '/api/v1/organizations/2/tags/'
+        tags = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEqual(tags['count'], 0)
+        self.post(url, dict(id=tag.pk), expect=204, auth=self.get_normal_credentials())
+        tags = self.get(url, expect=200, auth=self.get_normal_credentials())
+        self.assertEqual(tags['count'], 1)
+        self.assertEqual(tags['results'][0]['id'], tag.pk)
 
     def test_post_item_subobjects_audit_trail(self):
         pass
@@ -381,8 +395,6 @@ class OrganizationsTest(BaseTest):
         self.put(urls[0], new_data1, expect=403, auth=self.get_normal_credentials())
         put_result = self.put(urls[1], new_data1, expect=200, auth=self.get_normal_credentials())
 
-        # FIXME: test the contents of the put returned object
-
         # get back org 1 and see if it changed
         get_result = self.get(urls[1], expect=200, auth=self.get_normal_credentials())
         self.assertEquals(get_result['description'], 'updated description')
@@ -406,12 +418,6 @@ class OrganizationsTest(BaseTest):
         first_sub_project = sub_projects['results'][0]
         self.put(projects0_url, first_sub_project, expect=405, auth=self.get_super_credentials())
 
-    def test_put_item_subobjects_users(self):
-        pass
-
-    def test_put_item_subobjects_admins(self):
-        pass
-
     def test_delete_item(self):
 
         # first get some urls

lib/main/views.py

@@ -96,7 +96,7 @@ class OrganizationsProjectsList(BaseSubList):
             raise PermissionDenied()
         return Project.objects.filter(organizations__in = [ organization ])
 
-class OrganizationsTagsList(BaseList):
+class OrganizationsTagsList(BaseSubList):
     
     model = Tag
     serializer_class = TagSerializer