diff --git a/lib/main/base_views.py b/lib/main/base_views.py index f75f5eeb46..123d4667e8 100644 --- a/lib/main/base_views.py +++ b/lib/main/base_views.py @@ -43,3 +43,8 @@ class BaseDetail(generics.RetrieveUpdateDestroyAPIView): obj.save() return HttpResponse(status=204) + def delete_permissions_check(self, request, obj): + raise exceptions.NotImplementedError() + + + diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py index bae06354d0..26598de097 100644 --- a/lib/main/models/__init__.py +++ b/lib/main/models/__init__.py @@ -31,8 +31,12 @@ class CommonModel(models.Model): def __unicode__(self): return unicode(self.name) - def can_user_administrate(self, user): + def can_user_administrate(cls, user): raise exceptions.NotImplementedError() + + def can_user_delete(cls, user, obj): + return user in obj.admins.all() + class Tag(models.Model): ''' @@ -81,6 +85,9 @@ class Organization(CommonModel): import lib.urls return reverse(lib.urls.views_OrganizationsDetail, args=(self.pk,)) + def can_user_delete(cls, user, obj): + return user in obj.admins.all() + class Inventory(CommonModel): ''' an inventory source contains lists and hosts. diff --git a/lib/main/views.py b/lib/main/views.py index 27ab7f21e4..fee8e90b1b 100644 --- a/lib/main/views.py +++ b/lib/main/views.py @@ -40,11 +40,8 @@ class OrganizationsDetail(BaseDetail): serializer_class = OrganizationSerializer permission_classes = (CustomRbac,) - # FIXME: use this for the audit trail hook, ideally in base class. - #def pre_save(self, obj): - # obj.owner = self.request.user - def item_permissions_check(self, request, obj): + is_admin = request.user in obj.admins.all() is_user = request.user in obj.users.all() @@ -55,6 +52,7 @@ class OrganizationsDetail(BaseDetail): return False def delete_permissions_check(self, request, obj): + return request.user in obj.admins.all() class OrganizationsAuditTrailList(BaseList):