diff --git a/lib/main/base_views.py b/lib/main/base_views.py index 0d1b84ec4d..6fd930e306 100644 --- a/lib/main/base_views.py +++ b/lib/main/base_views.py @@ -44,7 +44,7 @@ class BaseDetail(generics.RetrieveUpdateDestroyAPIView): return HttpResponse(status=204) def delete_permissions_check(self, request, obj): - raise exceptions.NotImplementedError() + return self.__class__.model.can_user_delete(request.user, obj) def item_permissions_check(self, request, obj): diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py index 437d380f1d..5600ded7a5 100644 --- a/lib/main/models/__init__.py +++ b/lib/main/models/__init__.py @@ -31,12 +31,15 @@ class CommonModel(models.Model): def __unicode__(self): return unicode(self.name) + @classmethod def can_user_administrate(cls, user): raise exceptions.NotImplementedError() + @classmethod def can_user_delete(cls, user, obj): raise exceptions.NotImplementedError + @classmethod def can_user_access(cls, user, obj): raise exceptions.NotImplementedError() @@ -88,18 +91,21 @@ class Organization(CommonModel): import lib.urls return reverse(lib.urls.views_OrganizationsDetail, args=(self.pk,)) + @classmethod def can_user_delete(cls, user, obj): return user in obj.admins.all() + @classmethod def can_user_administrate(cls, user, obj): - return request.user in obj.admins.all() + return user in obj.admins.all() + @classmethod def can_user_access(cls, user, obj): - return self.can_user_administrate(user,obj) or request.user in obj.users.all() + return cls.can_user_administrate(user,obj) or request.user in obj.users.all() + @classmethod def can_user_delete(cls, user, obj): - return self.can_user_administrate(user, obj) - + return cls.can_user_administrate(user, obj) class Inventory(CommonModel): ''' @@ -197,8 +203,9 @@ class Project(CommonModel): import lib.urls return reverse(lib.urls.views_ProjectsDetail, args=(self.pk,)) - def can_user_administrate(self, user): - organizations = Organization.filter(admins__in = [ user ]) + @classmethod + def can_user_administrate(cls, user, obj): + organizations = Organization.filter(admins__in = [ user ], projects__in = [ obj ]) organizations = self.organizations() for org in organizations: if org in project.organizations(): diff --git a/lib/main/views.py b/lib/main/views.py index fee8e90b1b..f211435b41 100644 --- a/lib/main/views.py +++ b/lib/main/views.py @@ -51,10 +51,6 @@ class OrganizationsDetail(BaseDetail): return is_admin return False - def delete_permissions_check(self, request, obj): - - return request.user in obj.admins.all() - class OrganizationsAuditTrailList(BaseList): model = AuditTrail @@ -174,24 +170,20 @@ class ProjectsDetail(BaseDetail): serializer_class = ProjectSerializer permission_classes = (CustomRbac,) - def item_permissions_check(self, request, obj): +# #def item_permissions_check(self, request, obj): +# +# # to get, must be in a team assigned to this project +# # or be an org admin of an org this project is in +# +# raise exceptions.NotImplementedError() +# +# #is_admin = request.user in obj.admins.all() +# #is_user = request.user in obj.users.all() +# # +# #if request.method == 'GET': +# # return is_admin or is_user +# #elif request.method in [ 'PUT' ]: +# # return is_admin +# #return False - # to get, must be in a team assigned to this project - # or be an org admin of an org this project is in - - raise exceptions.NotImplementedError() - - #is_admin = request.user in obj.admins.all() - #is_user = request.user in obj.users.all() - # - #if request.method == 'GET': - # return is_admin or is_user - #elif request.method in [ 'PUT' ]: - # return is_admin - #return False - - def delete_permissions_check(self, request, obj): - # FIXME: logic TBD - raise exceptions.NotImplementedError() - #return request.user in obj.admins.all()