Commit 55ca60bf authored by Fabian-Andree Heidemann's avatar Fabian-Andree Heidemann
Browse files

[UM] remove global controler for accessing project and workgroup items

[UM] add convenience functions for checking permissions and membership
parent aa9c4491
......@@ -142,11 +142,11 @@ role_1 = Student
role_2 = Tutor
role_3 = Manager
# list of permissions that must exist
permissions = ["project.read_items", "project.create_items", "project.edit_items", "project.delete_items"]
permissions = ["core.read_items", "core.create_items", "core.edit_items", "core.delete_items"]
# assignment of permissions to default roles. permissions must exists (use line above)
role_1_permissions = ["project.read_items"]
role_2_permissions = ["project.read_items", "project.create_items"]
role_3_permissions = ["project.read_items", "project.create_items", "project.edit_items", "project.delete_items"]
role_1_permissions = ["core.read_items"]
role_2_permissions = ["core.read_items", "core.create_items"]
role_3_permissions = ["core.read_items", "core.create_items", "core.edit_items", "core.delete_items"]
# assignment of roles to user and guest group
user_group_roles = [1]
guest_group_roles = []
......
......@@ -996,86 +996,6 @@ class UMAjaxController(AbstractController):
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def project_get_items(self, project, itemtype=None):
"""
Get items of project.
:param project: concerning project
:param itemtype: optional filter on type of items
:returns: list of dict with "id", "itemtype" and "content"
:raises: AjaxException
"""
session = cherrypy.request.db
try:
permissions = self.user_get_permissions(project)
if "project.read_items" not in permissions:
raise AjaxException(403)
items = Project.get(session, project).get_items(itemtype)
return [{"id": item.id,
"itemtype": item.itemtype,
"content": item.content
} for item in items]
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def project_create_item(self, project, itemtype, content):
"""
Create item for project.
:param project: concerning project
:param itemtype: type of new item
:param content: content of new item
:raises: AjaxException
"""
session = cherrypy.request.db
try:
permissions = self.user_get_permissions(project)
if "project.create_items" not in permissions:
raise AjaxException(403)
project = Project.get(session, project)
ProjectItem.create(session, project, itemtype, content)
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def projectitem_edit_content(self, itemid, content):
"""
Edit content of project item.
:param itemid: id of item to be edited
:param content: new content of item
:raises: AjaxException
"""
session = cherrypy.request.db
try:
item = ProjectItem.get(session, itemid)
permissions = self.user_get_permissions(item.get_project())
if "project.edit_items" not in permissions:
raise AjaxException(403)
item.set_content(content)
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def projectitem_delete(self, itemid):
"""
Delete project item.
:param itemid: id of item to be edited
:raises: AjaxException
"""
session = cherrypy.request.db
try:
item = ProjectItem.get(session, itemid)
permissions = self.user_get_permissions(item.get_project())
if "project.delete_items" not in permissions:
raise AjaxException(403)
item.delete(session)
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def role_get_all(self):
"""
......@@ -1420,94 +1340,3 @@ class UMAjaxController(AbstractController):
workgroup.remove_manager(manager)
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def workgroup_get_items(self, workgroup, itemtype=None):
"""
Get items of workgroup.
:param workgroup: concerning workgroup
:param itemtype: optional selector on itemtype
:returns: list of dict with "id", "itemtype" and "content"
:raises: AjaxException
"""
session = cherrypy.request.db
user = cherrypy.request.user
try:
workgroup = Workgroup.get(session, workgroup)
if not (user.serveradmin or \
(user in workgroup.get_users()) or \
(user in workgroup.get_managers())):
raise AjaxException(403)
items = workgroup.get_items(itemtype)
return [{"id": item.id,
"itemtype": item.itemtype,
"content": item.content
} for item in items]
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def workgroup_create_item(self, workgroup, itemtype, content):
"""
Create item for workgroup.
:param workgroup: concerning workgroup
:param itemtype: itemtype of new item
:param content: content of new item
:raises: AjaxException
"""
session = cherrypy.request.db
user = cherrypy.request.user
try:
workgroup = Workgroup.get(session, workgroup)
if not (user.serveradmin or \
(user in workgroup.get_users()) or \
(user in workgroup.get_managers())):
raise AjaxException(403)
WorkgroupItem.create(session, workgroup, itemtype, content)
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def workgroupitem_edit_content(self, itemid, content):
"""
Edit content of workgroup item.
:param itemid: id of item to be edited
:param content: new content of item
:raises: AjaxException
"""
session = cherrypy.request.db
user = cherrypy.request.user
try:
item = WorkgroupItem.get(session, itemid)
workgroup = item.get_workgroup()
if not (user.serveradmin or \
(user in workgroup.get_users()) or \
(user in workgroup.get_managers())):
raise AjaxException(403)
item.set_content(content)
except Exception as ex:
raise AjaxException(str(ex))
@cherrypy.expose
def workgroupitem_delete(self, itemid):
"""
Delete workgroup item.
:param itemid: id of item to be deleted
:raises: AjaxException
"""
session = cherrypy.request.db
user = cherrypy.request.user
try:
item = WorkgroupItem.get(session, itemid)
workgroup = item.get_workgroup()
if not (user.serveradmin or \
(user in workgroup.get_users()) or \
(user in workgroup.get_managers())):
raise AjaxException(403)
item.delete(session)
except Exception as ex:
raise AjaxException(str(ex))
......@@ -12,6 +12,7 @@ from sqlalchemy.orm import relationship
from sqlalchemy.types import Unicode, DateTime, Integer, Boolean, UnicodeText
from vispa import AjaxException
from vispa.models import Base
from vispa.models.role import Permission
from sets import Set
import vispa
logger = logging.getLogger(__name__)
......@@ -402,6 +403,26 @@ Your Vispa-Team!""" % (user.name, link)
permissions.update(project_group_assoc.get_permissions())
return permissions
def has_permission(self, permissions, project):
"""
Check if the user has the given permissions in the given project
:param permission: permission or list of permissions to be checked
:type permission: Permission or list of Permission
:param project: concerning project
:type project: Project
:returns: bool is all permissions are present
:raises: TypeError if project is not instance of Project
:raises: Exception if user not in project
"""
presentPermissions = self.get_permissions(project)
if isinstance(permissions, Permission):
permissions = [permissions]
for permission in permissions:
if permission not in presentPermissions:
return False
return True
def get_workgroups(self):
"""
Get workgroups of the user.
......@@ -417,3 +438,20 @@ Your Vispa-Team!""" % (user.name, link)
:returns: list of Workgroup objects
"""
return self.managed_workgroups
def is_in_workgroup(self, workgroup):
"""
Check if the user is in the workgroup, either user or manager.
:param workgroup: concerning workgroup
:type workgroup: Workgroup
:returns: bool whether user is manager or user of workgroup
:raises: TypeError if workgrop is not instance of Workgroup
"""
# avoid circular import
from vispa.models.workgroup import Workgroup
if not isinstance(workgroup, Workgroup):
raise TypeError('Invalid type of workgroup')
return (self in workgroup.get_users()) or \
(self in workgroup.get_managers()) or \
self.serveradmin
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment