[UM] remove global controler for accessing project and workgroup items

[UM] add convenience functions for checking permissions and membership

conf/vispa.ini.sample

@@ -142,11 +142,11 @@ role_1 = Student
 role_2 = Tutor
 role_3 = Manager
 # list of permissions that must exist
-permissions = ["project.read_items", "project.create_items", "project.edit_items", "project.delete_items"]
+permissions = ["core.read_items", "core.create_items", "core.edit_items", "core.delete_items"]
 # assignment of permissions to default roles. permissions must exists (use line above)
-role_1_permissions = ["project.read_items"]
-role_2_permissions = ["project.read_items", "project.create_items"]
-role_3_permissions = ["project.read_items", "project.create_items", "project.edit_items", "project.delete_items"]
+role_1_permissions = ["core.read_items"]
+role_2_permissions = ["core.read_items", "core.create_items"]
+role_3_permissions = ["core.read_items", "core.create_items", "core.edit_items", "core.delete_items"]
 # assignment of roles to user and guest group
 user_group_roles = [1]
 guest_group_roles = []

vispa/controller/usermanagement.py

@@ -996,86 +996,6 @@ class UMAjaxController(AbstractController):
         except Exception as ex:
             raise AjaxException(str(ex))
 
-    @cherrypy.expose
-    def project_get_items(self, project, itemtype=None):
-        """
-        Get items of project.
-
-        :param project: concerning project
-        :param itemtype: optional filter on type of items
-        :returns: list of dict with "id", "itemtype" and "content"
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        try:
-            permissions = self.user_get_permissions(project)
-            if "project.read_items" not in permissions:
-                raise AjaxException(403)
-            items = Project.get(session, project).get_items(itemtype)
-            return [{"id": item.id,
-                     "itemtype": item.itemtype,
-                     "content": item.content
-                    } for item in items]
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def project_create_item(self, project, itemtype, content):
-        """
-        Create item for project.
-
-        :param project: concerning project
-        :param itemtype: type of new item
-        :param content: content of new item
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        try:
-            permissions = self.user_get_permissions(project)
-            if "project.create_items" not in permissions:
-                raise AjaxException(403)
-            project = Project.get(session, project)
-            ProjectItem.create(session, project, itemtype, content)
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def projectitem_edit_content(self, itemid, content):
-        """
-        Edit content of project item.
-
-        :param itemid: id of item to be edited
-        :param content: new content of item
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        try:
-            item = ProjectItem.get(session, itemid)
-            permissions = self.user_get_permissions(item.get_project())
-            if "project.edit_items" not in permissions:
-                raise AjaxException(403)
-            item.set_content(content)
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def projectitem_delete(self, itemid):
-        """
-        Delete project item.
-
-        :param itemid: id of item to be edited
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        try:
-            item = ProjectItem.get(session, itemid)
-            permissions = self.user_get_permissions(item.get_project())
-            if "project.delete_items" not in permissions:
-                raise AjaxException(403)
-            item.delete(session)
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
     @cherrypy.expose
     def role_get_all(self):
         """
@@ -1420,94 +1340,3 @@ class UMAjaxController(AbstractController):
             workgroup.remove_manager(manager)
         except Exception as ex:
             raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def workgroup_get_items(self, workgroup, itemtype=None):
-        """
-        Get items of workgroup.
-
-        :param workgroup: concerning workgroup
-        :param itemtype: optional selector on itemtype
-        :returns: list of dict with "id", "itemtype" and "content"
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        user = cherrypy.request.user
-        try:
-            workgroup = Workgroup.get(session, workgroup)
-            if not (user.serveradmin or \
-                    (user in workgroup.get_users()) or \
-                    (user in workgroup.get_managers())):
-                raise AjaxException(403)
-            items = workgroup.get_items(itemtype)
-            return [{"id": item.id,
-                     "itemtype": item.itemtype,
-                     "content": item.content
-                    } for item in items]
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def workgroup_create_item(self, workgroup, itemtype, content):
-        """
-        Create item for workgroup.
-
-        :param workgroup: concerning workgroup
-        :param itemtype: itemtype of new item
-        :param content: content of new item
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        user = cherrypy.request.user
-        try:
-            workgroup = Workgroup.get(session, workgroup)
-            if not (user.serveradmin or \
-                    (user in workgroup.get_users()) or \
-                    (user in workgroup.get_managers())):
-                raise AjaxException(403)
-            WorkgroupItem.create(session, workgroup, itemtype, content)
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def workgroupitem_edit_content(self, itemid, content):
-        """
-        Edit content of workgroup item.
-
-        :param itemid: id of item to be edited
-        :param content: new content of item
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        user = cherrypy.request.user
-        try:
-            item = WorkgroupItem.get(session, itemid)
-            workgroup = item.get_workgroup()
-            if not (user.serveradmin or \
-                    (user in workgroup.get_users()) or \
-                    (user in workgroup.get_managers())):
-                raise AjaxException(403)
-            item.set_content(content)
-        except Exception as ex:
-            raise AjaxException(str(ex))
-
-    @cherrypy.expose
-    def workgroupitem_delete(self, itemid):
-        """
-        Delete workgroup item.
-
-        :param itemid: id of item to be deleted
-        :raises: AjaxException
-        """
-        session = cherrypy.request.db
-        user = cherrypy.request.user
-        try:
-            item = WorkgroupItem.get(session, itemid)
-            workgroup = item.get_workgroup()
-            if not (user.serveradmin or \
-                    (user in workgroup.get_users()) or \
-                    (user in workgroup.get_managers())):
-                raise AjaxException(403)
-            item.delete(session)
-        except Exception as ex:
-            raise AjaxException(str(ex))

vispa/models/user.py

@@ -12,6 +12,7 @@ from sqlalchemy.orm import relationship
 from sqlalchemy.types import Unicode, DateTime, Integer, Boolean, UnicodeText
 from vispa import AjaxException
 from vispa.models import Base
+from vispa.models.role import Permission
 from sets import Set
 import vispa
 logger = logging.getLogger(__name__)
@@ -402,6 +403,26 @@ Your Vispa-Team!""" % (user.name, link)
             permissions.update(project_group_assoc.get_permissions())
         return permissions
 
+    def has_permission(self, permissions, project):
+        """
+        Check if the user has the given permissions in the given project
+
+        :param permission: permission or list of permissions to be checked
+        :type permission: Permission or list of Permission
+        :param project: concerning project
+        :type project: Project
+        :returns: bool is all permissions are present
+        :raises: TypeError if project is not instance of Project
+        :raises: Exception if user not in project
+        """
+        presentPermissions = self.get_permissions(project)
+        if isinstance(permissions, Permission):
+            permissions = [permissions]
+        for permission in permissions:
+            if permission not in presentPermissions:
+                return False
+        return True
+
     def get_workgroups(self):
         """
         Get workgroups of the user.
@@ -417,3 +438,20 @@ Your Vispa-Team!""" % (user.name, link)
         :returns: list of Workgroup objects
         """
         return self.managed_workgroups
+
+    def is_in_workgroup(self, workgroup):
+        """
+        Check if the user is in the workgroup, either user or manager.
+
+        :param workgroup: concerning workgroup
+        :type workgroup: Workgroup
+        :returns: bool whether user is manager or user of workgroup
+        :raises: TypeError if workgrop is not instance of Workgroup
+        """
+        # avoid circular import
+        from vispa.models.workgroup import Workgroup
+        if not isinstance(workgroup, Workgroup):
+            raise TypeError('Invalid type of workgroup')
+        return (self in workgroup.get_users()) or \
+               (self in workgroup.get_managers()) or \
+                self.serveradmin