Commit c160ea05 authored by Benjamin Fischer's avatar Benjamin Fischer
Browse files

[controller] UM: cleaned up rights checking

- better handling of inconsistent UM-model API
parent 6250994c
...@@ -29,6 +29,8 @@ def call_mix(func, *args, **kwargs): ...@@ -29,6 +29,8 @@ def call_mix(func, *args, **kwargs):
class Rights(int): class Rights(int):
levels = [ levels = [
"none", "none",
"private",
"protected",
"public", "public",
"indirect", "indirect",
"member", "member",
...@@ -36,20 +38,45 @@ class Rights(int): ...@@ -36,20 +38,45 @@ class Rights(int):
"admin", "admin",
] ]
@staticmethod
def has_user(user, listing):
return any(
user.id == (item.id if isinstance(item, User) else item.user_id)
for item in listing
)
def test(self, obj): def test(self, obj):
""" """
Tests wether the object interaction is allowed with the given rights. Tests wether the object interaction is allowed with the given rights.
""" """
user = cherrypy.request.user user = cherrypy.request.user
fallback = (lambda: [user]) if user == obj else list
return self <= ( if user.serveradmin:
self.admin if user.serveradmin else return True
self.manager if getattr(obj, "get_managers", fallback)() else
self.member if user in getattr(obj, "get_users", fallback)() else if self > self.manager:
self.indirect if False else # TODO: implement this return False
self.public if getattr(self, "privacy", -1) == Group.PUBLIC else if obj == user:
self.none return True
) if user in getattr(obj, "get_managers", list)():
return True
if self > self.member:
return False
if self.has_user(user, getattr(obj, "users", [])):
return True
if self > self.indirect:
return False
if self.has_user(user, getattr(obj, "get_users", list)()):
return True
return self <= {
Group.PUBLIC: self.public,
Group.PROTECTED: self.protected,
Group.PRIVATE: self.private,
None: self.none,
}[getattr(obj, "privacy", None)]
@staticmethod @staticmethod
def extend(base, extension, delete=[]): def extend(base, extension, delete=[]):
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment