add granted_projects function, simplify middleware

2014-09-19 17:40:06 -07:00 · 2014-09-19 17:40:06 -07:00 · 10dc2d499c
commit 10dc2d499c
parent a889c3f0ad
2 changed files with 48 additions and 45 deletions
--- a/tracker/middleware.py
+++ b/tracker/middleware.py
@ -2,11 +2,8 @@ from django.core.exceptions import ImproperlyConfigured
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import login_required
-from django.db.models import Q

-from tracker.models import Project
-from permissions.models import GlobalPermission
-from permissions.models import PermissionModel as PermModel
+from tracker.utils import granted_projects


 # This middleware protect only views of the following modules
@ -28,46 +25,7 @@ class ProjectMiddleware:
                " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
                " before the ProjectMiddleware class.")

-        # projectS
-        if request.user.is_authenticated() and request.user.is_staff:
-            projects = Project.objects.all()
-        elif request.user.is_authenticated():
-            teams = request.user.teams.values_list('id')
-            groups = request.user.groups.values_list('id')
-            # check for a global permission allowing access
-            if GlobalPermission.objects.filter(access_project=True) \
-                    .filter(
-                        # directly
-                        Q(grantee_type=PermModel.GRANTEE_USER,
-                            grantee_id=request.user.id)
-                        # through a group
-                        | Q(grantee_type=PermModel.GRANTEE_GROUP,
-                            grantee_id__in=groups)
-                        # through a team
-                        | Q(grantee_type=PermModel.GRANTEE_TEAM,
-                            grantee_id__in=teams)
-                    ).exists():
-                projects = Project.objects.all()
-            # searching project reachable throught project permission
-            else:
-                # public project
-                query = Q(access=Project.ACCESS_PUBLIC)
-                # project reserved to logged users
-                query |= Q(access=Project.ACCESS_REGISTERED)
-                # access granted through a team
-                query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM,
-                        permissions__grantee_id__in=teams)
-                # access granted through a group
-                query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP,
-                        permissions__grantee_id__in=groups)
-                # access granted by specific permission
-                query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER,
-                        permissions__grantee_id=request.user.id)
-                projects = Project.objects.filter(query).distinct()
-        else:
-            # only public projects
-            projects = Project.objects.filter(access=Project.ACCESS_PUBLIC)
-        request.projects = projects
+        request.projects = granted_projects(request.user)

        # project
        if view.__module__ not in modules:
@ -76,7 +34,7 @@ class ProjectMiddleware:
        if not project:
            return
        try:
-            project = projects.get(name=project)
+            project = request.projects.get(name=project)
        except ObjectDoesNotExist:
            if request.user.is_authenticated():
                raise PermissionDenied()