add granted_projects function, simplify middleware

tracker/middleware.py

@@ -2,11 +2,8 @@ from django.core.exceptions import ImproperlyConfigured
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import login_required
-from django.db.models import Q
 
-from tracker.models import Project
+from tracker.utils import granted_projects
-from permissions.models import GlobalPermission
-from permissions.models import PermissionModel as PermModel
 
 
 # This middleware protect only views of the following modules
@@ -28,46 +25,7 @@ class ProjectMiddleware:
                 " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
                 " before the ProjectMiddleware class.")
 
-        # projectS
+        request.projects = granted_projects(request.user)
-        if request.user.is_authenticated() and request.user.is_staff:
-            projects = Project.objects.all()
-        elif request.user.is_authenticated():
-            teams = request.user.teams.values_list('id')
-            groups = request.user.groups.values_list('id')
-            # check for a global permission allowing access
-            if GlobalPermission.objects.filter(access_project=True) \
-                    .filter(
-                        # directly
-                        Q(grantee_type=PermModel.GRANTEE_USER,
-                            grantee_id=request.user.id)
-                        # through a group
-                        | Q(grantee_type=PermModel.GRANTEE_GROUP,
-                            grantee_id__in=groups)
-                        # through a team
-                        | Q(grantee_type=PermModel.GRANTEE_TEAM,
-                            grantee_id__in=teams)
-                    ).exists():
-                projects = Project.objects.all()
-            # searching project reachable throught project permission
-            else:
-                # public project
-                query = Q(access=Project.ACCESS_PUBLIC)
-                # project reserved to logged users
-                query |= Q(access=Project.ACCESS_REGISTERED)
-                # access granted through a team
-                query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM,
-                        permissions__grantee_id__in=teams)
-                # access granted through a group
-                query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP,
-                        permissions__grantee_id__in=groups)
-                # access granted by specific permission
-                query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER,
-                        permissions__grantee_id=request.user.id)
-                projects = Project.objects.filter(query).distinct()
-        else:
-            # only public projects
-            projects = Project.objects.filter(access=Project.ACCESS_PUBLIC)
-        request.projects = projects
 
         # project
         if view.__module__ not in modules:
@@ -76,7 +34,7 @@ class ProjectMiddleware:
         if not project:
             return
         try:
-            project = projects.get(name=project)
+            project = request.projects.get(name=project)
         except ObjectDoesNotExist:
             if request.user.is_authenticated():
                 raise PermissionDenied()

tracker/utils.py

@@ -1,7 +1,52 @@
 from django.utils.safestring import mark_safe
+from django.db.models import Q
 
 from markdown import markdown
 
+from tracker.models import Project
+from permissions.models import GlobalPermission
+from permissions.models import PermissionModel as PermModel
+
+
+def granted_projects(user):
+    if user.is_authenticated() and user.is_staff:
+        return Project.objects.all()
+    elif user.is_authenticated():
+        teams = user.teams.values_list('id')
+        groups = user.groups.values_list('id')
+        # check for a global permission allowing access
+        if GlobalPermission.objects.filter(access_project=True) \
+                .filter(
+                    # directly
+                    Q(grantee_type=PermModel.GRANTEE_USER,
+                        grantee_id=user.id)
+                    # through a group
+                    | Q(grantee_type=PermModel.GRANTEE_GROUP,
+                        grantee_id__in=groups)
+                    # through a team
+                    | Q(grantee_type=PermModel.GRANTEE_TEAM,
+                        grantee_id__in=teams)
+                ).exists():
+            return Project.objects.all()
+        # searching project reachable throught project permission
+        else:
+            # public project
+            query = Q(access=Project.ACCESS_PUBLIC)
+            # project reserved to logged users
+            query |= Q(access=Project.ACCESS_REGISTERED)
+            # access granted through a team
+            query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM,
+                    permissions__grantee_id__in=teams)
+            # access granted through a group
+            query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP,
+                    permissions__grantee_id__in=groups)
+            # access granted by specific permission
+            query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER,
+                    permissions__grantee_id=user.id)
+            return Project.objects.filter(query).distinct()
+    else:
+        # only public projects
+        return Project.objects.filter(access=Project.ACCESS_PUBLIC)
 
 def markdown_to_html(value):
     # set extensions here if needed