new global perm to grant ro access on all project

2014-08-30 19:26:08 -07:00 · 2014-08-30 19:26:08 -07:00 · 203dc89db0
commit 203dc89db0
parent 81df233d5a
4 changed files with 69 additions and 12 deletions
--- a/permissions/migrations/0004_auto_20140830_2318.py
+++ b/permissions/migrations/0004_auto_20140830_2318.py
@ -0,0 +1,30 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('permissions', '0003_auto_20140830_2304'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='globalpermission',
+            name='access_project',
+            field=models.BooleanField(default=False),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='globalpermission',
+            name='create_comment',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='globalpermission',
+            name='create_issue',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/permissions/models.py
+++ b/permissions/models.py
@ -96,12 +96,14 @@ class GlobalPermission(PermissionModel):

    # Project permissions, given on ALL projects

-    create_issue = models.BooleanField(default=True)
+    access_project = models.BooleanField(default=False)
+
+    create_issue = models.BooleanField(default=False)
    modify_issue = models.BooleanField(default=False)
    manage_issue = models.BooleanField(default=False)
    delete_issue = models.BooleanField(default=False)

-    create_comment = models.BooleanField(default=True)
+    create_comment = models.BooleanField(default=False)
    modify_comment = models.BooleanField(default=False)
    delete_comment = models.BooleanField(default=False)

--- a/templates/permissions/global_perm_list.html
+++ b/templates/permissions/global_perm_list.html
@ -66,6 +66,10 @@
        </div>
        <div class="tab-pane" id="project{{ perm.id }}">
          <ul class="list-group">
+            <li class="list-group-item">
+              Access
+              <a href="javascript:void(0);" class="pull-right perm-toggle" data-href="{% url 'toggle-global-permission' perm.id 'access-project' %}">{{ perm.access_project|boolean }}</a>
+            </li>
            <li class="list-group-item">
              Create issue
              <a href="javascript:void(0);" class="pull-right perm-toggle" data-href="{% url 'toggle-global-permission' perm.id 'create-issue' %}">{{ perm.create_issue|boolean }}</a>
--- a/tracker/middleware.py
+++ b/tracker/middleware.py
@ -5,6 +5,7 @@ from django.contrib.auth.decorators import login_required
 from django.db.models import Q

 from tracker.models import Project
+from permissions.models import GlobalPermission
 from permissions.models import PermissionModel as PermModel


@ -30,25 +31,45 @@ class ProjectMiddleware:
                " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
                " before the ProjectMiddleware class.")

-        # projects
+        # projectS
        if request.user.is_authenticated() and request.user.is_staff:
            projects = Project.objects.all()
+        elif request.user.is_authenticated():
+            teams = request.user.teams.values_list('id')
+            groups = request.user.groups.values_list('id')
+            # check for a global permission allowing access
+            if GlobalPermission.objects.filter(access_project=True) \
+                    .filter(
+                        # directly
+                        Q(grantee_type=PermModel.GRANTEE_USER,
+                            grantee_id=request.user.id)
+                        # through a group
+                        | Q(grantee_type=PermModel.GRANTEE_GROUP,
+                            grantee_id__in=groups)
+                        # through a team
+                        | Q(grantee_type=PermModel.GRANTEE_TEAM,
+                            grantee_id__in=teams)
+                    ).exists():
+                projects = Project.objects.all()
+            # searching project reachable throught project permission
            else:
+                # public project
                query = Q(access=Project.ACCESS_PUBLIC)
-            if request.user.is_authenticated():
+                # project reserved to logged users
                query |= Q(access=Project.ACCESS_REGISTERED)
                # access granted through a team
-                teams = request.user.teams.values_list('id')
                query |= Q(permissions__grantee_type=PermModel.GRANTEE_TEAM,
                        permissions__grantee_id__in=teams)
                # access granted through a group
-                groups = request.user.groups.values_list('id')
                query |= Q(permissions__grantee_type=PermModel.GRANTEE_GROUP,
                        permissions__grantee_id__in=groups)
                # access granted by specific permission
                query |= Q(permissions__grantee_type=PermModel.GRANTEE_USER,
                        permissions__grantee_id=request.user.id)
                projects = Project.objects.filter(query).distinct()
+        else:
+            # only public projects
+            projects = Project.objects.filter(access=Project.ACCESS_PUBLIC)
        request.projects = projects

        # project