commit 16573d3647f32d318119d5072be2a490ef87d49c
author Scott Baker <smbaker@gmail.com> Fri Jul 24 15:36:02 2015 -0700
committer Scott Baker <smbaker@gmail.com> Fri Jul 24 15:36:02 2015 -0700
tree 1a3c3cbdea3705ae0cc4c4be0dce804073c9970f
parent 7463951791b393b88cbafb8f37dbe548f2e71187

add get_service_objects_by_user and get_tenant_objects_by_user, make cord admins check users privileges

xos/core/models/service.py

diff --git a/xos/core/models/service.py b/xos/core/models/service.py
index 2067a39..54160aa 100644
--- a/xos/core/models/service.py
+++ b/xos/core/models/service.py
@@ -64,6 +64,18 @@
     def get_service_objects(cls):
         return cls.objects.filter(kind = cls.KIND)
 
+    @classmethod
+    def get_service_objects_by_user(cls, user):
+        return cls.select_by_user(user).filter(kind = cls.KIND)
+
+    @classmethod
+    def select_by_user(cls, user):
+        if user.is_admin:
+            return cls.objects.all()
+        else:
+            service_ids = [sp.slice.id for sp in ServicePrivilege.objects.filter(user=user)]
+            return cls.objects.filter(id__in=service_ids)
+
     def __unicode__(self): return u'%s' % (self.name)
 
     def can_update(self, user):
@@ -178,12 +190,12 @@
             raise PermissionDenied, "Cannot modify permission(s) of a disabled service"
         super(ServicePrivilege, self).delete(*args, **kwds)
 
-    @staticmethod
-    def select_by_user(user):
+    @classmethod
+    def select_by_user(cls, user):
         if user.is_admin:
-            qs = ServicePrivilege.objects.all()
+            qs = cls.objects.all()
         else:
-            qs = SitePrivilege.objects.filter(user=user)
+            qs = cls.objects.filter(user=user)
         return qs
 
 class TenantRoot(PlCoreBase, AttributeMixin):
@@ -226,6 +238,18 @@
     def get_tenant_objects(cls):
         return cls.objects.filter(kind = cls.KIND)
 
+    @classmethod
+    def get_tenant_objects_by_user(cls, user):
+        return cls.select_by_user(user).filter(kind = cls.KIND)
+
+    @classmethod
+    def select_by_user(cls, user):
+        if user.is_admin:
+            return cls.objects.all()
+        else:
+            tr_ids = [trp.tenant_root.id for trp in TenantRootPrivilege.objects.filter(user=user)]
+            return cls.objects.filter(id__in=tr_ids)
+
 class Tenant(PlCoreBase, AttributeMixin):
     """ A tenant is a relationship between two entities, a subscriber and a
         provider. This object represents an edge.
@@ -272,6 +296,10 @@
         return cls.objects.filter(kind = cls.KIND)
 
     @classmethod
+    def get_tenant_objects_by_user(cls, user):
+        return cls.select_by_user(user).filter(kind = cls.KIND)
+
+    @classmethod
     def get_deleted_tenant_objects(cls):
         return cls.deleted_objects.filter(kind = cls.KIND)
 
@@ -359,11 +387,11 @@
     def can_update(self, user):
         return user.can_update_tenant_root_privilege(self)
 
-    @staticmethod
-    def select_by_user(user):
+    @classmethod
+    def select_by_user(cls, user):
         if user.is_admin:
-            qs = TenantRootPrivilege.objects.all()
+            qs = cls.objects.all()
         else:
-            qs = TenantRootPrivilege.objects.filter(user=user)
+            qs = cls.objects.filter(user=user)
         return qs