Granting/Updating Permission for Packages (#2)

Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#2

epdb/logic.py

@@ -35,6 +35,11 @@ class UserManager(object):
     def get_user(user_url):
         pass
 
+    @staticmethod
+    def get_user_lp(user_url: str):
+        uuid = user_url.strip().split('/')[-1]
+        return get_user_model().objects.get(uuid=uuid)
+
     @staticmethod
     def get_users():
         return []
@@ -52,6 +57,11 @@ class GroupManager(object):
 
         return g
 
+    @staticmethod
+    def get_group_lp(group_url: str):
+        uuid = group_url.strip().split('/')[-1]
+        return Group.objects.get(uuid=uuid)
+
     @staticmethod
     def get_group_by_url(user, group_url):
         return GroupManager.get_group_by_id(user, group_url.split('/')[-1])
@@ -80,7 +90,7 @@ class PackageManager(object):
     def readable(user, package):
         # TODO Owner!
         if UserPackagePermission.objects.filter(package=package, user=user).exists() or \
-                GroupPackagePermission.objects.filter(package=package, group__in=user.groups.all()) or \
+                GroupPackagePermission.objects.filter(package=package, group__in=GroupManager.get_groups(user)) or \
                 package.reviewed is True or \
                 user.is_superuser:
             return True
@@ -91,7 +101,7 @@ class PackageManager(object):
     def writable(user, package):
         # TODO Owner!
         if UserPackagePermission.objects.filter(package=package, user=user, permission=Permission.WRITE).exists() or \
-                GroupPackagePermission.objects.filter(package=package, group__in=user.groups.all(),
+                GroupPackagePermission.objects.filter(package=package, group__in=GroupManager.get_groups(user),
                                                       permission=Permission.WRITE) or \
                 user.is_superuser:
             return True
@@ -125,8 +135,12 @@ class PackageManager(object):
         if user.is_superuser:
             qs = Package.objects.all()
         else:
-            up = UserPackagePermission.objects.filter(user=user).values('package').distinct()
-            qs = Package.objects.filter(id__in=up)
+            user_package_qs = Package.objects.filter(
+                id__in=UserPackagePermission.objects.filter(user=user).values('package').distinct())
+            group_package_qs = Package.objects.filter(
+                id__in=GroupPackagePermission.objects.filter(group__in=GroupManager.get_groups(user)).values(
+                    'package').distinct())
+            qs = user_package_qs | group_package_qs
 
         if include_reviewed:
             qs |= Package.objects.filter(reviewed=True)
@@ -142,9 +156,19 @@ class PackageManager(object):
         if user.is_superuser:
             qs = Package.objects.all()
         else:
-            up = UserPackagePermission.objects.filter(user=user, permission=Permission.WRITE).values(
-                'package').distinct()
-            qs = Package.objects.filter(id__in=up)
+            write_user_packs = UserPackagePermission.objects.filter(user=user, permission=Permission.WRITE[0]).values('package').distinct()
+            owner_user_packs = UserPackagePermission.objects.filter(user=user, permission=Permission.ALL[0]).values('package').distinct()
+
+            user_packs = write_user_packs | owner_user_packs
+            user_package_qs = Package.objects.filter(id__in=user_packs)
+
+            write_group_packs = GroupPackagePermission.objects.filter(group__in=GroupManager.get_groups(user), permission=Permission.WRITE[0]).values( 'package').distinct()
+            owner_group_packs = GroupPackagePermission.objects.filter(group__in=GroupManager.get_groups(user), permission=Permission.ALL[0]).values( 'package').distinct()
+
+            group_packs = write_group_packs | owner_group_packs
+            group_package_qs = Package.objects.filter(id__in=group_packs)
+
+            qs = user_package_qs | group_package_qs
 
         qs = qs.filter(reviewed=False)
 
@@ -170,6 +194,34 @@ class PackageManager(object):
 
         return p
 
+    @staticmethod
+    @transaction.atomic
+    def update_permissions(caller: User, package: Package, grantee: Union[User, Group], new_perm: Optional[str]):
+        if not PackageManager.writable(caller, package):
+            raise ValueError(f"User {caller} is not allowed to modify permissions on {package}")
+
+        data = {
+            'package': package,
+        }
+
+        if isinstance(grantee, User):
+            perm_cls = UserPackagePermission
+            data['user'] = grantee
+        else:
+            perm_cls = GroupPackagePermission
+            data['group'] = grantee
+
+        if new_perm is None:
+            qs = perm_cls.objects.filter(**data)
+            if qs.count() > 1:
+                raise ValueError("Got more Permission objects than expected!")
+            if qs.count() != 0:
+                logger.info(f"Deleting Perm {qs.first()}")
+                qs.delete()
+            else:
+                logger.debug(f"No Permission object for {perm_cls} with filter {data} found!")
+        else:
+            _ = perm_cls.objects.update_or_create(defaults={'permission': new_perm}, **data)
 
 class SettingManager(object):
     setting_pattern = re.compile(r".*/setting/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$")