diff --git a/pandora/annotaion/models.py b/pandora/annotaion/models.py index e7501dc..3754473 100644 --- a/pandora/annotaion/models.py +++ b/pandora/annotaion/models.py @@ -65,9 +65,9 @@ class Annotation(models.Model): def editable(self, user): if user.is_authenticated(): - if self.user == user or user.has_perm('0x.admin'): - return True - if user.groups.filter(id__in=self.groups.all()).count() > 0: + if user.is_staff or \ + self.user == user or \ + user.groups.filter(id__in=self.groups.all()).count() > 0: return True return False diff --git a/pandora/archive/models.py b/pandora/archive/models.py index c31d6fa..7393f07 100644 --- a/pandora/archive/models.py +++ b/pandora/archive/models.py @@ -117,12 +117,6 @@ class File(models.Model): super(File, self).save(*args, **kwargs) - def json(self): - r = {} - for k in self: - r[k] = unicode(self[k]) - return r - #upload and data handling video = models.FileField(null=True, blank=True, upload_to=lambda f, x: f.path('%s.webm'%settings.VIDEO_PROFILE)) data = models.FileField(null=True, blank=True, upload_to=lambda f, x: f.path('data.bin')) @@ -227,7 +221,8 @@ class File(models.Model): 'audio_codec': self.audio_codec, 'name': self.name, 'size': self.size, - 'info': self.info + 'info': self.info, + 'instances': self.instances.count() } if keys: for k in data.keys(): @@ -235,6 +230,7 @@ class File(models.Model): del data[k] return data + class Volume(models.Model): class Meta: diff --git a/pandora/item/managers.py b/pandora/item/managers.py index b8d36bb..d1a66ee 100644 --- a/pandora/item/managers.py +++ b/pandora/item/managers.py @@ -240,9 +240,12 @@ class ItemManager(Manager): conditions = parseConditions(data['query'].get('conditions', []), data['query'].get('operator', '&')) qs = qs.filter(conditions) - - #FIXME: lists are part of query now - # filter list, works for own or public lists - l = data.get('list', 'all') - qs = self.filter_list(qs, l, user) + + #anonymous can only see public items + if user.is_anonymous(): + qs = qs.filter(public=True) + #users can see public items, there own items and items of there groups + elif not user.is_staff: + qs = qs.filter(Q(public=True)|Q(user=user)|Q(groups__in=user.groups.all())) + #admins can see all available items return qs diff --git a/pandora/item/models.py b/pandora/item/models.py index 5a9ed51..158610f 100644 --- a/pandora/item/models.py +++ b/pandora/item/models.py @@ -12,6 +12,7 @@ from django.db import models from django.core.files.base import ContentFile from django.utils import simplejson as json from django.conf import settings +from django.contrib.auth.models import User, Group import ox from ox.django import fields @@ -89,9 +90,14 @@ class Item(models.Model): modified = models.DateTimeField(auto_now=True) published = models.DateTimeField(default=datetime.now, editable=False) + user = models.ForeignKey(User, related_name='items') + groups = models.ManyToManyField(Group, related_name='items') + #only items that have data from files are available, #this is indicated by setting available to True available = models.BooleanField(default=False, db_index=True) + public = models.BooleanField(default=False, db_index=True) + itemId = models.CharField(max_length=128, unique=True, blank=True) oxdbId = models.CharField(max_length=42, unique=True, blank=True) external_data = fields.DictField(default={}, editable=False) @@ -118,15 +124,27 @@ class Item(models.Model): return default def editable(self, user): - #FIXME: make permissions work + if user.is_staff or \ + self.user == user or \ + self.groups.filter(id__in=user.groups.all()).count() > 0: + return True return False def edit(self, data): #FIXME: how to map the keys to the right place to write them to? + if 'id' in data: + #FIXME: check if id is valid and exists and move/merge items accordingly + del data['id'] + if 'id' in data: + groups = data.pop('groups') + self.groups.exclude(name__in=groups).delete() + for g in groups: + group, created = Group.objects.get_or_create(name=g) + self.groups.add(group) for key in data: if key != 'id': setattr(self.data, key, data[key]) - self.oxdb.save() + self.data.save() self.save() def reviews(self): diff --git a/pandora/item/views.py b/pandora/item/views.py index 710a25e..2560f07 100644 --- a/pandora/item/views.py +++ b/pandora/item/views.py @@ -62,7 +62,7 @@ def _parse_query(data, user): query = {} query['range'] = [0, 100] query['sort'] = [{'key':'title', 'operator':'+'}] - for key in ('sort', 'keys', 'group', 'list', 'range', 'ids'): + for key in ('sort', 'keys', 'group', 'range', 'ids'): if key in data: query[key] = data[key] query['qs'] = models.Item.objects.find(data, user) diff --git a/pandora/user/models.py b/pandora/user/models.py index 26ddba7..db48c74 100644 --- a/pandora/user/models.py +++ b/pandora/user/models.py @@ -89,11 +89,8 @@ def get_user_json(user): result = {} for key in ('username', ): result[key] = getattr(user, key) - result['group'] = 'user' - if user.is_staff: - result['group'] = 'admin' - elif user.has_perm('0x.vip'): #FIXME: permissions - result['group'] = 'vip' + result['admin'] = user.is_staff + result['groups'] = [g.name for g in user.groups.all()] result['preferences'] = profile.get_preferences() result['ui'] = profile.get_ui() return result