site config, user level, item level

pandora/item/managers.py

@@ -3,9 +3,11 @@
 from datetime import datetime
 
 from django.db.models import Q, Manager
+from django.conf import settings
 
 from itemlist.models import List
 import models
+
 from ox.django.query import QuerySet
 
 def parseCondition(condition):
@@ -43,7 +45,7 @@ def parseCondition(condition):
         else:
             return q
 
-    key_type = models.site_config()['keys'].get(k, {'type':'string'}).get('type')
+    key_type = settings.config['keys'].get(k, {'type':'string'}).get('type')
     if isinstance(key_type, list):
         key_type = key_type[0]
     key_type = {
@@ -245,9 +247,11 @@ class ItemManager(Manager):
         
         #anonymous can only see public items
         if user.is_anonymous():
-            qs = qs.filter(public=True)
+            allowed_level = settings.config['capabilities']['canSeeItem']['guest']
+            qs = qs.filter(level__lte=allowed_level)
         #users can see public items, there own items and items of there groups
-        elif not user.is_staff:
-            qs = qs.filter(Q(public=True)|Q(user=user)|Q(groups__in=user.groups.all()))
+        else:
+            allowed_level = settings.config['capabilities']['canSeeItem'][user.get_profile().get_level()]
+            qs = qs.filter(Q(level__lte=allowed_level)|Q(user=user)|Q(groups__in=user.groups.all()))
         #admins can see all available items
         return qs