Make Group ACL work per project as well

We need this for project level operations like repository maintenance. Issue #1004 Signed-off-by: Michal Čihař <michal@cihar.com>

Make Group ACL work per project as well
We need this for project level operations like repository maintenance. Issue #1004 Signed-off-by: Michal Čihař <michal@cihar.com>
00df0e3b · Michal Čihař · 0cee8550 · 00df0e3b · 00df0e3b
Commit 00df0e3b authored Mar 08, 2016 by Michal Čihař
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 6 deletions

weblate/trans/permissions.py weblate/trans/permissions.py +10 -5

weblate/trans/tests/test_permissions.py weblate/trans/tests/test_permissions.py +16 -1

No files found.
--- a/weblate/trans/permissions.py
+++ b/weblate/trans/permissions.py
@@ -42,15 +42,19 @@ def check_owner(user, project, permission):
    ).exists()


-def has_group_perm(user, permission, translation):
+def has_group_perm(user, permission, translation=None, project=None):
    """
    Checks whether GroupACL rules allow user to have
    given permission.
    """
-    acls = list(GroupACL.objects.filter(
-        Q(language=translation.language) |
-        Q(project=translation.subproject.project) |
-        Q(subproject=translation.subproject)))
+    if project is None:
+        acls = list(GroupACL.objects.filter(
+            Q(language=translation.language) |
+            Q(project=translation.subproject.project) |
+            Q(subproject=translation.subproject)
+        ))
+    else:
+        acls = list(GroupACL.objects.filter(project=project))

    if not acls:
        return user.has_perm(permission)
@@ -78,6 +82,7 @@ def check_permission(user, project, permission):
    Generic check for permission with owner fallback.
    """
    return (
+        has_group_perm(user, permission, project=project) or
        check_owner(user, project, permission) or
        user.has_perm(permission)
    )

--- a/weblate/trans/tests/test_permissions.py
+++ b/weblate/trans/tests/test_permissions.py
@@ -28,7 +28,8 @@ from weblate.trans.models import (
    GroupACL, Project, Translation
 )
 from weblate.trans.permissions import (
-    check_owner, check_permission, can_delete_comment, can_edit
+    check_owner, check_permission, can_delete_comment, can_edit,
+    can_author_translation,
 )
 from weblate.trans.tests.test_models import ModelTestCase

@@ -164,3 +165,17 @@ class GroupACLTest(ModelTestCase):
        acl.subproject = self.subproject
        acl.clean()
        self.assertIsNone(acl.project)
+
+    def test_acl_project(self):
+        acl = GroupACL.objects.create(project=self.project)
+        acl.groups.add(self.group)
+        permission = Permission.objects.get(
+            codename='author_translation', content_type__app_label='trans'
+        )
+        self.group.permissions.add(permission)
+        self.assertFalse(
+            can_author_translation(self.user, self.project)
+        )
+        self.assertTrue(
+            can_author_translation(self.privileged, self.project)
+        )