diff --git a/pillar/application/modules/blender_cloud/home_project.py b/pillar/application/modules/blender_cloud/home_project.py index 672fce42..61d80916 100644 --- a/pillar/application/modules/blender_cloud/home_project.py +++ b/pillar/application/modules/blender_cloud/home_project.py @@ -133,6 +133,13 @@ def create_home_project(user_id, write_access): # and grant it to certain node types. project['permissions']['groups'][0]['methods'] = home_project_permissions(write_access) + # Everybody should be able to comment on anything in this project. + # This allows people to comment on shared images and see comments. + node_type_comment = assign_permissions( + node_type_comment, + subscriber_methods=[u'GET', u'POST'], + world_methods=[u'GET']) + project['node_types'] = [ node_type_group, node_type_asset, @@ -156,6 +163,38 @@ def create_home_project(user_id, write_access): return project +def assign_permissions(node_type, subscriber_methods, world_methods): + """Assigns permissions to the node type object. + + :param node_type: a node type from manage_extra.node_types. + :type node_type: dict + :param subscriber_methods: allowed HTTP methods for users of role 'subscriber', + 'demo' and 'admin'. + :type subscriber_methods: list + :param subscriber_methods: allowed HTTP methods for world + :type subscriber_methods: list + :returns: a copy of the node type, with embedded permissions + :rtype: dict + """ + + from application.modules import service + + nt_with_perms = copy.deepcopy(node_type) + + perms = nt_with_perms.setdefault('permissions', {}) + perms['groups'] = [ + {'group': service.role_to_group_id['subscriber'], + 'methods': subscriber_methods[:]}, + {'group': service.role_to_group_id['demo'], + 'methods': subscriber_methods[:]}, + {'group': service.role_to_group_id['admin'], + 'methods': subscriber_methods[:]}, + ] + perms['world'] = world_methods[:] + + return nt_with_perms + + @blueprint.route('/home-project') @authorization.require_login() def home_project(): diff --git a/pillar/application/modules/service.py b/pillar/application/modules/service.py index c22b2707..cfe8a992 100644 --- a/pillar/application/modules/service.py +++ b/pillar/application/modules/service.py @@ -17,14 +17,14 @@ signal_user_changed_role = blinker.NamedSignal('badger:user_changed_role') ROLES_WITH_GROUPS = {u'admin', u'demo', u'subscriber'} # Map of role name to group ID, for the above groups. -_role_to_group_id = {} +role_to_group_id = {} @blueprint.before_app_first_request def fetch_role_to_group_id_map(): """Fills the _role_to_group_id mapping upon application startup.""" - global _role_to_group_id + global role_to_group_id groups_coll = current_app.data.driver.db['groups'] @@ -33,9 +33,9 @@ def fetch_role_to_group_id_map(): if group is None: log.warning('Group for role %r not found', role) continue - _role_to_group_id[role] = group['_id'] + role_to_group_id[role] = group['_id'] - log.debug('Group IDs for roles: %s', _role_to_group_id) + log.debug('Group IDs for roles: %s', role_to_group_id) @blueprint.route('/badger', methods=['POST']) @@ -135,7 +135,7 @@ def manage_user_group_membership(db_user, role, action): # Find the group try: - group_id = _role_to_group_id[role] + group_id = role_to_group_id[role] except KeyError: log.warning('Group for role %r cannot be found, unable to %s membership for user %s', role, action, db_user['_id']) diff --git a/tests/test_bcloud_home_project.py b/tests/test_bcloud_home_project.py index d3896544..5b01866d 100644 --- a/tests/test_bcloud_home_project.py +++ b/tests/test_bcloud_home_project.py @@ -337,6 +337,10 @@ class HomeProjectTest(AbstractPillarTest): class HomeProjectUserChangedRoleTest(AbstractPillarTest): + def setUp(self, **kwargs): + AbstractPillarTest.setUp(self, **kwargs) + self.create_standard_groups() + def test_without_home_project(self): from application.modules.blender_cloud import home_project