Home project: allow commenting on nodes.

This is only set up correctly for new home projects. Existing home projects
should be migrated using a yet-to-be-written script.

pillar/application/modules/blender_cloud/home_project.py

@@ -133,6 +133,13 @@ def create_home_project(user_id, write_access):
     # and grant it to certain node types.
     project['permissions']['groups'][0]['methods'] = home_project_permissions(write_access)
 
+    # Everybody should be able to comment on anything in this project.
+    # This allows people to comment on shared images and see comments.
+    node_type_comment = assign_permissions(
+        node_type_comment,
+        subscriber_methods=[u'GET', u'POST'],
+        world_methods=[u'GET'])
+
     project['node_types'] = [
         node_type_group,
         node_type_asset,
@@ -156,6 +163,38 @@ def create_home_project(user_id, write_access):
     return project
 
 
+def assign_permissions(node_type, subscriber_methods, world_methods):
+    """Assigns permissions to the node type object.
+
+    :param node_type: a node type from manage_extra.node_types.
+    :type node_type: dict
+    :param subscriber_methods: allowed HTTP methods for users of role 'subscriber',
+        'demo' and 'admin'.
+    :type subscriber_methods: list
+    :param subscriber_methods: allowed HTTP methods for world
+    :type subscriber_methods: list
+    :returns: a copy of the node type, with embedded permissions
+    :rtype: dict
+    """
+
+    from application.modules import service
+
+    nt_with_perms = copy.deepcopy(node_type)
+
+    perms = nt_with_perms.setdefault('permissions', {})
+    perms['groups'] = [
+        {'group': service.role_to_group_id['subscriber'],
+         'methods': subscriber_methods[:]},
+        {'group': service.role_to_group_id['demo'],
+         'methods': subscriber_methods[:]},
+        {'group': service.role_to_group_id['admin'],
+         'methods': subscriber_methods[:]},
+    ]
+    perms['world'] = world_methods[:]
+
+    return nt_with_perms
+
+
 @blueprint.route('/home-project')
 @authorization.require_login()
 def home_project():

pillar/application/modules/service.py

@@ -17,14 +17,14 @@ signal_user_changed_role = blinker.NamedSignal('badger:user_changed_role')
 ROLES_WITH_GROUPS = {u'admin', u'demo', u'subscriber'}
 
 # Map of role name to group ID, for the above groups.
-_role_to_group_id = {}
+role_to_group_id = {}
 
 
 @blueprint.before_app_first_request
 def fetch_role_to_group_id_map():
     """Fills the _role_to_group_id mapping upon application startup."""
 
-    global _role_to_group_id
+    global role_to_group_id
 
     groups_coll = current_app.data.driver.db['groups']
 
@@ -33,9 +33,9 @@ def fetch_role_to_group_id_map():
         if group is None:
             log.warning('Group for role %r not found', role)
             continue
-        _role_to_group_id[role] = group['_id']
+        role_to_group_id[role] = group['_id']
 
-    log.debug('Group IDs for roles: %s', _role_to_group_id)
+    log.debug('Group IDs for roles: %s', role_to_group_id)
 
 
 @blueprint.route('/badger', methods=['POST'])
@@ -135,7 +135,7 @@ def manage_user_group_membership(db_user, role, action):
 
     # Find the group
     try:
-        group_id = _role_to_group_id[role]
+        group_id = role_to_group_id[role]
     except KeyError:
         log.warning('Group for role %r cannot be found, unable to %s membership for user %s',
                     role, action, db_user['_id'])

tests/test_bcloud_home_project.py

@@ -337,6 +337,10 @@ class HomeProjectTest(AbstractPillarTest):
 
 
 class HomeProjectUserChangedRoleTest(AbstractPillarTest):
+    def setUp(self, **kwargs):
+        AbstractPillarTest.setUp(self, **kwargs)
+        self.create_standard_groups()
+
     def test_without_home_project(self):
         from application.modules.blender_cloud import home_project