From bd6079ae4c7c0cb50e8a3c2d15cbe27375cd552a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 8 Jun 2016 11:21:31 +0200
Subject: [PATCH] Use central definition of default admin group permissions

---
 pillar/application/modules/projects.py | 5 ++++-
 pillar/manage.py                       | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/pillar/application/modules/projects.py b/pillar/application/modules/projects.py
index 717bc7d9..9d01ed2e 100644
--- a/pillar/application/modules/projects.py
+++ b/pillar/application/modules/projects.py
@@ -20,6 +20,9 @@ from manage_extra.node_types.group_texture import node_type_group_texture
 log = logging.getLogger(__name__)
 blueprint = Blueprint('projects', __name__)
 
+# Default project permissions for the admin group.
+DEFAULT_ADMIN_GROUP_PERMISSIONS = ['GET', 'PUT', 'POST', 'DELETE']
+
 
 def before_inserting_projects(items):
     """Strip unwanted properties, that will be assigned after creation. Also,
@@ -148,7 +151,7 @@ def after_inserting_project(project, db_user):
         'users': [],
         'groups': [
             {'group': admin_group_id,
-             'methods': ['GET', 'PUT', 'POST', 'DELETE']},
+             'methods': DEFAULT_ADMIN_GROUP_PERMISSIONS[:]},
         ]
     }
 
diff --git a/pillar/manage.py b/pillar/manage.py
index a4fb353e..20f43928 100755
--- a/pillar/manage.py
+++ b/pillar/manage.py
@@ -150,6 +150,8 @@ def _default_permissions():
     :rtype: dict
     """
 
+    from application.modules.projects import DEFAULT_ADMIN_GROUP_PERMISSIONS
+
     groups_collection = app.data.driver.db['groups']
     admin_group = groups_collection.find_one({'name': 'admin'})
 
@@ -158,7 +160,7 @@ def _default_permissions():
         'users': [],
         'groups': [
             {'group': admin_group['_id'],
-             'methods': ['GET', 'PUT', 'POST']},
+             'methods': DEFAULT_ADMIN_GROUP_PERMISSIONS[:]},
         ]
     }