Added permission to check confidential status.

Working with Ofir to replace all dependency of default group name (board, member, chairman).

src/acl/core_permissions.py

@@ -190,6 +190,11 @@
         'show_member_profile',
         _('Show Member Profile'),
         ()
+    ),
+    (
+        'view_confidential',
+        _('Can view confidential Issue/Proposal'),
+        ()
     )
 )
 

src/communities/forms.py

@@ -110,7 +110,8 @@ def __init__(self, *args, **kwargs):
             'id', flat=True)
         board_in = []
         board_choices = []
-        for b in self.instance.get_board_members():
+        # for b in self.instance.get_board_members():
+        for b in self.instance.get_community_participant_members():
             board_choices.append((b.id, b.display_name,))
             if b.id in participants:
                 board_in.append(b.id)

src/communities/models.py

@@ -1,4 +1,5 @@
 import logging
+
 from acl.models import Role
 from django.conf import settings
 from django.core.urlresolvers import reverse
@@ -15,7 +16,6 @@
 import issues.models as issues_models
 import meetings.models as meetings_models
 
-
 logger = logging.getLogger(__name__)
 
 
@@ -250,7 +250,7 @@ def available_issues(self, user=None, committee=None):
     def available_issues_by_rank(self):
         return self.issues.filter(active=True,
                                   status=issues_models.IssueStatus.OPEN
-        ).order_by('order_by_votes')
+                                  ).order_by('order_by_votes')
 
     def issues_ready_to_close(self, user=None, committee=None):
         if self.upcoming_issues(user=user, committee=committee):
@@ -271,35 +271,44 @@ def get_members(self):
 
     def meeting_participants(self):
 
-        meeting_participants = {'chairmen': [], 'board': [], 'members': [], }
-
-        board_ids = [m.user.id for m in self.community.memberships.board()]
-
+        l = []
         for u in self.upcoming_meeting_participants.all():
-            if u.id in board_ids:
-                if u.get_default_group(self.community) == DefaultGroups.CHAIRMAN:
-                    meeting_participants['chairmen'].append(u)
-                else:
-                    meeting_participants['board'].append(u)
-            else:
-                meeting_participants['members'].append(u)
-
-        # doing it simply like this, as I'd need to refactor models
-        # just to order in the way that is now required.
-        for index, item in enumerate(meeting_participants['board']):
-            if item.get_default_group(self.community) == DefaultGroups.MEMBER:
-                meeting_participants['board'].insert(0, meeting_participants['board'].pop(index))
-
-        return meeting_participants
+            for ug in u.memberships.all():
+                if 'proposal_board_vote' in ug.get_committee_group_permissions(self):
+                    l.append(u)
+                    break
+        return l
+
+    # def meeting_participants(self):
+    #
+    #     meeting_participants = {'chairmen': [], 'board': [], 'members': [], }
+    #
+    #     board_ids = [m.user.id for m in self.community.memberships.board()]
+    #
+    #     for u in self.upcoming_meeting_participants.all():
+    #         if u.id in board_ids:
+    #             if u.get_default_group(self.community) == DefaultGroups.CHAIRMAN:
+    #                 meeting_participants['chairmen'].append(u)
+    #             else:
+    #                 meeting_participants['board'].append(u)
+    #         else:
+    #             meeting_participants['members'].append(u)
+    #
+    #     # doing it simply like this, as I'd need to refactor models
+    #     # just to order in the way that is now required.
+    #     for index, item in enumerate(meeting_participants['board']):
+    #         if item.get_default_group(self.community) == DefaultGroups.MEMBER:
+    #             meeting_participants['board'].insert(0, meeting_participants['board'].pop(index))
+    #
+    #     return meeting_participants
+    #
 
     def previous_members_participations(self):
-        participations = MeetingParticipant.objects.filter( \
+        participations = MeetingParticipant.objects.filter(
             default_group_name=DefaultGroups.MEMBER,
-            meeting__committee=self) \
-            .order_by('-meeting__held_at')
+            meeting__committee=self).order_by('-meeting__held_at')
 
-        return list(set([p.user for p in participations]) - \
-                    set(self.upcoming_meeting_participants.all()))
+        return list(set([p.user for p in participations]) - set(self.upcoming_meeting_participants.all()))
 
     def previous_guests_participations(self):
         guests_list = Meeting.objects.filter(committee=self) \
@@ -326,6 +335,15 @@ def get_board_members(self):
 
         return board
 
+    # Need to check this function, for now its replacing def get_board_members()
+    def get_community_participant_members(self):
+        board_memberships = Membership.objects.filter(community=self.community)
+        board = []
+        for m in board_memberships:
+            if 'view_meeting' in m.get_committee_group_permissions(self):
+                board.append(m.user)
+        return board
+
     def get_board_count(self):
         return len(self.get_board_members())
 
@@ -520,7 +538,7 @@ def draft_agenda(self, payload):
 
         # payload should be a list of dicts. Each dict has these keys:
         # * issue
-        #   * proposals
+        # * proposals
         #
         # The values are querysets
 

src/issues/views.py

@@ -130,7 +130,7 @@ def get_context_data(self, **kwargs):
             d['all_issues'] = self.get_queryset().exclude(
                 status=IssueStatus.ARCHIVED).order_by('-created_at')
         o = self.get_object()
-        if o.is_current and self.request.user in o.community.upcoming_meeting_participants.all() and has_committee_perm(
+        if o.is_current and self.request.user in o.committee.upcoming_meeting_participants.all() and has_committee_perm(
                 self.request.user, self.committee, 'proposal_board_vote_self'):
             d['can_board_vote_self'] = True
 
@@ -153,7 +153,6 @@ def get_context_data(self, **kwargs):
 
     required_permission_for_post = 'add_issuecomment'
 
-
     def post(self, request, *args, **kwargs):
 
         form = forms.CreateIssueCommentForm(request.POST)
@@ -447,12 +446,12 @@ def board_votes_dict(self):
         pro_count = 0
         con_count = 0
         neut_count = 0
-        board_attending = self.committee.meeting_participants()['board'] + \
-                          self.committee.meeting_participants()['chairmen']
+        # Board vote permission
+        board_attending = self.committee.meeting_participants()
 
         for u in board_attending:
-            vote = ProposalVoteBoard.objects.filter(proposal=self.get_object,
-                                                    user=u)
+            # check u has perm for board vote
+            vote = ProposalVoteBoard.objects.filter(proposal=self.get_object, user=u)
             if vote.exists():
                 votes_dict['per_user'][u] = vote[0]
                 if vote[0].value == 1:

src/ocd/base_managers.py

@@ -2,6 +2,7 @@
 from django.db.models.query import QuerySet
 from haystack.query import SearchQuerySet
 from acl.default_roles import DefaultGroups
+from users.permissions import get_committee_perms
 
 
 class ActiveQuerySetMixin(object):
@@ -40,14 +41,10 @@ def object_access_control(self, user=None, committee=None):
             return self.filter(is_confidential=False)
 
         else:
-            # we have a membership. return according to member's level.
-            # TODO: hook properly into permission system.
-            memberships = user.memberships.filter(community=committee.community)
-            lookup = [m.default_group_name for m in memberships]
-            if DefaultGroups.MEMBER in lookup and len(lookup) == 1:
-                return self.filter(is_confidential=False)
-            else:
+            if 'view_confidential' in get_committee_perms(user, committee):
                 return self.all()
+            else:
+                return self.filter(is_confidential=False)
 
 
 class ConfidentialQuerySet(QuerySet, ConfidentialQuerySetMixin):

src/ocd/base_views.py

@@ -27,48 +27,30 @@ class ProtectedMixin(object):
     required_permission_for_post = None
 
     def dispatch(self, request, *args, **kwargs):
-        # check with Udi
-        community = get_object_or_404(Community, slug=self.kwargs['community_slug'])
-        try:
-            committee = get_object_or_404(Committee, slug=self.kwargs['committee_slug'], community__slug=self.kwargs['community_slug'])
-        except:
-            committee = None
         if not request.user.is_authenticated():
-            if not community.is_public:
+            if not self.community.is_public:
                 return redirect_to_login(request.build_absolute_uri())
 
         if hasattr(self, 'get_required_permission'):
             perm = self.get_required_permission()
         else:
             perm = self.required_permission or "access_community"
 
-        if committee:
-            if not has_committee_perm(request.user, committee, perm):
-                if settings.DEBUG:
-                    return HttpResponseForbidden("403 %s" % perm)
-                return HttpResponseForbidden("403 Unauthorized")  # TODO: raise PermissionDenied
-        else:
-            if not has_community_perm(request.user, community, perm):
-                if settings.DEBUG:
-                    return HttpResponseForbidden("403 %s" % perm)
-                return HttpResponseForbidden("403 Unauthorized")  # TODO: raise PermissionDenied
+        if not has_community_perm(request.user, self.community, perm):
+            if settings.DEBUG:
+                return HttpResponseForbidden("403 %s" % perm)
+            return HttpResponseForbidden("403 Unauthorized")  # TODO: raise PermissionDenied
 
         if request.method == "POST":
             if hasattr(self, 'get_required_permission_for_post'):
                 perm = self.get_required_permission_for_post()
             else:
                 perm = self.required_permission_for_post or "access_community"
 
-            if committee:
-                if not has_committee_perm(request.user, committee, perm):
-                    if settings.DEBUG:
-                        return HttpResponseForbidden("403 POST %s" % perm)
-                    return HttpResponseForbidden("403 Unauthorized")
-            else:
-                if not has_community_perm(request.user, community, perm):
-                    if settings.DEBUG:
-                        return HttpResponseForbidden("403 POST %s" % perm)
-                    return HttpResponseForbidden("403 Unauthorized")
+            if not has_community_perm(request.user, self.community, perm):
+                if settings.DEBUG:
+                    return HttpResponseForbidden("403 POST %s" % perm)
+                return HttpResponseForbidden("403 Unauthorized")
 
         resp = super(ProtectedMixin, self).dispatch(request, *args, **kwargs)
 
@@ -80,16 +62,8 @@ def dispatch(self, request, *args, **kwargs):
         return resp
 
     def get_context_data(self, **kwargs):
-        # check with Udi
-        try:
-            committee = self.committee
-        except:
-            committee = None
         d = super(ProtectedMixin, self).get_context_data(**kwargs)
-        if committee:
-            d['cperms'] = get_committee_perms(self.request.user, committee)
-        else:
-            d['cperms'] = get_community_perms(self.request.user, self.community)
+        d['cperms'] = get_community_perms(self.request.user, self.community)
         return d
 
 
@@ -110,7 +84,7 @@ def get_context_data(self, **kwargs):
         return context
 
 
-class CommitteeMixin(ProtectedMixin):
+class CommitteeMixin(CommunityMixin):
     _committee = None
 
     @property
@@ -122,10 +96,31 @@ def committee(self):
     def get_context_data(self, **kwargs):
         context = super(CommitteeMixin, self).get_context_data(**kwargs)
         context['committee'] = self.committee
-        context['is_member'] = Membership.objects.filter(community=self.committee.community,
-                                                         user=self.request.user).exists() if self.request.user.id else False
+        context['cperms'] = get_committee_perms(self.request.user, self.committee)
         return context
 
+    def dispatch(self, request, *args, **kwargs):
+        if hasattr(self, 'get_required_permission'):
+            perm = self.get_required_permission()
+        else:
+            perm = self.required_permission or "access_committee"
+
+        if not has_committee_perm(request.user, self.committee, perm):
+            if settings.DEBUG:
+                return HttpResponseForbidden("403 %s" % perm)
+            return HttpResponseForbidden("403 Unauthorized")  # TODO: raise PermissionDenied
+
+        if request.method == "POST":
+            if not has_committee_perm(request.user, self.committee, perm):
+                if settings.DEBUG:
+                    return HttpResponseForbidden("403 POST %s" % perm)
+                return HttpResponseForbidden("403 Unauthorized")
+
+        resp = super(CommitteeMixin, self).dispatch(request, *args, **kwargs)
+        return resp
+
+
+
 
 class AjaxFormView(object):
     """ a mixin used for ajax based forms.  see `forms.js`."""

src/users/models.py

@@ -145,15 +145,13 @@ def get_absolute_url(self):
 
     def get_permissions(self, community):
         if self.group_name.title == 'administrator':
-            return ['invite_member']
-        return community.roles.get(title='member').all_perms()
+            return {'invite_member'}
+        return set(community.roles.get(title='member').all_perms())
 
     def get_committee_group_permissions(self, committee):
-        try:
-            committee_perms = self.group_name.group_roles.get(committee=committee).role.all_perms()
-            return committee_perms
-        except:
-            return ''
+        committee_perms = self.get_permissions(committee.community)
+        committee_perms.update(self.group_name.group_roles.get(committee=committee).role.all_perms())
+        return committee_perms
 
     def total_meetings(self):
         """ In the future we'll check since joined to community or rejoined """