a user with admin TenantRootPrivilege can see all other privileges in his TenantRoot

commit: 5116b303ee780663a9b27c14c86460191c03f1dc [log] [tgz]
author: Scott Baker <smbaker@gmail.com> Fri Jul 24 15:48:03 2015 -0700
committer: Scott Baker <smbaker@gmail.com> Fri Jul 24 15:48:03 2015 -0700
tree: a19f1f069cb2b66bdb9ec927686ffe7d33ec6660
parent: 16573d3647f32d318119d5072be2a490ef87d49c [diff]
diff --git a/xos/core/models/service.py b/xos/core/models/service.py
index 54160aa..2b0d952 100644
--- a/xos/core/models/service.py
+++ b/xos/core/models/service.py

@@ -363,7 +363,7 @@
     KIND = "Provider"
 
 class TenantRootRole(PlCoreBase):
-    ROLE_CHOICES = (('admin','Admin'),)
+    ROLE_CHOICES = (('admin','Admin'), ('access','Access'))
 
     role = StrippedCharField(choices=ROLE_CHOICES, unique=True, max_length=30)
 
@@ -390,8 +390,15 @@
     @classmethod
     def select_by_user(cls, user):
         if user.is_admin:
-            qs = cls.objects.all()
+            return cls.objects.all()
         else:
-            qs = cls.objects.filter(user=user)
-        return qs
+            # User can see his own privilege
+            trp_ids = [trp.id for trp in cls.objects.filter(user=user)]
+
+            # A slice admin can see the SlicePrivileges for his Slice
+            for priv in cls.objects.filter(user=user, role__role="admin"):
+                trp_ids.extend( [trp.id for trp in cls.objects.filter(tenant_root=priv.tenant_root)] )
+
+            return cls.objects.filter(id__in=trp_ids)
+
commit	5116b303ee780663a9b27c14c86460191c03f1dc	[log] [tgz]
author	Scott Baker <smbaker@gmail.com>	Fri Jul 24 15:48:03 2015 -0700
committer	Scott Baker <smbaker@gmail.com>	Fri Jul 24 15:48:03 2015 -0700
tree	a19f1f069cb2b66bdb9ec927686ffe7d33ec6660
parent	16573d3647f32d318119d5072be2a490ef87d49c [diff]