refactor object write permissions
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index 10f23c3..b1b4871 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -111,15 +111,7 @@
def __unicode__(self): return u'%s' % (self.name)
def can_update(self, user):
- if user.is_readonly:
- return False
- if user.is_admin:
- return True
- site_privs = SitePrivilege.objects.filter(user=user, site=self)
- for site_priv in site_privs:
- if site_priv.role.role == 'pi':
- return True
- return False
+ return user.can_update_site(self, allow=['pi'])
class SiteRole(PlCoreBase):
@@ -143,7 +135,7 @@
super(SitePrivilege, self).delete(*args, **kwds)
def can_update(self, user):
- return self.site.can_update(user)
+ return user.can_update_site(self, allow=['pi'])
@staticmethod
def select_by_user(user):
@@ -204,16 +196,8 @@
return Deployment.objects.filter(id__in=ids)
def can_update(self, user):
- if user.is_readonly:
- return False
- if user.is_admin:
- return True
-
- if self.deploymentprivileges.filter(user=user, role__role='admin'):
- return True
-
- return False
-
+ return user.can_update_deploymemt(self)
+
def __unicode__(self): return u'%s' % (self.name)
class DeploymentRole(PlCoreBase):
@@ -235,15 +219,7 @@
def __unicode__(self): return u'%s %s %s' % (self.deployment, self.user, self.role)
def can_update(self, user):
- if user.is_readonly:
- return False
- if user.is_admin:
- return True
- dprivs = DeploymentPrivilege.objects.filter(user=user)
- for dpriv in dprivs:
- if dpriv.role.role == 'admin':
- return True
- return False
+ return user.can_update_deploymemt(self)
@staticmethod
def select_by_user(user):
@@ -278,13 +254,6 @@
def __unicode__(self): return u'%s %s %s' % (self.name, self.backend_type, self.version)
- def can_update(self, user):
- if user.is_readonly:
- return False
- if user.is_admin:
- return True
- return False
-
class SiteDeployment(PlCoreBase):
objects = ControllerLinkManager()
deleted_objects = ControllerLinkDeletionManager()