def update_project(principal: User, project: Project):
"""Projects can be updated:
- Within team projects, by the members of the team owning the project
- Within personal projects, by their owner
"""
return (principal.is_member_of(project.owner) if isinstance(
project.owner, Team) else principal == project.owner)
def update_fileset(principal: User, fileset: Fileset):
"""Filesets can be updated:
- Within team projects, by the members of the team owning the project
- Within personal projects, by their owner
"""
return (principal.is_member_of(fileset.owner) if isinstance(
fileset.owner, Team) else principal == fileset.owner)
def delete_analysis(principal: User, analysis: Analysis):
"""Filesets can be deleted:
- Within team projects, by the members of the team owning the project
- Within personal projects, by their owner
"""
return (principal.is_member_of(analysis.owner) if isinstance(
analysis.owner, Team) else principal == analysis.owner)
def create_project_permission(
principal: User,
project_user_and_team: typing.Optional[typing.Tuple[
Project, typing.Optional[User], typing.Optional[Team]]] = None,
):
"""Project permissions can be created:
- Within team projects, by the admins of the team owning the project
- Within personal projects, by their owner
- For projects that haven't any permission yet, by the author
"""
project, user, team = project_user_and_team
if (user is None) == (team is None):
raise ValueError("Please provider either a user or a team - not both")
owns_project = (principal.is_admin_of(project.owner) if isinstance(
project.owner, Team) else principal == project.owner)
is_or_belong_to_new_grantee = (principal.is_member_of(team)
if team is not None else principal == user)
return (owns_project and is_or_belong_to_new_grantee) or (
project.projectpermission_set.count() == 0
and principal == project.author)
