def get_specification_privacy_filter(user): # Circular imports. from lp.registry.model.accesspolicy import AccessPolicyGrant public_spec_filter = ( Specification.information_type.is_in(PUBLIC_INFORMATION_TYPES)) if user is None: return [public_spec_filter] elif IPersonRoles.providedBy(user): user = user.person artifact_grant_query = Coalesce( ArrayIntersects( SQL('Specification.access_grants'), Select( ArrayAgg(TeamParticipation.teamID), tables=TeamParticipation, where=(TeamParticipation.person == user) )), False) policy_grant_query = Coalesce( ArrayIntersects( Array(SQL('Specification.access_policy')), Select( ArrayAgg(AccessPolicyGrant.policy_id), tables=(AccessPolicyGrant, Join(TeamParticipation, TeamParticipation.teamID == AccessPolicyGrant.grantee_id)), where=(TeamParticipation.person == user) )), False) return [Or(public_spec_filter, artifact_grant_query, policy_grant_query)]
def canBeUnsubscribedByUser(self, user): """See `ISpecificationSubscription`.""" if user is None: return False if not IPersonRoles.providedBy(user): user = IPersonRoles(user) if ( user.inTeam(self.specification.owner) or user.inTeam(self.person) or user.in_admin): return True # XXX Abel Deuring 2012-11-21, bug=1081677 # People who subscribed users should be able to unsubscribe # them again, similar to branch subscriptions. This is # essential if somebody was erroneuosly subscribed to a # proprietary or embargoed specification. Unfortunately, # SpecificationSubscription does not record who subscribed # somebody else, but if the specification is private, we can # check who issued the artifact grant. artifacts = getUtility(IAccessArtifactSource).find( [self.specification]) wanted = [(artifact, self.person) for artifact in artifacts] if len(wanted) == 0: return False for grant in getUtility(IAccessArtifactGrantSource).find(wanted): if user.inTeam(grant.grantor): return True return False
def canBeUnsubscribedByUser(self, user): """See `ISpecificationSubscription`.""" if user is None: return False if not IPersonRoles.providedBy(user): user = IPersonRoles(user) if (user.inTeam(self.specification.owner) or user.inTeam(self.person) or user.in_admin): return True # XXX Abel Deuring 2012-11-21, bug=1081677 # People who subscribed users should be able to unsubscribe # them again, similar to branch subscriptions. This is # essential if somebody was erroneuosly subscribed to a # proprietary or embargoed specification. Unfortunately, # SpecificationSubscription does not record who subscribed # somebody else, but if the specification is private, we can # check who issued the artifact grant. artifacts = getUtility(IAccessArtifactSource).find( [self.specification]) wanted = [(artifact, self.person) for artifact in artifacts] if len(wanted) == 0: return False for grant in getUtility(IAccessArtifactGrantSource).find(wanted): if user.inTeam(grant.grantor): return True return False
def get_specification_privacy_filter(user): # Circular imports. from lp.registry.model.accesspolicy import AccessPolicyGrant public_spec_filter = ( Specification.information_type.is_in(PUBLIC_INFORMATION_TYPES)) if user is None: return [public_spec_filter] elif IPersonRoles.providedBy(user): user = user.person artifact_grant_query = Coalesce( ArrayIntersects( SQL('Specification.access_grants'), Select(ArrayAgg(TeamParticipation.teamID), tables=TeamParticipation, where=(TeamParticipation.person == user))), False) policy_grant_query = Coalesce( ArrayIntersects( Array(SQL('Specification.access_policy')), Select(ArrayAgg(AccessPolicyGrant.policy_id), tables=(AccessPolicyGrant, Join( TeamParticipation, TeamParticipation.teamID == AccessPolicyGrant.grantee_id)), where=(TeamParticipation.person == user))), False) return [Or(public_spec_filter, artifact_grant_query, policy_grant_query)]