def update_membership(
principal: User,
membership: Membership,
):
"""Only team admins can modify a membership"""
return principal.is_admin_of(membership.team)
def delete_project(principal: User, project: Project):
"""Projects can be deleted:
- Within team projects, by the admins of the team owning the project
- Within personal projects, by their owner
"""
return (principal.is_admin_of(project.owner) if isinstance(
project.owner, Team) else principal == project.owner)
def delete_membership(
principal: User,
membership: Membership,
):
"""Only team admins can remove users from a team, and the admin cannot remove himself from the team"""
return principal.is_admin_of(
membership.team) and principal != membership.user
def delete_project_permission(principal: User, permission: ProjectPermission):
"""Project permissions can be deleted:
- Within team projects, by the admins of the team owning the project (except for own permissions)
- Within personal projects, by their owner (except for own permissions)
"""
return permission.user != principal and (principal.is_admin_of(
permission.owner) if isinstance(permission.owner, Team) else principal
== permission.owner)
def create_membership(
principal: User,
team: Team,
):
"""We allow the creation of a membership in two cases:
1. If the principal is the team admin
2. If the team has no admin yet (for newly created teams)
"""
return principal.is_admin_of(team) or team.membership_set.count() == 0
def create_project_permission(
principal: User,
project_user_and_team: typing.Optional[typing.Tuple[
Project, typing.Optional[User], typing.Optional[Team]]] = None,
):
"""Project permissions can be created:
- Within team projects, by the admins of the team owning the project
- Within personal projects, by their owner
- For projects that haven't any permission yet, by the author
"""
project, user, team = project_user_and_team
if (user is None) == (team is None):
raise ValueError("Please provider either a user or a team - not both")
owns_project = (principal.is_admin_of(project.owner) if isinstance(
project.owner, Team) else principal == project.owner)
is_or_belong_to_new_grantee = (principal.is_member_of(team)
if team is not None else principal == user)
return (owns_project and is_or_belong_to_new_grantee) or (
project.projectpermission_set.count() == 0
and principal == project.author)
def update_team(principal: User, team: Team):
"""Only team admins can update the team"""
return principal.is_admin_of(team)
def delete_team(principal: User, team: Team):
"""Only team admins can delete a team"""
return principal.is_admin_of(team)
