-class SliceMembership(PlCoreBase):
- user = models.ForeignKey('User', related_name='slice_memberships')
- slice = models.ForeignKey('Slice', related_name='slice_memberships')
- role = models.ForeignKey('Role')
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ # slice admins can update
+ slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
+ for slice_priv in slice_privs:
+ if slice_priv.role.role == 'admin':
+ return True
+ # site pis can update
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ return True
+
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = Slice.objects.all()
+ else:
+ # users can see slices they belong to
+ slice_ids = [sp.slice.id for sp in SlicePrivilege.objects.filter(user=user)]
+ # pis can see slices at their sites
+ sites = [sp.site for sp in SitePrivilege.objects.filter(user=user)\
+ if sp.role.role == 'pi']
+ slice_ids.extend([s.id for s in Slice.objects.filter(site__in=sites)])
+ qs = Slice.objects.filter(id__in=slice_ids)
+ return qs
+
+class SliceRole(PlCoreBase):
+ ROLE_CHOICES = (('admin','Admin'),('default','Default'))
+
+ role = models.CharField(choices=ROLE_CHOICES, unique=True, max_length=30)
+
+ def __unicode__(self): return u'%s' % (self.role)
+
+class SlicePrivilege(PlCoreBase):
+ user = models.ForeignKey('User', related_name='slice_privileges')
+ slice = models.ForeignKey('Slice', related_name='slice_privileges')
+ role = models.ForeignKey('SliceRole')