Work on Snipt authorization.

2015-10-18 10:35:44 -04:00 · 2015-10-18 10:35:44 -04:00 · 9c96783c84
parent aefd10b092
commit 9c96783c84
3 changed files with 13 additions and 1 deletions
--- a/snipts/models.py
+++ b/snipts/models.py
@ -298,6 +298,11 @@ class Snipt(models.Model):
        else:
            return get_lexer_by_name(self.lexer).name

+    @property
+    def is_authorized_user(self, user):
+        if self.user == user:
+            return True
+

 class SniptLogEntry(models.Model):
    """An individual log entry for a Snipt changeset."""
--- a/snipts/views.py
+++ b/snipts/views.py
@ -196,7 +196,9 @@ def list_user(request, username_or_custom_slug, tag_slug=None):
    snipts = Snipt.objects

    if user == request.user or \
-            (request.GET.get('api_key') == user.api_key.key):
+            (request.GET.get('api_key') == user.api_key.key) or \
+            (user.team and user.team.user_is_member(request.user)):
+
        public = False

        favorites = Favorite.objects.filter(user=user).values('snipt')
--- a/teams/models.py
+++ b/teams/models.py
@ -58,3 +58,8 @@ class Team(models.Model):
            return 'Unlimited'
        else:
            return plan_map[self.plan]
+
+    def user_is_member(self, user):
+        if self.owner == user or user in self.members:
+            return True
+        return False