From 9c96783c84716383a03fae52bc1d53fab3d09cef Mon Sep 17 00:00:00 2001
From: Nick Sergeant <nick@nicksergeant.com>
Date: Sun, 18 Oct 2015 10:35:44 -0400
Subject: [PATCH] Work on Snipt authorization.

---
 snipts/models.py | 5 +++++
 snipts/views.py  | 4 +++-
 teams/models.py  | 5 +++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/snipts/models.py b/snipts/models.py
index efd4b9c..f7ef962 100644
--- a/snipts/models.py
+++ b/snipts/models.py
@@ -298,6 +298,11 @@ class Snipt(models.Model):
         else:
             return get_lexer_by_name(self.lexer).name
 
+    @property
+    def is_authorized_user(self, user):
+        if self.user == user:
+            return True
+
 
 class SniptLogEntry(models.Model):
     """An individual log entry for a Snipt changeset."""
diff --git a/snipts/views.py b/snipts/views.py
index 4dbbcbe..7baf7cf 100644
--- a/snipts/views.py
+++ b/snipts/views.py
@@ -196,7 +196,9 @@ def list_user(request, username_or_custom_slug, tag_slug=None):
     snipts = Snipt.objects
 
     if user == request.user or \
-            (request.GET.get('api_key') == user.api_key.key):
+            (request.GET.get('api_key') == user.api_key.key) or \
+            (user.team and user.team.user_is_member(request.user)):
+
         public = False
 
         favorites = Favorite.objects.filter(user=user).values('snipt')
diff --git a/teams/models.py b/teams/models.py
index 84d336a..cf01594 100644
--- a/teams/models.py
+++ b/teams/models.py
@@ -58,3 +58,8 @@ class Team(models.Model):
             return 'Unlimited'
         else:
             return plan_map[self.plan]
+
+    def user_is_member(self, user):
+        if self.owner == user or user in self.members:
+            return True
+        return False