Next batch of backend permissions for orgs.

data/model.py

@@ -89,20 +89,17 @@ def create_organization(name, email, creating_user):
     new_org.save()
 
     # Create a team for the owners
-    owners_team = create_team('Owners', new_org)
+    owners_team = create_team('Owners', new_org, 'admin')
 
-    # Add the user who created the org to the owners
+    # Add the user who created the org to the owners team
     add_user_to_team(creating_user, owners_team)
 
-    # Give the owners team admin access to the namespace
-    set_team_org_permission(owners_team, new_org, 'admin')
-
     return new_org
   except InvalidUsernameException:
     raise InvalidOrganizationException('Invalid organization name: %s' % name)
 
 
-def create_team(name, org):
+def create_team(name, org, team_role_name):
   if not validate_username(name):
     raise InvalidTeamException('Invalid team name: %s' % name)
 
@@ -110,27 +107,19 @@ def create_team(name, org):
     raise InvalidOrganizationException('User with name %s is not an org.' %
                                        org.username)
 
-  return Team.create(name=name, organization=org)
+  team_role = TeamRole.get(TeamRole.name == team_role_name)
+  return Team.create(name=name, organization=org, role=team_role)
 
 
 def add_user_to_team(user, team):
   return TeamMember.create(user=user, team=team)
 
 
-def set_team_org_permission(team, org, role_name):
-  new_role = Role.get(Role.name == role_name)
-
-  # Fetch any existing permission for this user on the repo
-  try:
-    perm = TeamPermission.get(TeamPermission.team == team,
-                              TeamPermission.organization == org)
-    perm.role = new_role
-    perm.save()
-    return perm
-  except TeamPermission.DoesNotExist:
-    new_perm = TeamPermission.create(team=team, organization=org,
-                                     role=new_role)
-    return new_perm
+def set_team_org_permission(team, org, team_role_name):
+  new_role = TeamRole.get(TeamRole.name == tean_role_name)
+  team.role = new_role
+  team.save()
+  return team
 
 
 def create_federated_user(username, email, service_name, service_id):
@@ -327,10 +316,31 @@ def update_email(user, new_email):
 
 
 def get_all_user_permissions(user):
-  select = User.select(User, Repository, RepositoryPermission, Role)
-  with_repo = select.join(RepositoryPermission).join(Repository)
-  with_role = with_repo.switch(RepositoryPermission).join(Role)
-  return with_role.where(User.username == user.username)
+  select = RepositoryPermission.select(RepositoryPermission, Role, Repository)
+  with_role = select.join(Role)
+  with_repo = with_role.switch(RepositoryPermission).join(Repository)
+  through_user = with_repo.switch(RepositoryPermission).join(User,
+                                                             JOIN_LEFT_OUTER)
+  as_perm = through_user.switch(RepositoryPermission)
+  through_team = as_perm.join(Team, JOIN_LEFT_OUTER).join(TeamMember,
+                                                          JOIN_LEFT_OUTER)
+
+  UserThroughTeam = User.alias()
+  with_team_member = through_team.join(UserThroughTeam, JOIN_LEFT_OUTER,
+                                       on=(UserThroughTeam.id ==
+                                           TeamMember.user))
+
+  return with_team_member.where((User.id == user) | 
+                                (UserThroughTeam.id == user))
+
+
+def get_org_wide_permissions(user):
+  Org = User.alias()
+  team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole)
+  with_org = team_with_role.switch(Team).join(Org, on=(Team.organization ==
+                                                       Org.id))
+  with_user = with_org.switch(Team).join(TeamMember).join(User)
+  return with_user.where(User.id == user, Org.organization == True)
 
 
 def get_all_repo_teams(namespace_name, repository_name):