baiscs of space edit page

cookbook/helper/permission_helper.py

@@ -9,7 +9,7 @@ from django.utils.translation import gettext as _
 from rest_framework import permissions
 from rest_framework.permissions import SAFE_METHODS
 
-from cookbook.models import ShareLink, Recipe, UserPreference
+from cookbook.models import ShareLink, Recipe, UserPreference, UserSpace
 
 
 def get_allowed_groups(groups_required):
@@ -53,7 +53,6 @@ def is_object_owner(user, obj):
     Tests if a given user is the owner of a given object
     test performed by checking user against the objects user
     and create_by field (if exists)
-    superusers bypass all checks, unauthenticated users cannot own anything
     :param user django auth user object
     :param obj any object that should be tested
     :return: true if user is owner of object, false otherwise
@@ -66,11 +65,25 @@ def is_object_owner(user, obj):
         return False
 
 
+def is_space_owner(user, obj):
+    """
+    Tests if a given user is the owner the space of a given object
+    :param user django auth user object
+    :param obj any object that should be tested
+    :return: true if user is owner of the objects space, false otherwise
+    """
+    if not user.is_authenticated:
+        return False
+    try:
+        return obj.get_space().get_owner() == user
+    except Exception:
+        return False
+
+
 def is_object_shared(user, obj):
     """
     Tests if a given user is shared for a given object
     test performed by checking user against the objects shared table
-    superusers bypass all checks, unauthenticated users cannot own anything
     :param user django auth user object
     :param obj any object that should be tested
     :return: true if user is shared for object, false otherwise
@@ -184,7 +197,7 @@ class CustomIsOwner(permissions.BasePermission):
     verifies user has ownership over object
     (either user or created_by or user is request user)
     """
-    message = _('You cannot interact with this object as it is not owned by you!')  # noqa: E501
+    message = _('You cannot interact with this object as it is not owned by you!')
 
     def has_permission(self, request, view):
         return request.user.is_authenticated
@@ -193,6 +206,20 @@ class CustomIsOwner(permissions.BasePermission):
         return is_object_owner(request.user, obj)
 
 
+class CustomIsSpaceOwner(permissions.BasePermission):
+    """
+    Custom permission class for django rest framework views
+    verifies if the user is the owner of the space the object belongs to
+    """
+    message = _('You cannot interact with this object as it is not owned by you!')
+
+    def has_permission(self, request, view):
+        return request.user.is_authenticated
+
+    def has_object_permission(self, request, view, obj):
+        return is_space_owner(request.user, obj)
+
+
 # TODO function duplicate/too similar name
 class CustomIsShared(permissions.BasePermission):
     """
@@ -293,7 +320,19 @@ def above_space_user_limit(space):
     :param space: Space to test for limits
     :return: Tuple (True if above or equal limit else false, message)
     """
-    limit = space.max_users != 0 and UserPreference.objects.filter(space=space).count() > space.max_users
+    limit = space.max_users != 0 and UserSpace.objects.filter(space=space).count() > space.max_users
     if limit:
         return True, _('You have more users than allowed in your space.')
     return False, ''
+
+
+def switch_user_active_space(user, user_space):
+    """
+    Switch the currently active space of a user by setting all spaces to inactive and activating the one passed
+    :param user: user to change active space for
+    :param user_space: user space object to activate
+    """
+    if not user_space.active:
+        UserSpace.objects.filter(user=user).update(active=False)  # make sure to deactivate all spaces for a user
+        user_space.active = True
+        user_space.save()