add multisite_editor property to Role model

rdmo/accounts/models.py

@@ -138,9 +138,9 @@ class Role(models.Model):
         help_text=_('The sites for which this user is manager.')
     )
     editor = models.ManyToManyField(
-    Site, related_name='editors', blank=True,
-    verbose_name=_('Editors'),
-    help_text=_('The sites for which this user is an editor.')
+        Site, related_name='editors', blank=True,
+        verbose_name=_('Editors'),
+        help_text=_('The sites for which this user is an editor.')
     )
 
     class Meta:
@@ -150,7 +150,18 @@ class Meta:
 
     def __str__(self):
         return self.user.username
-
+
+    @property
+    def is_multisite_editor(self) -> bool:
+        if self.user.is_superuser:
+            return True
+        site_count = Site.objects.count()
+
+        if site_count == 1:
+            return self.user.groups.filter(name='editor').exists()
+
+        return self.editor.count() == Site.objects.count()
+
 
 
 @receiver(post_save, sender=settings.AUTH_USER_MODEL)

rdmo/questions/rules.py

@@ -1,71 +1,64 @@
-
+import logging
 import rules
 
 from rdmo.projects.rules import is_project_member, is_site_manager
 
+logger = logging.getLogger(__name__)
+
 @rules.predicate
 def is_element_editor(user, obj) -> bool:
     ''' Checks if the user is an editor for the sites to which this element is available '''
 
-    # # breakpoint()
-    # if not user.is_authenticated:
-    #     return False  # user is not authenticated
-
-    # if not user.role.editor.exists():
-    #     return False  # user is not an editor at all
-
-    # if user.is_superuser:
-    #     return True  # user is admin/superuser, staff or instance editor
-
     if not hasattr(obj, 'sites'):
-        print('AttributeError sites for : ', obj)
+        logger.debug('questions.rules.%s: obj %s has no attribute %s', is_element_editor, obj, 'sites')
         return False
-
-    user_is_editor_for_obj = user.role.editor.filter(id__in=obj.sites.all()).exists()
-    # print('\t\n !!! is_element_editor check: ', obj, user, user_is_editor_for_obj, '\n')
-    # breakpoint()
-    return user_is_editor_for_obj
-    # return obj.can_edit_element(user)
+
+    user_is_element_editor = user.role.editor.filter(id__in=obj.sites.all()).exists()
+    return user_is_element_editor
 
 @rules.predicate
 def is_multisite_editor(user):
-    ''' checks if the user is an instance editor '''
+    ''' checks if the user is a multisite editor '''
     if not user.is_authenticated:
         return False
     if not hasattr(user.role, 'is_multisite_editor'):
+        logger.debug('questions.rules.%s: obj %s has no attribute %s', 'is_multisite_editor', user.role, 'is_multisite_editor')
         return False
     return user.role.is_multisite_editor
 
+
 @rules.predicate
 def has_role_editor(user):
     ''' checks if the user is an editor at all'''
     return user.role.editor.exists()
 
+
 @rules.predicate
 def in_group_editors(user):
-    ''' checks if the user is in group reviewer at all'''   
+    ''' checks if the user is in group reviewer at all'''
     return user.groups.filter(name='editor').exists()
 
+
 @rules.predicate
 def in_group_reviewers(user):
-    ''' checks if the user is in group reviewer at all'''   
+    ''' checks if the user is in group reviewer at all'''
     return user.groups.filter(name='reviewer').exists()
 
-# from field sites
-rules.add_perm('questions.view_catalog_object', has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor)
-rules.add_perm('questions.change_catalog_object', is_element_editor | is_multisite_editor)
-rules.add_perm('questions.delete_catalog_object', is_element_editor | is_multisite_editor)
+
+rules.add_perm('questions.view_catalog_object', is_multisite_editor | has_role_editor | in_group_editors | in_group_reviewers)
+rules.add_perm('questions.change_catalog_object', is_multisite_editor | is_element_editor)
+rules.add_perm('questions.delete_catalog_object', is_multisite_editor | is_element_editor)
 
 
-rules.add_perm('questions.view_section_object', has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor)
-rules.add_perm('questions.change_section_object', is_element_editor | is_multisite_editor)
-rules.add_perm('questions.delete_section_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.view_section_object', is_multisite_editor | has_role_editor | in_group_editors | in_group_reviewers)
+rules.add_perm('questions.change_section_object', is_multisite_editor | is_element_editor)
+rules.add_perm('questions.delete_section_object', is_multisite_editor | is_element_editor)
 
 # extra permissions for project members and site_managers
-rules.add_perm('questions.view_questionset_object', ( has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor) | ( is_project_member | is_site_manager ))
-rules.add_perm('questions.change_questionset_object', is_element_editor | is_multisite_editor)
-rules.add_perm('questions.delete_questionset_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.view_questionset_object', (is_multisite_editor | has_role_editor | in_group_editors | in_group_reviewers) | (is_project_member | is_site_manager))
+rules.add_perm('questions.change_questionset_object', is_multisite_editor | is_element_editor)
+rules.add_perm('questions.delete_questionset_object', is_multisite_editor | is_element_editor)
 
-rules.add_perm('questions.view_question_object', has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor)
-rules.add_perm('questions.change_question_object', is_element_editor | is_multisite_editor)
-rules.add_perm('questions.delete_question_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.view_question_object', is_multisite_editor | has_role_editor | in_group_editors | in_group_reviewers)
+rules.add_perm('questions.change_question_object', is_multisite_editor | is_element_editor)
+rules.add_perm('questions.delete_question_object', is_multisite_editor | is_element_editor)