From db3d9c262abe0a0742751c0671b6d5697b72c403 Mon Sep 17 00:00:00 2001
From: David Wallace <david.wallace@tu-darmstadt.de>
Date: Tue, 17 Jan 2023 18:51:11 +0100
Subject: [PATCH] update questions rules

---
 rdmo/questions/rules.py | 63 +++++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 27 deletions(-)

diff --git a/rdmo/questions/rules.py b/rdmo/questions/rules.py
index 9fd6371d91..1468af253b 100644
--- a/rdmo/questions/rules.py
+++ b/rdmo/questions/rules.py
@@ -5,17 +5,17 @@
 
 @rules.predicate
 def is_element_editor(user, obj) -> bool:
-    ''' Checks if the user is an editor for the site to which this element is available '''
+    ''' Checks if the user is an editor for the sites to which this element is available '''
 
-    # breakpoint()
-    if not user.is_authenticated:
-        return False  # user is not authenticated
+    # # breakpoint()
+    # if not user.is_authenticated:
+    #     return False  # user is not authenticated
 
-    if not user.role.editor.exists():
-        return False  # user is not an editor at all
+    # if not user.role.editor.exists():
+    #     return False  # user is not an editor at all
 
-    if user.is_superuser or user.role.is_multisite_editor:
-        return True  # user is admin/superuser, staff or instance editor
+    # if user.is_superuser:
+    #     return True  # user is admin/superuser, staff or instance editor
 
     if not hasattr(obj, 'sites'):
         print('AttributeError sites for : ', obj)
@@ -33,30 +33,39 @@ def is_multisite_editor(user):
     if not user.is_authenticated:
         return False
     if not hasattr(user.role, 'is_multisite_editor'):
-        # print('AttributeError is_multisite_editor for : ', user.role)
         return False
     return user.role.is_multisite_editor
 
 @rules.predicate
-def is_editor(user):
-    ''' checks if the user is an instance editor '''
-    check = user.role.editor.exists()
-    print('\t\n !!! is_editor check: ', user, check, '\n')
-    return check
+def has_role_editor(user):
+    ''' checks if the user is an editor at all'''
+    return user.role.editor.exists()
 
+@rules.predicate
+def in_group_editors(user):
+    ''' checks if the user is in group reviewer at all'''   
+    return user.groups.filter(name='editor').exists()
 
-# from field sites
-rules.add_perm('questions.view_catalog_object', is_editor)
-rules.add_perm('questions.change_catalog_object', is_element_editor)
-rules.add_perm('questions.delete_catalog_object', is_element_editor)
+@rules.predicate
+def in_group_reviewers(user):
+    ''' checks if the user is in group reviewer at all'''   
+    return user.groups.filter(name='reviewer').exists()
 
 # from field sites
-# rules.add_perm('questions.view_questionset_object', )
-rules.add_perm('questions.view_questionset_object', ( is_editor | ( is_project_member | is_site_manager )))
-# rules.add_perm('questions.view_questionset_object', )
-rules.add_perm('questions.change_questionset_object', is_element_editor)
-rules.add_perm('questions.delete_questionset_object', is_element_editor)
-
-rules.add_perm('questions.view_section_object', is_editor)
-rules.add_perm('questions.change_section_object', is_element_editor)
-rules.add_perm('questions.delete_section_object', is_element_editor)
+rules.add_perm('questions.view_catalog_object', has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor)
+rules.add_perm('questions.change_catalog_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.delete_catalog_object', is_element_editor | is_multisite_editor)
+
+
+rules.add_perm('questions.view_section_object', has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor)
+rules.add_perm('questions.change_section_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.delete_section_object', is_element_editor | is_multisite_editor)
+
+# extra permissions for project members and site_managers
+rules.add_perm('questions.view_questionset_object', ( has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor) | ( is_project_member | is_site_manager ))
+rules.add_perm('questions.change_questionset_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.delete_questionset_object', is_element_editor | is_multisite_editor)
+
+rules.add_perm('questions.view_question_object', has_role_editor | in_group_editors | in_group_reviewers | is_multisite_editor)
+rules.add_perm('questions.change_question_object', is_element_editor | is_multisite_editor)
+rules.add_perm('questions.delete_question_object', is_element_editor | is_multisite_editor)