Merge branch 'master' of https://bitbucket.org/lebouquetin/protov1

pboard/pboard/controllers/api.py

         loUserSpecificGroup = pld.PODStaticController.createGroup()
 
         loUserSpecificGroup.group_id = 0-loNewAccount.user_id # group id of a given user is the opposite of the user id
-        loUserSpecificGroup.group_name = ''
+        loUserSpecificGroup.group_name = 'user_%d' % loNewAccount.user_id
         loUserSpecificGroup.personnal_group = True
         loUserSpecificGroup.users.append(loNewAccount)
 
       loApiController = pld.PODUserFilteredApiController(loCurrentUser.user_id)
 
       loNode = loApiController.getNode(node_id)
-      # loNode._lRights = list()
 
-      # SHARE IS OFF, so deactivate the document share (and do not change "shared-with" group configuration
-      if is_shared=='off':
-        loNode.is_shared = False
-        pm.DBSession.flush()
-        redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
+      is_shared_b = False if is_shared=='off' else True
+      print(is_shared_b)
+      print(loNode.is_shared)
+      print(loNode.owner_id)
+      print(loCurrentUser.user_id)
+
+      # Only the node owner can modify is_shared
+      if is_shared_b != loNode.is_shared and loNode.owner_id != loCurrentUser.user_id:
+        self.back_with_error(_("You can't share a document that doesn't belong to you."))
+      else:
+        loNode.is_shared = is_shared_b
+        if not is_shared_b:
+          # SHARE IS OFF, so deactivate the document share (and do not change "shared-with" group configuration
+          pm.DBSession.flush()
+          redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
 
-      # SHARE IS ON, so remove all current shares and set the new ones
-      loNode.is_shared = True
+      # remove all current shares and set the new ones
 
       for loRight in loNode._lRights:
         pm.DBSession.delete(loRight)
           liOldValue = ldNewRights[liGroupId]
         ldNewRights[liGroupId] = liOldValue + pma.Rights.WRITE_ACCESS
 
+      user_list = loApiController._getUserIdListForFiltering()
+      comments = pm.DBSession.query(pmd.PBNode).filter(pmd.PBNode.parent_id==node_id).\
+              filter((pmd.PBNode.owner_id.in_(user_list)) | (pma.user_group_table.c.user_id.in_(user_list))).\
+              filter(pmd.PBNode.node_type=='comment').all()
+      for comment in comments:
+          pm.DBSession.add(comment)
+
       for liGroupId, liRightLevel in ldNewRights.items():
         loNewRight = loApiController.createRight()
         loNewRight.group_id = liGroupId
         loNewRight.node_id = node_id
         loNewRight.rights = liRightLevel
         loNode._lRights.append(loNewRight)
+        for comment in comments:
+            comment_right = loApiController.createRight()
+            comment_right.group_id = liGroupId
+            comment_right.node_id = comment.node_id
+            comment_right.rights = liRightLevel
 
       redirect(lurl('/document/%s#tab-accessmanagement'%(loNode.node_id)))
 

pboard/pboard/lib/auth.py

 from tg.predicates import Predicate
 from pboard.model import DBSession as session
 from pboard.model.auth import Permission, User
+import logging as l
 
 DIRTY_canReadOrCanWriteSqlQuery = """
 SELECT
                     {"email":credentials["repoze.who.userid"], "node_id":node_id, "excluded_right_low_level": 0}
                 )
                 if has_right.rowcount == 0 :
+                    l.info("User {} don't have read right on node {}".format(credentials["repoze.who.userid"], node_id))
                     self.unmet()
 
 class can_write(Predicate):

pboard/pboard/lib/base.py

 
 """The base Controller API."""
 
-from tg import TGController, tmpl_context
+from tg import TGController, tmpl_context, flash
 from tg.render import render
-from tg import request
+from tg import request, redirect
 from tg.i18n import ugettext as _, ungettext
 import pboard.model as model
 
         request.identity = request.environ.get('repoze.who.identity')
         tmpl_context.identity = request.identity
         return TGController.__call__(self, environ, context)
+
+    def back_with_error(self, message):
+        flash(message)
+        redirect(request.headers['Referer'])
+
+def current_user():
+    return request.environ.get('repoze.who.identity')['user']

pboard/pboard/lib/dbapi.py

   def createNode(self, parent_id=0):
     loNode          = pbmd.PBNode()
     loNode.owner_id = self._iCurrentUserId
-    loNode.parent_id = parent_id
+    if int(parent_id)!=0:
+      loNode.parent_id = parent_id
     parent_rights = DBSession.query(pbma.Rights).filter(pbma.Rights.node_id==parent_id).all()
     loNode.rights = parent_rights
     loNode.rights = [pbma.Rights(group_id=r.group_id, rights=r.rights) for r in parent_rights]
     """
     lsNodeIdFiltering = lsSqlSelectQuery % (str(self._iCurrentUserId))
 
-    if liNodeId!=0:
+    if liNodeId!=None and liNodeId!=0:
       return DBSession.query(pbmd.PBNode).options(joinedload_all("_lAllChildren"))\
         .filter(pbmd.PBNode.node_id==liNodeId)\
         .filter(
 
     liOwnerIdList = self._getUserIdListForFiltering()
     
-    loNodeList = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_type==pbmd.PBNodeType.Data).filter(pbmd.PBNode.node_status.in_(plViewableStatusId)).order_by(pbmd.PBNode.parent_tree_path).order_by(pbmd.PBNode.node_order).order_by(pbmd.PBNode.node_id).all()
+    # loNodeList = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.owner_id.in_(liOwnerIdList)).filter(pbmd.PBNode.node_type==pbmd.PBNodeType.Data).filter(pbmd.PBNode.node_status.in_(plViewableStatusId)).order_by(pbmd.PBNode.parent_tree_path).order_by(pbmd.PBNode.node_order).order_by(pbmd.PBNode.node_id).all()
+    loNodeListNotFiltered = pbm.DBSession.query(pbmd.PBNode).filter(pbmd.PBNode.node_type==pbmd.PBNodeType.Data).filter(pbmd.PBNode.node_status.in_(plViewableStatusId)).order_by(pbmd.PBNode.parent_tree_path).order_by(pbmd.PBNode.node_order).order_by(pbmd.PBNode.node_id).all()
+
+    loNodeList = []
+    for loNode in loNodeListNotFiltered:
+      if loNode.owner_id in self._getUserIdListForFiltering():
+        loNodeList.append(loNode)
+      else:
+        for loRight in loNode._lRights:
+          for loUser in loRight._oGroup.users:
+            if loUser.user_id in self._getUserIdListForFiltering():
+              loNodeList.append(loNode)
+
     loTreeList = []
     loTmpDict = {}
     for loNode in loNodeList:
         # We suppose that the parent node has already been added
         # this *should* be the case, but the code does not check it
         if loNode.parent_id not in loTmpDict.keys():
-          loTmpDict[loNode.parent_id] = self.getNode(loNode.parent_id)
-        loTmpDict[loNode.parent_id].appendStaticChild(loNode)
+          print('THE NODE =========',loNode.parent_id)
+          try:
+            loTmpDict[loNode.parent_id] = self.getNode(loNode.parent_id)
+          except Exception as e:
+            # loTreeList.append(
+            # FIXME - D.A. - 2014-05-22 This may be wrong code:
+            # we are in the case when the node parent is not shared with the current user
+            # So the node should be added at the root
+            pass
+        if loNode.parent_id in loTmpDict.keys():
+          # HACK- D.A. - 2014-05-22 - See FIXME upper
+          loTmpDict[loNode.parent_id].appendStaticChild(loNode)
   
     return loTreeList
 

pboard/pboard/templates/master.mak

                 <li><a href="${tg.url('/debug/identity')}"><i class="fa fa-user-md"></i>  request.identity</a></li>
               </ul>
             </li>
+          % endif
+
+          % if request.identity:
             <li>
               <form class="navbar-search  form-search" action="${tg.url('/search')}">
                 <div class="input-append">