Closes #59: Ne pas montrer tous les utilisateurs à tout le monde

tracim/tracim/controllers/workspace.py

@@ -53,10 +53,11 @@ class UserWorkspaceRestController(TIMRestController):
 
         dictified_current_user = Context(CTX.CURRENT_USER).toDict(user)
         dictified_folders = self.folders.get_all_fake(workspace).result
-        fake_api = DictLikeClass(current_user=dictified_current_user,
-                                 current_workspace_folders=dictified_folders)\
-        # ,
-        #                      sub_items=Context(CTX.FOLDER_CONTENT_LIST).toDict(dictified_folders))
+        fake_api = DictLikeClass(
+            current_user=dictified_current_user,
+            current_workspace_folders=dictified_folders,
+            current_user_workspace_role=workspace.get_user_role(user)
+        )
 
         fake_api.sub_items = Context(CTX.FOLDER_CONTENT_LIST).toDict(
             workspace.get_valid_children(ContentApi.DISPLAYABLE_CONTENTS)

tracim/tracim/i18n/fr/LC_MESSAGES/tracim.po

@@ -1925,6 +1925,10 @@ msgstr "Modifier l'espace de travail courant"
 msgid "Delete current workspace"
 msgstr "Supprimer l'espace de travail"
 
+#: tracim/templates/workspace/getone.mak:75
+msgid "whose"
+msgstr "dont"
+
 #~ msgid "You have no document yet."
 #~ msgstr "Vous n'avez pas de document pour le moment."
 

tracim/tracim/lib/helpers.py

@@ -18,7 +18,9 @@ from tracim.lib import app_globals as plag
 from tracim.lib import CST
 from tracim.lib.base import logger
 from tracim.lib.content import ContentApi
+from tracim.lib.userworkspace import RoleApi
 from tracim.lib.workspace import WorkspaceApi
+from tracim.model import User
 
 from tracim.model.data import ContentStatus
 from tracim.model.data import Content
@@ -221,3 +223,21 @@ def is_user_externalized_field(field_name):
 
 def slug(string):
     return slugify.slugify(string, only_ascii=True)
+
+
+def get_viewable_members_for_role(role: int, members: [dict]) -> [dict]:
+    """
+    Return given users list with viewable members by given role.
+    :param role: One of tracim.model.data.UserRoleInWorkspace roles
+    :param members: list of workspace members. Where member object own "role"
+    property containing tracim.model.data.UserRoleInWorkspace role.
+    :return: filtered member list
+    """
+    viewable_users = []
+    for member in members:
+        if RoleApi.role_can_read_member_role(
+                reader_role=role,
+                tested_role=member.role
+        ):
+            viewable_users.append(member)
+    return viewable_users

tracim/tracim/lib/userworkspace.py

@@ -28,6 +28,42 @@ from tracim.model.serializers import DictLikeClass
 class RoleApi(object):
 
     ALL_ROLE_VALUES = UserRoleInWorkspace.get_all_role_values()
+    # Dict containing readable members roles for given role
+    members_read_rights = {
+        UserRoleInWorkspace.NOT_APPLICABLE: [],
+        UserRoleInWorkspace.READER: [
+            UserRoleInWorkspace.WORKSPACE_MANAGER,
+        ],
+        UserRoleInWorkspace.CONTRIBUTOR: [
+            UserRoleInWorkspace.WORKSPACE_MANAGER,
+            UserRoleInWorkspace.CONTENT_MANAGER,
+            UserRoleInWorkspace.CONTRIBUTOR,
+        ],
+        UserRoleInWorkspace.CONTENT_MANAGER: [
+            UserRoleInWorkspace.WORKSPACE_MANAGER,
+            UserRoleInWorkspace.CONTENT_MANAGER,
+            UserRoleInWorkspace.CONTRIBUTOR,
+            UserRoleInWorkspace.READER,
+        ],
+        UserRoleInWorkspace.WORKSPACE_MANAGER: [
+            UserRoleInWorkspace.WORKSPACE_MANAGER,
+            UserRoleInWorkspace.CONTENT_MANAGER,
+            UserRoleInWorkspace.CONTRIBUTOR,
+            UserRoleInWorkspace.READER,
+        ],
+    }
+
+    @classmethod
+    def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
+            -> bool:
+        """
+        :param reader_role: role as viewer
+        :param tested_role: role as viwed
+        :return: True if given role can view member role in workspace.
+        """
+        if reader_role in cls.members_read_rights:
+            return tested_role in cls.members_read_rights[reader_role]
+        return False
 
     def __init__(self, current_user: User):
         self._user = current_user

tracim/tracim/templates/workspace/getone.mak

@@ -61,6 +61,8 @@
         % endif
 
         <% member_nb = len(result.workspace.members) %>
+        <% viewable_members = h.get_viewable_members_for_role(fake_api.current_user_workspace_role, result.workspace.members) %>
+        <% viewable_member_nb = len(viewable_members) %>
         % if member_nb<=0:
             ${P.EMPTY_CONTENT(_('There are no members in this workspace'))}
         % else:
@@ -69,11 +71,14 @@
                     ${_('This workspace has {a_open}one member{a_close}').format(a_open='<a data-toggle="collapse" href="#memberList" aria-expanded="false" aria-controls="memberList">', a_close='</a>')|n}
                 % else:
                     ${_('This workspace has {a_open}{member_nb} members{a_close}').format(a_open='<a data-toggle="collapse" href="#memberList" aria-expanded="false" aria-controls="memberList">', member_nb=member_nb, a_close='</a>')|n}
+                    % if viewable_member_nb != member_nb:
+                        <span id="members-whose" style="display: none;">${ _('whose') }:</span>
+                    % endif
                 % endif
             </p>
             <div class="collapse" id="memberList">
                 <table class="table">
-                    % for member in result.workspace.members:
+                    % for member in viewable_members:
                         <tr>
                             <td><strong>${member.name}</strong></td>
                             <td>
@@ -84,6 +89,16 @@
                     % endfor
                 </table>
             </div>
+            <script>
+                $(document).ready(function(){
+                    $('#memberList').on('show.bs.collapse', function() {
+                        $('#members-whose').show();
+                    });
+                    $('#memberList').on('hide.bs.collapse', function() {
+                        $('#members-whose').hide();
+                    });
+                });
+            </script>
         % endif
 
         % if result.workspace.calendar_enabled: