Merge branch 'master' of github.com:ProjetSigma/backend

ProjetSigma · Feb 5, 2016 · c9dee09 · c9dee09
2 parents 4b463aa + b77a0e7
commit c9dee09
Showing 1 changed file with 21 additions and 16 deletions.
diff --git a/sigma_core/views/group_member.py b/sigma_core/views/group_member.py
@@ -46,13 +46,31 @@ def destroy(self, request, pk=None):
         modified_mship.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    def can_rank(self, request, modified_mship, my_mship, perm_rank_new):
+        # You can demote yourself:
+        demote_self = modified_mship.id == my_mship.id and perm_rank_new < my_mship.perm_rank
+        group = modified_mship.group
+
+        # Can't modify someone higher than you, or set rank to higher than you
+        if (my_mship.perm_rank <= modified_mship.perm_rank or my_mship.perm_rank <= perm_rank_new) and not demote_self:
+            return False
+
+        # promote
+        if perm_rank_new > modified_mship.perm_rank:
+            if group.req_rank_promote > my_mship.perm_rank:
+                return False
+        # demote
+        else:
+            if group.req_rank_demote > my_mship.perm_rank and not demote_self:
+                return False
+        return True
+
     @decorators.detail_route(methods=['put'])
     def rank(self, request, pk=None):
         from sigma_core.models.group import Group
         try:
             modified_mship = GroupMember.objects.all().select_related('group').get(pk=pk)
-            group = modified_mship.group
-            my_mship = GroupMember.objects.all().get(group=group, user=request.user)
+            my_mship = GroupMember.objects.all().get(group=modified_mship.group, user=request.user)
         except GroupMember.DoesNotExist:
             raise Http404()
 
@@ -64,22 +82,9 @@ def rank(self, request, pk=None):
         except TypeError:
             return Response(status=status.HTTP_400_BAD_REQUEST)
 
-        # You can demote yourself:
-        demote_self = modified_mship.id == my_mship.id and perm_rank_new < my_mship.perm_rank
-
-        # Can't modify someone higher than you, or set rank to higher than you
-        if (my_mship.perm_rank <= modified_mship.perm_rank or my_mship.perm_rank <= perm_rank_new) and not demote_self:
+        if not self.can_rank(request, modified_mship, my_mship, perm_rank_new):
             return Response(status=status.HTTP_403_FORBIDDEN)
 
-        # promote
-        if perm_rank_new > modified_mship.perm_rank:
-            if group.req_rank_promote > my_mship.perm_rank:
-                return Response(status=status.HTTP_403_FORBIDDEN)
-        # demote
-        else:
-            if group.req_rank_demote > my_mship.perm_rank and not demote_self:
-                return Response(status=status.HTTP_403_FORBIDDEN)
-
         modified_mship.perm_rank = perm_rank_new
         modified_mship.save()