From e5d8c057f993c44760abf39265893f751ee6f9ed Mon Sep 17 00:00:00 2001
From: Vitor Baptista <vitor@vitorbaptista.com>
Date: Mon, 23 Jun 2014 18:43:39 -0300
Subject: [PATCH] [#1665] Refactor auth logic moving it to new_authz

---
 ckan/logic/action/get.py | 7 +------
 ckan/new_authz.py        | 8 ++++++++
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/ckan/logic/action/get.py b/ckan/logic/action/get.py
index 1c8b7d69e54..27426fe81d9 100644
--- a/ckan/logic/action/get.py
+++ b/ckan/logic/action/get.py
@@ -494,12 +494,7 @@ def group_list_authz(context, data_dict):
     if not user_id:
         return []
 
-    sysadmin = new_authz.is_sysadmin(user)
-    default_perms_name = 'default_group_or_org_permissions'
-    default_perms = new_authz.check_config_permission(default_perms_name)
-    anyone_can_manage_groups = 'manage_group' in default_perms
-    show_all_groups = not am_member and (sysadmin or anyone_can_manage_groups)
-
+    show_all_groups = not am_member and new_authz.can_manage_all_groups(user)
     if not show_all_groups:
         roles = ckan.new_authz.get_roles_with_permission('manage_group')
         if not roles:
diff --git a/ckan/new_authz.py b/ckan/new_authz.py
index 6a2acd97854..10b43f7575a 100644
--- a/ckan/new_authz.py
+++ b/ckan/new_authz.py
@@ -125,6 +125,14 @@ def _get_user(username):
     return model.User.get(username)
 
 
+def can_manage_all_groups(user):
+    sysadmin = is_sysadmin(user)
+    default_perms_name = 'default_group_or_org_permissions'
+    default_perms = check_config_permission(default_perms_name)
+    anyone_can_manage_groups = 'manage_group' in default_perms
+    return sysadmin or anyone_can_manage_groups
+
+
 def get_group_or_org_admin_ids(group_id):
     if not group_id:
         return []