zzgvh/restricted_user_projects_by_org.py

## restricted_user_projects_by_org.py
class RestrictedUserProjectsByOrg(models.Model):
    user = models.OneToOneField('User', related_name='restricted_projects')
    organisation = models.ForeignKey('Organisation', related_name='restricted_users')
    is_restricted = models.BooleanField(default=False) #do we need this?
    restricted_projects = models.ManyToManyField(
        'Project', related_name='inaccessible_by', null=True, blank=True)

    """
    Descriptions of events and pseudo code. One question I haven't thought through is multiple employments
    by both user and admin

    Events:
        Create restrictions for a user
            for org in orgs of admin:
                create RestrictedUserProjectsByOrg(RUPBO)
                    user = user we're adminning
                    organisation = org
                    is_restricted = True
                    restricted_projects = []

        Remove restrictions for a user
            set is_restricted = False for RUPBO objects where organisation = orgs of the admin
            Alternative?: delete the RUPBO object, eliminating the need for the is_restricted field?

        Restrict project access for a user
            orgs = all organisations able to admin the project
            for org in orgs:
                get_or_create a RUPBO object for the org and the user
                add the project to restricted_projects

        Add a new project
            for org in project partners:
                for rupbo in RUPBO objects where org=org and is_restricted=True (if we use is_restricted):
                    add the project to restricted_projects

        Add partner (new org, not new role) to project
            for rupbo in RUPBO objects where org=org and is_restricted=True (if we use is_restricted):
                add the project to restricted_projects

        Remove partner from project
            it this is last partnership of org:
                for rupbo in RUBPO objects where org=org:
                    remove the project from restricted_projects
            # This may seem unnecessary as the user would not have access to the project anyway, but
            # that does not take multiple organisation employments into account. I think we can
            # restrict users with multiple employments too using this model

    """
	class RestrictedUserProjectsByOrg(models.Model):
	user = models.OneToOneField('User', related_name='restricted_projects')
	organisation = models.ForeignKey('Organisation', related_name='restricted_users')
	is_restricted = models.BooleanField(default=False) #do we need this?
	restricted_projects = models.ManyToManyField(
	'Project', related_name='inaccessible_by', null=True, blank=True)

	"""
	Descriptions of events and pseudo code. One question I haven't thought through is multiple employments
	by both user and admin

	Events:
	Create restrictions for a user
	for org in orgs of admin:
	create RestrictedUserProjectsByOrg(RUPBO)
	user = user we're adminning
	organisation = org
	is_restricted = True
	restricted_projects = []

	Remove restrictions for a user
	set is_restricted = False for RUPBO objects where organisation = orgs of the admin
	Alternative?: delete the RUPBO object, eliminating the need for the is_restricted field?

	Restrict project access for a user
	orgs = all organisations able to admin the project
	for org in orgs:
	get_or_create a RUPBO object for the org and the user
	add the project to restricted_projects

	Add a new project
	for org in project partners:
	for rupbo in RUPBO objects where org=org and is_restricted=True (if we use is_restricted):
	add the project to restricted_projects

	Add partner (new org, not new role) to project
	for rupbo in RUPBO objects where org=org and is_restricted=True (if we use is_restricted):
	add the project to restricted_projects

	Remove partner from project
	it this is last partnership of org:
	for rupbo in RUBPO objects where org=org:
	remove the project from restricted_projects
	# This may seem unnecessary as the user would not have access to the project anyway, but
	# that does not take multiple organisation employments into account. I think we can
	# restrict users with multiple employments too using this model

	"""