Reforma vyhodnocování práv

Vyhodnocování práv bylo dost nešikovné, na spoustě míst bylo potřeba kešovat. Předěláno.

Viz issue #31 (closed).

mo/web/org_users.py

@@ -11,7 +11,7 @@ from wtforms.validators import Required
 
 import mo
 import mo.db as db
-import mo.rights
+from mo.rights import Right
 import mo.util
 import mo.users
 from mo.web import app
@@ -41,8 +41,7 @@ class UsersFilterForm(PagerForm):
 @app.route('/org/user/')
 def org_users():
     sess = db.get_session()
-    rr = mo.rights.Rights(g.user)
-    rr.get_generic()
+    rr = g.gatekeeper.rights_generic()
 
     q = sess.query(db.User).filter_by(is_admin=False, is_org=False)
     filter = UsersFilterForm(request.args)
@@ -109,8 +108,8 @@ def org_users():
     return render_template(
         'org_users.html', users=users, count=count,
         filter=filter, filter_errors=filter_errors,
-        can_edit=rr.have_right(mo.rights.Right.edit_users),
-        can_add=rr.have_right(mo.rights.Right.add_users),
+        can_edit=rr.have_right(Right.edit_users),
+        can_add=rr.have_right(Right.add_users),
     )
 
 
@@ -122,8 +121,7 @@ class OrgsFilterForm(PagerForm):
 @app.route('/org/org/')
 def org_orgs():
     sess = db.get_session()
-    rr = mo.rights.Rights(g.user)
-    rr.get_generic()
+    rr = g.gatekeeper.rights_generic()
 
     q = sess.query(db.User).filter(or_(db.User.is_admin, db.User.is_org)).options(
         subqueryload(db.User.roles).joinedload(db.UserRole.place)
@@ -150,8 +148,8 @@ def org_orgs():
     return render_template(
         'org_orgs.html', users=users, count=count,
         filter=filter, filter_errors=None,
-        can_edit=rr.have_right(mo.rights.Right.edit_orgs),
-        can_add=rr.have_right(mo.rights.Right.add_orgs),
+        can_edit=rr.have_right(Right.edit_orgs),
+        can_add=rr.have_right(Right.add_orgs),
     )
 
 
@@ -177,9 +175,8 @@ def org_org(id: int):
     if not user or (not user.is_org and not user.is_admin):
         raise werkzeug.exceptions.NotFound()
 
-    rr = mo.rights.Rights(g.user)
-    rr.get_generic()
-    can_assign_rights = rr.have_right(mo.rights.Right.assign_rights)
+    rr = g.gatekeeper.rights_generic()
+    can_assign_rights = rr.have_right(Right.assign_rights)
 
     form_add_role = FormAddRole()
     form_remove_role = FormRemoveRole()
@@ -256,8 +253,7 @@ def org_user(id: int):
     if user.is_org or user.is_admin:
         return redirect(url_for('org_org', id=id))
 
-    rr = mo.rights.Rights(g.user)
-    rr.get_generic()
+    rr = g.gatekeeper.rights_generic()
 
     participants = sess.query(db.Participant).filter_by(user_id=user.user_id)
     rounds = sess.query(db.Participation).filter_by(user_id=user.user_id)
@@ -295,8 +291,7 @@ def org_user_edit(id: int):
     if is_org and not (user.is_admin or user.is_org):
         return redirect(url_for("org_user_edit", id=id))
 
-    rr = mo.rights.Rights(g.user)
-    rr.get_generic()
+    rr = g.gatekeeper.rights_generic()
     if not rr.can_edit_user(user):
         raise werkzeug.exceptions.Forbidden()
 
@@ -327,14 +322,13 @@ def org_user_edit(id: int):
 @app.route('/org/user/new/', methods=('GET', 'POST'))
 def org_user_new():
     sess = db.get_session()
-    rr = mo.rights.Rights(g.user)
-    rr.get_generic()
+    rr = g.gatekeeper.rights_generic()
 
     is_org = request.endpoint == "org_org_new"
 
-    if is_org and not rr.have_right(mo.rights.Right.add_orgs):
+    if is_org and not rr.have_right(Right.add_orgs):
         raise werkzeug.exceptions.Forbidden()
-    elif not rr.have_right(mo.rights.Right.add_users):
+    elif not rr.have_right(Right.add_users):
         raise werkzeug.exceptions.Forbidden()
 
     form = NewUserForm()