api/models/list_rights.go

package models

// IsAdmin returns whether the user has admin rights on the list or not
func (l *List) IsAdmin(user *User) bool {
	// Owners are always admins
	if l.Owner.ID == user.ID {
		return true
	}

	// Check Team rights
	// aka "is the user in a team which has admin rights?"
	// TODO

	// Check Namespace rights
	// TODO

	// Check individual rights
	// TODO

	return false
}

// CanWrite return whether the user can write on that list or not
func (l *List) CanWrite(user *User) bool {
	// Owners always have write access
	if l.Owner.ID == user.ID {
		return true
	}

	// Admins always have write access
	if l.IsAdmin(user) {
		return true
	}

	// Check Namespace rights
	// TODO
	// TODO find a way to prioritize: what happens if a user has namespace write access but is not in that list?

	// Check Team rights
	// TODO

	// Check individual rights
	// TODO

	return false
}

// CanRead checks if a user has read access to a list
func (l *List) CanRead(user *User) bool {
	// Owners always have read access
	if l.Owner.ID == user.ID {
		return true
	}

	// Admins always have read access
	if l.IsAdmin(user) {
		return true
	}

	// Check Namespace rights
	exists, _ := x.Select("list.*").
		Table("namespaces").
		Join("INNER", "list", "list.namespace_id = namespaces.id").
		Join("INNER", "team_namespaces", "team_namespaces.namespace_id = namespaces.id").
		Join("INNER", "team_members", "team_members.team_id = team_namespaces.team_id").
		Where("team_members.user_id = ?", user.ID).
		And("list.id = ?", l.ID).
		Get(&List{})

	if exists {
		return true
	}

	// Check Team rights
	// TODO

	// Check individual rights
	// TODO

	return false
}

// CanDelete checks if the user can delete a list
func (l *List) CanDelete(doer *User) bool {
	return l.IsAdmin(doer)
}

// CanUpdate checks if the user can update a list
func (l *List) CanUpdate(doer *User, id int64) bool {
	list, _ := GetListByID(id)
	return list.CanWrite(doer)
}