Add BundleStream().can_access(user) and BundleStream.get_allowed_for_user(user)

Those methods capture all the access control logic hence will be easier to test and reuse.

1 files changed, 3 insertions, 3 deletions

diff --git a/dashboard_app/xmlrpc.py b/dashboard_app/xmlrpc.py
index fb36c7e44..02b81e075 100644
--- a/dashboard_app/xmlrpc.py
+++ b/dashboard_app/xmlrpc.py
@@ -124,7 +124,7 @@ class DashboardAPI(object):
         except BundleStream.DoesNotExist:
             raise xmlrpclib.Fault(errors.NOT_FOUND,
                     "Bundle stream not found")
-        if not bundle_stream.can_upload(user):
+        if not bundle_stream.can_access(user):
             raise xmlrpclib.Fault(errors.FORBIDDEN,
                     "Uploading to specified stream is not permitted")
         try:
@@ -188,7 +188,7 @@ class DashboardAPI(object):
         except Bundle.DoesNotExist:
             raise xmlrpclib.Fault(errors.NOT_FOUND,
                     "Bundle not found")
-        if not bundle.bundle_stream.can_download(user):
+        if not bundle.bundle_stream.can_access(user):
             raise xmlrpclib.Fault(errors.FORBIDDEN,
                     "Downloading from specified stream is not permitted")
         else:
@@ -311,7 +311,7 @@ class DashboardAPI(object):
         except BundleStream.DoesNotExist:
             raise xmlrpclib.Fault(errors.NOT_FOUND,
                     "Bundle stream not found")
-        if not bundle_stream.can_download(user):
+        if not bundle_stream.can_access(user):
             raise xmlrpclib.Fault(errors.FORBIDDEN,
                     "Downloading from specified stream is not permitted")
         return [{