Initial implementation of group share

circle/dashboard/views/util.py

@@ -495,14 +495,18 @@ class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
             msg = _("Successfully shared with group %s" % new_group_name)
             messages.success(self.request, msg)
 
+    def __get_members_of_snapshot(self, glance):
+        template = self.get_object()
+        old_members_generator = glance.image_members.list(template.image_id)
+        return [m.member_id for m in old_members_generator]
+
     def __handle_user_assignment(self):
         glance = self.__get_glance_admin_client(self.request.user.tenant_id)
         template = self.get_object()
         new_template_user = self.request.POST['name']
         project_id_of_user = self.__get_project_id_by_name(new_template_user)
 
-        old_members_generator = glance.image_members.list(template.image_id)
-        old_members = [m.member_id for m in old_members_generator]
+        old_members = self.__get_members_of_snapshot(glance)
 
         if project_id_of_user in old_members:
             msg = _("Template is already shared with %s" % new_template_user)
@@ -549,34 +553,61 @@ class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
 
         return removes
 
-    def __remove_user(self, member_id):
+    def __remove_user_from_db(self, member_id):
         template = self.get_object()
-        glance = self.__get_glance_admin_client(self.request.user.tenant_id)
-        glance.image_members.delete(template.image_id, member_id)
         user = TemplateUserMember.objects.get(project_id=member_id)
         template.users.remove(user)
         template.save()
 
-    def __remove_group(self, member_id):
+    def __remove_group_from_db(self, member_id):
         template = self.get_object()
         template.groups.remove(member_id)
         template.save()
 
-    def __handle_removes(self):
+    def __handle_removes_from_db(self):
         removes = self.__get_removes()
         for member_id in removes['u']:
-            self.__remove_user(member_id)
+            self.__remove_user_from_db(member_id)
             messages.success(self.request, _("Successfully removed user"))
         for member_id in removes['g']:
-            self.__remove_group(member_id)
+            self.__remove_group_from_db(member_id)
             messages.success(self.request, _("Successfully removed group"))
 
+    def __is_member_of_groups(self, member_id):
+        template = self.get_object()
+        for group in template.groups.all():
+            group_members = self.__list_users_of_group(group.group_id)
+            for group_member in group_members:
+                if group_member.default_project_id == member_id:
+                    return True
+        return False
+
+    def __cleanup_member(self, member_id):
+        template = self.get_object()
+        try:
+            template.users.get(project_id=member_id)
+            return  # member is assigned as user
+        except TemplateUserMember.DoesNotExist:
+            pass
+
+        if not self.__is_member_of_groups(member_id):
+            glance = self.__get_glance_admin_client(self.request.user.tenant_id)
+            glance.image_members.delete(template.image_id, member_id)
+
+    def __cleanup_assigned_members_of_snapshot(self):
+        template = self.get_object()
+        glance = self.__get_glance_admin_client(self.request.user.tenant_id)
+        member_ids = self.__get_members_of_snapshot(glance)
+        for member_id in member_ids:
+            self.__cleanup_member(member_id)
+
     def post(self, request, *args, **kwargs):
         template = self.get_object()
 
         openstack_api.glance.image_update(request, template.image_id, visibility="shared")
+        self.__handle_removes_from_db()
         self.__handle_assignments()
-        self.__handle_removes()
+        self.__cleanup_assigned_members_of_snapshot()
 
         return redirect("%s#access" % template.get_absolute_url())