From e4baf8c21ebe6fadc32e7d5f89c54d038655fed4 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 10 Mar 2019 19:32:18 +0100
Subject: [PATCH] Add Group Member policy

---
 passbook/core/forms/policies.py               | 14 +++++++++-
 .../migrations/0020_groupmembershippolicy.py  | 26 +++++++++++++++++++
 passbook/core/models.py                       | 15 +++++++++++
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 passbook/core/migrations/0020_groupmembershippolicy.py

diff --git a/passbook/core/forms/policies.py b/passbook/core/forms/policies.py
index 3fd518c1b..f8d54a6c0 100644
--- a/passbook/core/forms/policies.py
+++ b/passbook/core/forms/policies.py
@@ -4,7 +4,8 @@ from django import forms
 from django.utils.translation import gettext as _
 
 from passbook.core.models import (DebugPolicy, FieldMatcherPolicy,
-                                  PasswordPolicy, WebhookPolicy)
+                                  GroupMembershipPolicy, PasswordPolicy,
+                                  WebhookPolicy)
 
 GENERAL_FIELDS = ['name', 'action', 'negate', 'order', ]
 
@@ -53,6 +54,17 @@ class DebugPolicyForm(forms.ModelForm):
         }
 
 
+class GroupMembershipPolicyForm(forms.ModelForm):
+    """GroupMembershipPolicy Form"""
+
+    class Meta:
+
+        model = GroupMembershipPolicy
+        fields = GENERAL_FIELDS + ['group', ]
+        widgets = {
+            'name': forms.TextInput(),
+        }
+
 class PasswordPolicyForm(forms.ModelForm):
     """PasswordPolicy Form"""
 
diff --git a/passbook/core/migrations/0020_groupmembershippolicy.py b/passbook/core/migrations/0020_groupmembershippolicy.py
new file mode 100644
index 000000000..f120f4908
--- /dev/null
+++ b/passbook/core/migrations/0020_groupmembershippolicy.py
@@ -0,0 +1,26 @@
+# Generated by Django 2.1.7 on 2019-03-10 18:25
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_core', '0019_auto_20190310_1615'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='GroupMembershipPolicy',
+            fields=[
+                ('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
+                ('group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='passbook_core.Group')),
+            ],
+            options={
+                'verbose_name': 'Group Membership Policy',
+                'verbose_name_plural': 'Group Membership Policies',
+            },
+            bases=('passbook_core.policy',),
+        ),
+    ]
diff --git a/passbook/core/models.py b/passbook/core/models.py
index c60f580b3..f02c3a482 100644
--- a/passbook/core/models.py
+++ b/passbook/core/models.py
@@ -393,6 +393,21 @@ class DebugPolicy(Policy):
         verbose_name = _('Debug Policy')
         verbose_name_plural = _('Debug Policies')
 
+class GroupMembershipPolicy(Policy):
+    """Policy to check if the user is member in a certain group"""
+
+    group = models.ForeignKey('Group', on_delete=models.CASCADE)
+
+    form = 'passbook.core.forms.policies.GroupMembershipPolicyForm'
+
+    def passes(self, user: User) -> Union[bool, Tuple[bool, str]]:
+        return self.group.user_set.filter(pk=user.pk).exists()
+
+    class Meta:
+
+        verbose_name = _('Group Membership Policy')
+        verbose_name_plural = _('Group Membership Policies')
+
 class Invitation(UUIDModel):
     """Single-use invitation link"""