From 59e419dd3c445e1e4b91297e62d1a7b578077548 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Sat, 6 Oct 2012 12:59:51 -0400
Subject: [PATCH] model:person: add Person.is_admin() to simplify authorization
 checks.

---
 pygrader/handler/get.py   |  2 +-
 pygrader/handler/grade.py |  4 ++--
 pygrader/model/person.py  | 10 ++++++++++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/pygrader/handler/get.py b/pygrader/handler/get.py
index 8be5b81..d3e69cb 100644
--- a/pygrader/handler/get.py
+++ b/pygrader/handler/get.py
@@ -373,7 +373,7 @@ def run(basedir, course, message, person, subject,
             hasattr(message, 'authenticated') and message.authenticated)
     if not authenticated:
         raise _UnsignedMessage()
-    if 'assistants' in person.groups or 'professors' in person.groups:
+    if person.is_admin():
         email = _get_admin_email(
             basedir=basedir, course=course, person=person, subject=subject)
     elif 'students' in person.groups:
diff --git a/pygrader/handler/grade.py b/pygrader/handler/grade.py
index c803371..891495a 100644
--- a/pygrader/handler/grade.py
+++ b/pygrader/handler/grade.py
@@ -179,9 +179,9 @@ def run(basedir, course, message, person, subject,
             hasattr(message, 'authenticated') and message.authenticated)
     if not authenticated:
         raise _UnsignedMessage()
-    if not ('professors' in person.groups or 'assistants' in person.groups):
+    if not person.is_admin():
         raise _PermissionViolationMessage(
-            person=person, allowed_groups=['professors', 'assistants'])
+            person=person, allowed_groups=person.admin_groups)
     student = _get_subject_student(course=course, subject=subject)
     assignment = _get_subject_assignment(course=course, subject=subject)
     grade = _get_grade(
diff --git a/pygrader/model/person.py b/pygrader/model/person.py
index 2755052..8964d40 100644
--- a/pygrader/model/person.py
+++ b/pygrader/model/person.py
@@ -15,6 +15,8 @@
 # pygrader.  If not, see <http://www.gnu.org/licenses/>.
 
 class Person (object):
+    admin_groups = ['professors', 'assistants']
+
     def __init__(self, name, emails=None, pgp_key=None, aliases=None,
                  groups=None):
         self.name = name
@@ -42,3 +44,11 @@ class Person (object):
             return self.aliases[0]
         except KeyError:
             return self.name
+
+    def is_admin(self):
+        """Is this person an administrator for this course? True/False.
+        """
+        for group in self.admin_groups:
+            if group in self.groups:
+                return True
+        return False
-- 
2.26.2