From 8b581368dcb6c0e5aa924240d51bdc80b78063b5 Mon Sep 17 00:00:00 2001
From: Arik Fraimovich <arik@arikfr.com>
Date: Tue, 13 May 2014 18:29:39 +0300
Subject: [PATCH] Use the User.permissions property instead of groups.

---
 redash/models.py      | 10 ++++++----
 redash/permissions.py |  9 +--------
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/redash/models.py b/redash/models.py
index 8212cf07..aa7f79ee 100644
--- a/redash/models.py
+++ b/redash/models.py
@@ -19,16 +19,17 @@ class BaseModel(db.Model):
 
 class AnonymousUser(AnonymousUserMixin):
     @property
-    def groups(self):
+    def permissions(self):
         return []
 
+
 class ApiUser(UserMixin):
     def __init__(self, api_key):
         self.id = api_key
 
     @property
-    def groups(self):
-        return ['api']
+    def permissions(self):
+        return ['view_query']
 
 
 class Group(BaseModel):
@@ -419,11 +420,12 @@ class Widget(BaseModel):
 
 all_models = (DataSource, User, QueryResult, Query, Dashboard, Visualization, Widget, ActivityLog, Group)
 
+
 def init_db():
     Group.insert(name='admin', permissions=['admin'], tables=['*']).execute()
-    Group.insert(name='api', permissions=['view_query'], tables=['*']).execute()
     Group.insert(name='default', permissions=Group.DEFAULT_PERMISSIONS, tables=['*']).execute()
 
+
 def create_db(create_tables, drop_tables):
     db.connect_db()
 
diff --git a/redash/permissions.py b/redash/permissions.py
index 17181cd4..d297f64f 100644
--- a/redash/permissions.py
+++ b/redash/permissions.py
@@ -1,6 +1,4 @@
 import functools
-import itertools
-import models
 from flask.ext.login import current_user
 from flask.ext.restful import abort
 
@@ -12,13 +10,8 @@ class require_permissions(object):
     def __call__(self, fn):
         @functools.wraps(fn)
         def decorated(*args, **kwargs):
-            if len(current_user.groups) > 0:
-                permissions = list(itertools.chain(*[g.permissions for g in models.Group.select().where(models.Group.name << current_user.groups)]))
-            else:
-                permissions = []
-            
             has_permissions = reduce(lambda a, b: a and b,
-                                      map(lambda permission: permission in permissions,
+                                      map(lambda permission: permission in current_user.permissions,
                                           self.permissions),
                                       True)