intuitem · nas-tabchiche · Oct 18, 2024 · Oct 21, 2024 · Oct 21, 2024
diff --git a/backend/iam/models.py b/backend/iam/models.py
@@ -175,6 +175,15 @@ def get_folder(obj: Any):
         # If no folder is found after trying all paths, handle this case (e.g., return None or raise an error).
         return None
 
+    def tree(self):
+        """Return the tree structure of the folder"""
+        tree = {}
+        tree[str(self.id)] = {
+            "name": self.name,
+            "children": [f.tree() for f in self.folder_set.all()],
+        }
+        return tree
+
 
 class FolderMixin(models.Model):
     """
@@ -773,3 +782,47 @@ def has_role(user: AbstractBaseUser | AnonymousUser, role: Role):
             if ra.role == role:
                 return True
         return False
+
+    @classmethod
+    def get_permissions_per_folder(
+        cls, principal: AbstractBaseUser | AnonymousUser | UserGroup, recursive=False
+    ):
+        """
+        Get all permissions attached to a user directly or indirectly, grouped by folder.
+        If recursive is set to True, permissions from recursive role assignments are transmitted
+        to the children of its perimeter folders.
+        """
+        permissions = defaultdict(set)
+        for ra in cls.get_role_assignments(principal):
+            for folder in ra.perimeter_folders.all():
+                permissions[str(folder.id)] |= set(
+                    ra.role.permissions.all().values_list("codename", flat=True)
+                )
+                if recursive and ra.is_recursive:
+                    for f in folder.sub_folders():
+                        permissions[str(f.id)] |= set(
+                            ra.role.permissions.all().values_list("codename", flat=True)
+                        )
+        return permissions
+
+    @classmethod
+    def get_permission_folder_tree(
+        cls, principal: AbstractBaseUser | AnonymousUser | UserGroup
+    ):
+        def recurse(folder, permissions):
+            id = list(folder.keys())[0]
+            _folder = folder[list(folder.keys())[0]]
+            return {
+                id: {
+                    "name": _folder["name"],
+                    "permissions": permissions.get(id, []),
+                    "children": [recurse(f, permissions) for f in _folder["children"]],
+                }
+            }
+
+        folder_tree = Folder.get_root_folder().tree()
+        permissions = cls.get_permissions_per_folder(principal, recursive=True)
+        for folder_id, folder in folder_tree.items():
+            folder["permissions"] = permissions.get(folder_id, [])
+            folder["children"] = [recurse(f, permissions) for f in folder["children"]]
+        return folder_tree
diff --git a/backend/iam/views.py b/backend/iam/views.py
@@ -23,7 +23,7 @@
     ResetPasswordConfirmSerializer,
 )
 
-from .models import Role, RoleAssignment
+from .models import Folder, Role, RoleAssignment
 
 import structlog
 
@@ -77,6 +77,7 @@ def get(self, request) -> Response:
             "user_groups": request.user.get_user_groups(),
             "roles": request.user.get_roles(),
             "permissions": request.user.permissions,
+            "folders": RoleAssignment.get_permission_folder_tree(request.user),
             "is_third_party": request.user.is_third_party,
             "is_admin": request.user.is_admin(),
         }