refactor(projects): remove project membership access model

2026-04-28 19:35:24 +03:30
parent 71924ce6fb
commit 1cd948592c
20 changed files with 150 additions and 905 deletions
--- a/apps/workspaces/services/permissions.py
+++ b/apps/workspaces/services/permissions.py
@@ -1,6 +1,5 @@
 from __future__ import annotations

-from apps.projects.models import ProjectMembership
 from apps.workspaces.models import Workspace, WorkspaceMembership


@@ -25,22 +24,9 @@ PROJECTS_CREATE = "projects.create"
 PROJECTS_EDIT = "projects.edit"
 PROJECTS_DELETE = "projects.delete"
 PROJECTS_ARCHIVE = "projects.archive"
-PROJECT_MEMBERS_VIEW = "project_members.view"
-PROJECT_MEMBERS_ADD = "project_members.add"
-PROJECT_MEMBERS_REMOVE = "project_members.remove"
-PROJECT_MEMBERS_CHANGE_ROLE = "project_members.change_role"
 TIME_ENTRIES_VIEW_OWN = "time_entries.view_own"
 TIME_ENTRIES_MANAGE_OWN = "time_entries.manage_own"

-PROJECT_MANAGER_CAPABILITIES = {
-    PROJECTS_EDIT,
-    PROJECTS_ARCHIVE,
-    PROJECT_MEMBERS_VIEW,
-    PROJECT_MEMBERS_ADD,
-    PROJECT_MEMBERS_REMOVE,
-    PROJECT_MEMBERS_CHANGE_ROLE,
-}
-
 WORKSPACE_ROLE_CAPABILITIES = {
    WorkspaceMembership.Role.OWNER: {
        WORKSPACE_VIEW,
@@ -64,10 +50,6 @@ WORKSPACE_ROLE_CAPABILITIES = {
        PROJECTS_EDIT,
        PROJECTS_DELETE,
        PROJECTS_ARCHIVE,
-        PROJECT_MEMBERS_VIEW,
-        PROJECT_MEMBERS_ADD,
-        PROJECT_MEMBERS_REMOVE,
-        PROJECT_MEMBERS_CHANGE_ROLE,
        TIME_ENTRIES_VIEW_OWN,
        TIME_ENTRIES_MANAGE_OWN,
    },
@@ -92,10 +74,6 @@ WORKSPACE_ROLE_CAPABILITIES = {
        PROJECTS_EDIT,
        PROJECTS_DELETE,
        PROJECTS_ARCHIVE,
-        PROJECT_MEMBERS_VIEW,
-        PROJECT_MEMBERS_ADD,
-        PROJECT_MEMBERS_REMOVE,
-        PROJECT_MEMBERS_CHANGE_ROLE,
        TIME_ENTRIES_VIEW_OWN,
        TIME_ENTRIES_MANAGE_OWN,
    },
@@ -149,24 +127,7 @@ def has_workspace_capability(user, workspace: Workspace, capability: str) -> boo


 def has_project_capability(user, project, capability: str) -> bool:
-    if has_workspace_capability(user, project.workspace, capability):
-        return True
-
-    workspace_role = get_workspace_role(user, project.workspace)
-    if workspace_role not in {
-        WorkspaceMembership.Role.OWNER,
-        WorkspaceMembership.Role.ADMIN,
-    }:
-        return False
-
-    is_project_manager = ProjectMembership.objects.filter(
-        project=project,
-        user=user,
-        role=ProjectMembership.Role.MANAGER,
-        is_active=True,
-        is_deleted=False,
-    ).exists()
-    return is_project_manager and capability in PROJECT_MANAGER_CAPABILITIES
+    return has_workspace_capability(user, project.workspace, capability)


 def can_delete_workspace_object(user, obj, capability: str) -> bool: