From 7228801cb0df899a6f13c1734ce8e750e6a44898 Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <jstretch@digitalocean.com>
Date: Thu, 7 Jul 2016 12:07:02 -0400
Subject: [PATCH] Move membership evaluation to SecretRole

---
 netbox/secrets/models.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/netbox/secrets/models.py b/netbox/secrets/models.py
index f579034f4..f6f4353c2 100644
--- a/netbox/secrets/models.py
+++ b/netbox/secrets/models.py
@@ -182,6 +182,14 @@ class SecretRole(models.Model):
     def get_absolute_url(self):
         return "{}?role={}".format(reverse('secrets:secret_list'), self.slug)
 
+    def has_member(self, user):
+        """
+        Check whether the given user has belongs to this SecretRole. Note that superusers belong to all roles.
+        """
+        if user.is_superuser:
+            return True
+        return user in self.users.all() or user.groups.filter(pk__in=self.groups.all()).exists()
+
 
 class Secret(CreatedUpdatedModel):
     """
@@ -304,6 +312,4 @@ class Secret(CreatedUpdatedModel):
         """
         Check whether the given user has permission to decrypt this Secret.
         """
-        if user.is_superuser:
-            return True
-        return user in self.role.users.all() or user.groups.filter(pk__in=self.role.groups.all()).exists()
+        return self.role.has_member(user)