1 files changed, 19 insertions, 8 deletions

diff --git a/opendc-web/opendc-web-api/opendc/models/project.py b/opendc-web/opendc-web-api/opendc/models/project.py
index 2b3fd5f4..ee84c73e 100644
--- a/opendc-web/opendc-web-api/opendc/models/project.py
+++ b/opendc-web/opendc-web-api/opendc/models/project.py
@@ -1,7 +1,20 @@
+from marshmallow import Schema, fields
+from werkzeug.exceptions import Forbidden
+
 from opendc.models.model import Model
-from opendc.util.database import DB
-from opendc.util.exceptions import ClientError
-from opendc.util.rest import Response
+from opendc.exts import db
+
+
+class ProjectSchema(Schema):
+    """
+    Schema representing a Project.
+    """
+    _id = fields.String()
+    name = fields.String(required=True)
+    datetimeCreated = fields.DateTime()
+    datetimeLastEdited = fields.DateTime()
+    topologyIds = fields.List(fields.String())
+    portfolioIds = fields.List(fields.String())
 
 
 class Project(Model):
@@ -16,13 +29,11 @@ class Project(Model):
         :param edit_access: True when edit access should be checked, otherwise view access.
         """
         for authorization in self.obj['authorizations']:
-            if user_id == authorization['userId'] and authorization['authorizationLevel'] != 'VIEW' or not edit_access:
+            if user_id == authorization['userId'] and authorization['level'] != 'VIEW' or not edit_access:
                 return
-        raise ClientError(Response(403, "Forbidden from retrieving project."))
+        raise Forbidden("Forbidden from retrieving project.")
 
     @classmethod
     def get_for_user(cls, user_id):
         """Get all projects for the specified user id."""
-        return DB.fetch_all({'authorizations': {
-            'userId': user_id
-        }}, Project.collection_name)
+        return db.fetch_all({'authorizations.userId': user_id}, Project.collection_name)