def post(self, login_user=None, template_values={}): transactions = self.request.get('transactions', None) if transactions: transaction_set = json.loads(transactions) contact_ref = transaction_set[0] # make sure we received data for the right user assert contact_ref == str(login_user.me.key()), "/sharesave received data for wrong user" # transfer all click transactions the user has made into a dictionary # with the key as dictionary key, so that only the last decision survives privacy_transactions = {} for tr in transaction_set[1:]: privacy_transactions[tr['key']] = tr['privacy'] # apply privacy settings for key,privacy_setting in privacy_transactions.items(): logging.debug("apply privacy setting contact: %s take2: %s %s" % (contact_ref,key,privacy_setting)) # delete all existing datasets for this key delete = SharedTake2.all().filter("take2_ref =", Key(key)) db.delete(delete) if privacy_setting == 'private': pass elif privacy_setting == 'restricted': RestrictedTake2(contact_ref=Key(contact_ref), take2_ref=Key(key)).put() elif privacy_setting == 'public': data = PublicTake2(contact_ref=Key(contact_ref), take2_ref=Key(key)).put() else: logging.critical("Unknown privacy setting: %s" % privacy_setting) self.error(500) return self.redirect("/editcontact?key=%s" % str(login_user.me.key()))
def encode_contact(contact, login_user, include_attic=False, include_privacy=False): """Factory to encode data into view classes which can easily be rendered The function takes into account the access rights and encodes only elements which the user is allowed to see. signed_in is set to True if the user is signed in If include_attic=True, data will include the complete history and also archived data. If include_privacy is set, it will include the privacy setting for contacts this user owns: private, restricted or public """ result = None # do only enclose non-attic contacts unless attic parameter is set if contact.attic and not include_attic: return None result = ContactView(contact) if contact.class_name() == "Person": if contact.lastname: result.lastname = contact.lastname if login_user: # Birthday if contact.class_name() == "Person": if contact.birthday.has_year(): result.birthyear = contact.birthday.year if contact.birthday.has_month(): result.birthmonth = calendar.month_name[contact.birthday.month] if contact.birthday.has_day(): result.birthday = contact.birthday.day # nickname if contact.nickname: result.nickname = contact.nickname # A user can see their own data, obviously if login_user and login_user.key() == contact.owned_by.key(): # introduction/relation to this person result.relation = contact.introduction if contact.introduction else "" # Relation back to the middleman if contact.middleman_ref: result.middleman = contact.middleman_ref.name result.middleman_ref = str(contact.middleman_ref.key()) # Relation(s) going out from this person towards others result.contacts = [] # for con in Contact.all().filter("middleman_ref =", contact): for con in contact.affix: if not con.attic or include_attic: result.append_take2(con) # can I edit the contact data? if login_user: if contact.owned_by.key() == login_user.key(): result.can_edit = True # Is this the contact data for the logged in user (myself)? if login_user and login_user.me: if contact.key() == login_user.me.key(): result.is_myself = True # # encode contact's data # q_obj = Take2.all() q_obj.filter("contact_ref =", contact) q_obj.order('-timestamp') for obj in q_obj: # do only enclose non-attic take2 properties unless attic parameter is set if obj.attic and not include_attic: continue if include_privacy: # look for an entry in the SharedTake2 table priv = SharedTake2.all().filter("contact_ref =", contact).filter("take2_ref =", obj).get() if priv: if priv.class_name() == "PublicTake2": # add privacy property to obj on the fly obj.privacy = 'public' elif priv.class_name() == "RestrictedTake2": obj.privacy = 'restricted' result.append_take2(obj) else: result.relation = "(You cannot see this person's data.)" # user does not own the contact, but let's check whether the privacy settings # allow us to see something q_priv = SharedTake2.all().filter("contact_ref =", contact) for priv in q_priv: # public objects if priv.class_name() == 'PublicTake2': obj = priv.take2_ref # do only enclose non-attic take2 properties unless attic parameter is set if obj.attic and not include_attic: continue result.append_take2(obj) result.relation = "(This person shares some data.)" return result