Beispiel #1
0
def canRead(id, userId):
    """
    Check if a user can read a shift. The user must have
    either:
        1. Created the shift
        2. The shift must be published and public
        3. If the user is subscribed to a stream the shift is on.
        4. If the shift is published to the user's private stream.
    Parameters:
        id - a shift id.
    Returns:
        bool.
    """
    db = core.connect()
    theShift = db[id]
    if user.isAdmin(userId):
        return True
    if theShift["createdBy"] == userId:
        return True
    if theShift["publishData"]["draft"]:
        return False
    theUser = db[userId]
    if not theShift["publishData"]["private"]:
        return True
    if theUser["privateStream"] in theShift["publishData"]["streams"]:
        return True
    shiftStreams = theShift["publishData"]["streams"]
    readableStreams = permission.readableStreams(userId)
    allowed = set(shiftStreams).intersection(readableStreams)
    return len(allowed) > 0
Beispiel #2
0
def canUnpublish(id, userId):
    """
    Check where a user can unpublish a shift.
    Parameters:
        id - a shift id.
        userId - a user id.
    Returns:
        bool.
    """
    db = core.connect()
    theShift = db[id]
    return user.isAdmin(userId) or (userId == theShift['createdBy'])
Beispiel #3
0
def canDelete(id, userId):
    """
    Check if a user can delete an event. Allowed under the following conditions:
        1. the user is admin.
        2. the user created the event.
    Parameters:
        id - an event id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    theEvent = read(id)
    return theEvent["createdBy"] == userId
Beispiel #4
0
def canDelete(id, userId):
    """
    Returns true if:
        1. User is admin.
        2. User created the stream.
    Parameters:
        id - a stream id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    theStream = read(id)
    if theStream["createdBy"] == userId:
        return True
    return False
Beispiel #5
0
def canAdmin(id, userId):
    """
    Return true if:
        1. User is admin.
        2. User created the stream.
        3. User can admin the stream.
    Parameters:
        id - a stream id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    theStream = read(id)
    if theStream["createdBy"] == userId:
        return True
    adminable = permission.adminStreams(userId)
    return id in adminable
Beispiel #6
0
def canCreate(data, userId):
    """
    Check if a user can create an event. Allowed under the following conditions:
        1. user is admin.
        2. the stream is public.
        3. the stream is writeable by the user.
    Parameters:
        data - the event data.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    streamId = data["streamId"]
    theStream = stream.read(userId)
    if not theStream["private"]:
        return True
    writeable = permission.writeableStreams(userId)
    return (streamId in writeable)
Beispiel #7
0
def canRead(id, userId):
    """
    Check if a user can read an event. Allowed under the following conditions:
        1. the user is admin.
        2. the stream is public.
        3. the stream is readable by the user.
    Parameters:
        id - an event id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    streamId = data["streamId"]
    theStream = stream.read(userId)
    if not theStream["private"]:
        return True
    readable = permission.readableStreams(userId)
    return (streamId in readable)
Beispiel #8
0
def canRead(id, userId):
    """
    Returns true if:
        1. User is admin.
        2. The stream is public.
        3. The user created the stream.
        4. The user has read permission for the stream.
    Parameters:
        id - a stream id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    theStream = read(id)
    if theStream["createdBy"] == userId:
        return True
    if not theStream["private"]:
        return True
    readableStreams = permission.readableStreams(userId)
    return id in readableStreams
Beispiel #9
0
def canSubscribe(id, userId):
    """
    Return true if:
        1. User is admin.
        2. User created the stream.
        3. The stream is public.
        4. User has join permissions.
    Parameters:
        id - a stream id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    theStream = read(id)
    if theStream["createdBy"] == userId:
        return True
    if not theStream["private"]:
        return True
    joinable = permission.joinableStreams(userId)
    return id in joinable
Beispiel #10
0
def create(data):
    """
    Create will fail if:
        1. No stream specified.
        2. No creator specified.
        3. Attempting to create an event on a public stream.
        4. Attempting to create a permission for a user on a stream if a permission
           for that user on that stream already exists.
        5. Attempting to create an event without proper permission. Must either be
           an amdin for that stream or running as admin for shiftserver.
    Parameters:
        data - dictionary containing the permission data.
    Returns:
        a dictionary of the new permission document values.
    """
    db = core.connect()
    streamId = data["streamId"]
    createdBy = data["createdBy"]
    if not streamId:
        raise MissingStreamError
    if not createdBy:
        raise MissingCreatorError
    if stream.isPublic(streamId):
        raise CreateEventOnPublicStreamError
    if permissionForUser(createdBy, streamId):
        raise PermissionAlreadyExistsError
    allowed = user.isAdmin(createdBy)
    if not allowed:
        allowed = stream.isOwner(streamId, createdBy)
    if not allowed:
        adminable = adminStreams(createdBy)
        allowed = streamId in adminable
    if not allowed:
        raise CreateEventPermissionError
    newPermission = schema.permission()
    newPermission.update(data)
    newPermission["type"] = "permission"
    id = db.create(newPermission)
    return db[id]
Beispiel #11
0
def canCreate(id, userId):
    if user.isAdmin(userId):
        return True
    return True