def getById(visionId, inquiringUser):
'''Get vision by id with privileges of inquiringUser, else None.
If inquiringUser==None, assume public is trying to access this vision.
'''
model = DataApi.getVision(visionId)
if DataApi.NO_OBJECT_EXISTS == model:
return None
vision = Vision(model)
# Ensure that user can access this vision
relationship = Relationship.get(
inquiringUser.id() if inquiringUser else None,
vision.userId())
ok = False
if Relationship.NONE == relationship:
# if no relationship, vision must be public
if VisionPrivacy.PUBLIC == vision.privacy():
ok = True
elif Relationship.SELF == relationship:
# if it is your own vision, you def have access
ok = True
if True == ok:
return vision
else:
return None
def getUserVisions(user, targetUser):
'''Gets vision of targetUser that are accessible by user.
If user is None, it will treat it as public access.
'''
assert targetUser, "Invalid target user"
userId = None
if user:
userId = user.id()
models = DataApi.getVisionsForUser(targetUser.model())
# determine relationship for filtering viewable visions
relationship = Relationship.get(userId, targetUser.id())
if Relationship.NONE == relationship:
# If no relationship, only show public visions
filtered = []
for model in models:
if model.privacy == VisionPrivacy.PUBLIC:
filtered.append(model)
return VisionList(filtered)
elif Relationship.SELF == relationship:
# Show all visions
return VisionList(models)
else:
assert False, "Invalid relationship value"
return None