Example #1
0
    def getById(visionId, inquiringUser):
        '''Get vision by id with privileges of inquiringUser, else None.
       
        If inquiringUser==None, assume public is trying to access this vision.
        '''
        model = DataApi.getVision(visionId)
        if DataApi.NO_OBJECT_EXISTS == model:
            return None
        vision = Vision(model)

        # Ensure that user can access this vision
        relationship = Relationship.get(
                            inquiringUser.id() if inquiringUser else None,
                            vision.userId())
        ok = False
        if Relationship.NONE == relationship:
            # if no relationship, vision must be public
            if VisionPrivacy.PUBLIC == vision.privacy():
                ok = True
        elif Relationship.SELF == relationship:
            # if it is your own vision, you def have access
            ok = True

        if True == ok:
            return vision
        else:
            return None
Example #2
0
    def getUserVisions(user, targetUser):
        '''Gets vision of targetUser that are accessible by user.
        
        If user is None, it will treat it as public access.
        '''
        assert targetUser, "Invalid target user"
        userId = None
        if user:
            userId = user.id()
        models = DataApi.getVisionsForUser(targetUser.model())

        # determine relationship for filtering viewable visions
        relationship = Relationship.get(userId, targetUser.id())

        if Relationship.NONE == relationship:
            # If no relationship, only show public visions
            filtered = []
            for model in models:
                if model.privacy == VisionPrivacy.PUBLIC:
                    filtered.append(model)
            return VisionList(filtered)
        elif Relationship.SELF == relationship:
            # Show all visions
            return VisionList(models)
        else:
            assert False, "Invalid relationship value"
            return None