def has_item_write_permission(self, user_id, item): """The group moderator and the member can change an enrollment.""" if user_id == str(get_id(item['user'])): # Own membership can be modified return True else: # Check if moderator # Note: Group must exist, otherwise membership would not exist # Furthermore user_id can't be None so if there is no moderator # we will correctly return False collection = current_app.data.driver.db['groups'] group = collection.find_one({'_id': get_id(item['group'])}, {'moderator': 1}) return user_id == str(group.get('moderator'))
def has_item_write_permission(self, user_id, item): """Users can modify their signups within the registration window. Moderators can not modify signups from other users. """ if isinstance(item['event'], dict): event = item['event'] else: # Event is not embedded, get the event first lookup = {current_app.config['ID_FIELD']: item['event']} event = current_app.data.find_one('events', None, **lookup) # Remove tzinfo to compare to utcnow (API only accepts UTC anyways) time_register_start = event['time_register_start'].replace(tzinfo=None) time_register_end = event['time_register_end'].replace(tzinfo=None) # Only the user itself can modify the item (not moderators), and only # within the signup window return (('user' in item) and (user_id == str(get_id(item['user']))) and (time_register_start <= dt.utcnow() <= time_register_end))
def has_item_write_permission(self, user_id, item): """The group moderator is allowed to change things.""" # Return true if a moderator exists and it is equal to the current user return item.get('moderator') and ( user_id == str(get_id(item['moderator'])))
def has_item_write_permission(self, user_id, item): """Allow users to modify only their own sessions.""" # item['user'] is Objectid, convert to str return user_id == str(get_id(item['user']))
def has_item_write_permission(self, user_id, item): """The group moderator is allowed to change things.""" # Return true if a moderator exists and it is equal to the current user return item.get('moderator') and (user_id == str( get_id(item['moderator'])))
def has_item_write_permission(self, user_id, item): return str(get_id(item['uploader'])) == user_id