def send_invitation(self, id): model = request.environ["sqlalchemy.model"] db = request.environ["sqlalchemy.session"] ops = Operations(db, model) if not ops.can_modify_balance(h.authenticated_user().uid, id): abort(403) balance = db.query(model.Balance).filter_by(uid = id).one() emails = {} for user in balance.users: emails[user.user.email] = 1 for invitation in balance.invitations: emails[invitation.to_address] = 1 user = db.query(model.AuthenticatedUser).filter_by(uid = h.authenticated_user().uid).one() for address in self.form_result.get('addresses', []): if emails.has_key(address): continue access = model.BalanceInvitation(balance_uid = id, to_address = address, sender = user) db.save(access) db.commit() return redirect_to(h.url_for(action='share'))
def share(self, id): model = request.environ["sqlalchemy.model"] db = request.environ["sqlalchemy.session"] ops = Operations(db, model) if not ops.can_see_balance(h.authenticated_user().uid, id): abort(403) c.balance = db.query(model.Balance).filter_by(uid = id).one() c.writable = ops.can_modify_balance(h.authenticated_user().uid, id) return self._render('balances/share.jinja')
def unshare(self, id): model = request.environ["sqlalchemy.model"] db = request.environ["sqlalchemy.session"] ops = Operations(db, model) user_uid = request.params.get('user_uid') if not ops.can_modify_balance(h.authenticated_user().uid, id) or h.authenticated_user().uid == user_uid: abort(403) if id is not None and user_uid is not None: user_balance = db.query(model.UserBalance).filter_by(user_uid = user_uid).filter_by(balance_uid = id).first() if user_balance: db.delete(user_balance) db.commit() return redirect_to(h.url_for(action='share'))
def cancel_invitation(self, id): model = request.environ["sqlalchemy.model"] db = request.environ["sqlalchemy.session"] ops = Operations(db, model) if not ops.can_modify_balance(h.authenticated_user().uid, id): abort(403) try: bi = db.query(model.BalanceInvitation).filter_by(token=request.params['token']).one() db.delete(bi) db.commit() except: # we don't care about any errors here pass return redirect_to(h.url_for(action='share'))