def add_owner(self, card_id):
     if AppUser.for_user(users.get_current_user()).is_admin:
         card = ReportCard.find_by_id(int(card_id))
         card.owner_user_id.append(self.request.get('new_owner_id'))
         card.put()
         ReportCard.create(self.request.get('name'))
         return webapp2.redirect_to('card-list')
 def list_by_user(self, user=None):
     if not user:
       user = users.get_current_user()
     app_user = AppUser.for_user(user)
     if app_user.is_admin:
         cards = self.list()
     else:
         cards = self.gql("WHERE owner_user_id = :1", user.user_id()).fetch(100)
     return cards
 def list(self, card_id):
     # TODO: handle this some other way
     AppUser.record_access(users.get_current_user())
     current_user = AppUser.for_user(users.get_current_user())
     template = JinjaEnv.get().get_template('templates/eval/list.html')
     self.response.out.write(template.render({'card': ReportCard.find_by_id(int(card_id)), 'current_user': current_user}))
 def is_authorized(self, user=None):
     if not user:
       user = users.get_current_user()
     app_user = AppUser.for_user(user)
     return app_user.is_admin or user.user_id() in self.owner_user_id
 def makeAdmin(self, user=None):
     if not user:
         user = users.get_current_user()
     u = AppUser.for_user(user)
     u.is_admin = True
     u.put()
 def add_owner_form(self, card_id):
     current_user = AppUser.for_user(users.get_current_user())
     if current_user.is_admin:
         template = JinjaEnv.get().get_template('templates/card/owner_add_form.html')
         self.response.out.write(template.render({'card': ReportCard.find_by_id(int(card_id)), 'users': AppUser.list()}))