Example #1
0
 def makeAdmin(self, id, userId):
     from server.models.ssuser import SSUser
     theGroup = Group.read(id)
     theUser = SSUser.read(helper.getLoggedInUser())
     if theUser.isAdminOf(theGroup):
         otherUser = SSUser.read(userId)
         theGroup.setPrivilege(otherUser, 3)
         return ack
     else:
         return error("You don't have permission to promote members of this group to admin.", PermissionError)
Example #2
0
 def shareWith(self, userIds, fromUser=None):
     from server.models.message import Message
     from server.models.ssuser import SSUser
     users = core.fetch(keys=userIds)
     if fromUser:
         userName = fromUser.userName
     else:
         userName = SSUser.read(self.createdBy).userName
     for user in users:
         json = {
             "fromId":
             self.createdBy,
             "toId":
             user["_id"],
             "title":
             "%s has shared a shift with you!" % userName,
             "text":
             "%s has shared a shift titled '%s' with you!" %
             (userName, self.summary),
             "meta":
             "share",
             "content": {
                 "type": "shift",
                 "_id": self.id,
                 "href": self.href,
                 "summary": self.summary
             }
         }
         Message.create(**json)
Example #3
0
    def create(cls, userId, groupId, otherId, level):
        from server.models.ssuser import SSUser
        from server.models.group import Group

        db = core.connect()
        if not groupId:
            raise MissingGroupError
        if not userId:
            raise MissingCreatorError
        if Permission.readByUserAndGroup(otherId, groupId):
            raise PermissionAlreadyExistsError

        adminable = [
            row.value for row in Permission.by_adminable(db, key=userId).rows
        ]
        allowed = groupId in adminable
        if not allowed:
            theUser = SSUser.read(userId)
            allowed = theUser.isAdmin()
        if not allowed:
            theGroup = Group.read(groupId)
            allowed = theUser.isOwnerOf(theGroup)
        if not allowed:
            raise CreateEventPermissionError

        json = {
            "createdBy": userId,
            "userId": otherId,
            "groupId": groupId,
            "level": level
        }

        newPermission = Permission(**utils.clean(json))
        newPermission.store(db)
        return newPermission
Example #4
0
 def publish(self, id):
     # NOTE: should maybe take publishData url parameter - David 9/5/2009
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id, loggedInUser)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     publishData = json.loads(helper.getRequestBody())
     # convert targets to actual database references
     if publishData.get("targets"):
         from server.models.group import Group
         from server.models.ssuser import SSUser
         theUser = SSUser.read(loggedInUser)
         targets = publishData["targets"]
         # convert short names to group ids
         shortNames = [target[1:] for target in targets if target[0] == "&"]
         groupIds = Group.shortNamesToIds(shortNames)
         # convert user name to user ids
         userNames = [target[1:] for target in targets if target[0] == "@"]
         userIds = SSUser.namesToIds(userNames)
         # create list of dbs being published to
         dbs = [Group.db(groupId) for groupId in groupIds]
         # validate groups
         writeable = theUser.writeable()
         if not set(dbs).issubset(set(writeable)):
             return error(
                 "Operation not permitted. You don't have permission to publish to some of these groups",
                 PermissionError)
         # TODO: validate against blocked users - David 2/15/10
         dbs.extend([SSUser.db(userId) for userId in userIds])
         publishData["dbs"] = dbs
     return data(theShift.publish(publishData))
Example #5
0
    def create(cls, userId, groupId, otherId, level):
        from server.models.ssuser import SSUser
        from server.models.group import Group

        db = core.connect()
        if not groupId:
            raise MissingGroupError
        if not userId:
            raise MissingCreatorError
        if Permission.readByUserAndGroup(otherId, groupId):
            raise PermissionAlreadyExistsError

        adminable = [row.value for row in Permission.by_adminable(db, key=userId).rows]
        allowed = groupId in adminable
        if not allowed:
            theUser = SSUser.read(userId)
            allowed = theUser.isAdmin()
        if not allowed:
            theGroup = Group.read(groupId)
            allowed = theUser.isOwnerOf(theGroup)
        if not allowed:
            raise CreateEventPermissionError

        json = {
            "createdBy": userId,
            "userId": otherId,
            "groupId": groupId,
            "level": level
            }

        newPermission = Permission(**utils.clean(json))
        newPermission.store(db)
        return newPermission
Example #6
0
 def read(self, userName):
     theUser = SSUser.readByName(userName)
     if not theUser:
         return error("User %s does not exist" % userName, UserDoesNotExistError)
     loggedInUser = SSUser.read(helper.getLoggedInUser())
     canReadFull = loggedInUser.canReadFull(theUser)
     return data(theUser.toDict((loggedInUser and canReadFull)))
Example #7
0
 def publish(self, id):
     # NOTE: should maybe take publishData url parameter - David 9/5/2009
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id, loggedInUser)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     publishData = json.loads(helper.getRequestBody())
     # convert targets to actual database references
     if publishData.get("targets"):
         from server.models.group import Group
         from server.models.ssuser import SSUser
         theUser = SSUser.read(loggedInUser)
         targets = publishData["targets"]
         # convert short names to group ids
         shortNames = [target[1:] for target in targets if target[0] == "&"]
         groupIds = Group.shortNamesToIds(shortNames)
         # convert user name to user ids
         userNames = [target[1:] for target in targets if target[0] == "@"]
         userIds = SSUser.namesToIds(userNames)
         # create list of dbs being published to
         dbs = [Group.db(groupId) for groupId in groupIds]
         dbs.extend([SSUser.db(userId) for userId in userIds])
         # validate
         writeable = theUser.writeable()
         if set(writeable) != set(dbs):
             return error("Operation not permitted. You don't have permission to publish to some of these gruops", PermissionError)
         publishData["dbs"] = dbs
     return data(theShift.publish(publishData))
Example #8
0
 def comment(self, id):
     loggedInUser = helper.getLoggedInUser()
     jsonData = helper.getRequestBody()
     if jsonData != "":
         theShift = Shift.read(id, userId=loggedInUser)
         if not theShift:
             return error("Shift does not exist.",
                          ResourceDoesNotExistError)
         if theShift.type != "shift":
             return error("Resource is not of type shift",
                          ResourceTypeError)
         from server.models.ssuser import SSUser
         theUser = SSUser.read(loggedInUser)
         theData = json.loads(jsonData)
         if theUser.canRead(theShift):
             from server.models.comment import Comment
             Comment.create(theUser.id, theShift.id, theData["text"],
                            theData.get("subscribe") or False)
             return data(Shift.read(theShift.id, theUser.id))
         else:
             return error(
                 "Operation not permitted. You don't have permission to comment on this shift.",
                 PermissionError)
     else:
         return error("No data for comment.", NoDataError)
Example #9
0
 def shifts(self,
            byHref=None,
            byDomain=None,
            byFollowing=False,
            byGroups=False,
            bySpace=None,
            start=0,
            limit=25,
            count=False,
            filter=False,
            query=None,
            all=False):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     if loggedInUser:
         theUser = SSUser.read(loggedInUser)
     else:
         theUser = None
     if query != None:
         query = json.loads(query)
     allShifts = Shift.shifts(user=theUser,
                              byHref=byHref,
                              byDomain=byDomain,
                              byFollowing=byFollowing,
                              byGroups=byGroups,
                              bySpace=bySpace,
                              start=start,
                              limit=limit,
                              filter=filter,
                              query=query,
                              all=False)
     if count:
         return data(len(allShifts))
     else:
         return data(allShifts)
Example #10
0
 def unfollow(self, userName):
     theUser = SSUser.read(helper.getLoggedInUser())
     followed = SSUser.readByName(userName)
     if theUser.id == followed.id:
         return error("You cannot unfollow yourself.", FollowError)
     else:
         theUser.unfollow(followed)
         return data(followed)
Example #11
0
 def read(self, userName):
     theUser = SSUser.readByName(userName)
     if not theUser:
         return error("User %s does not exist" % userName,
                      UserDoesNotExistError)
     loggedInUser = SSUser.read(helper.getLoggedInUser())
     canReadFull = loggedInUser.canReadFull(theUser)
     return data(theUser.toDict((loggedInUser and canReadFull)))
Example #12
0
 def groups(self, userName, start=None, end=None, limit=25):
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     otherUser = SSUser.readByName(userName)
     if loggedInUser == otherUser.id or theUser.isAdmin():
         return data(otherUser.groups(start=start, end=end, limit=limit))
     else:
         return error("You don't have permission to view this user's groups.", PermissionError)
Example #13
0
 def unreadCount(self, userName):
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     otherUser = SSUser.readByName(userName)
     if loggedInUser == otherUser.id or theUser.isAdmin():
         return data(theUser.unreadCount())
     else:
         return error("You do not have permission to view this user's unread count.", PermissionError)
Example #14
0
 def unfollow(self, userName):
     theUser = SSUser.read(helper.getLoggedInUser())
     followed = SSUser.readByName(userName)
     if theUser.id == followed.id:
         return error("You cannot unfollow yourself.", FollowError)
     else:
         theUser.unfollow(followed)
         return data(followed)
Example #15
0
 def logout(self):
     loggedInUser = helper.getLoggedInUser()
     if loggedInUser:
         theUser = SSUser.read(loggedInUser)
         theUser.updateLastSeen()
         helper.setLoggedInUser(None)
         return ack
     else:
         return error("No user logged in.", AlreadyLoggedOutError)
Example #16
0
 def updateShift(self, aShift):
     from server.models.ssuser import SSUser
     author = SSUser.read(aShift.createdBy)
     if author.isMemberOf(self):
         grpdb = Group.db(self.id)
         aShift.updateIn(grpdb)
     else:
         db = core.connect()
         raise NotAMemberError("%s is not a member of %s" % (author.userName, self.longName))
Example #17
0
 def members(self, id):
     from server.models.ssuser import SSUser
     theGroup = Group.read(id)
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     if theUser.isAdminOf(theGroup):
         return data(theGroup.members())
     else:
         return error("You don't have permission to view this groups members", PermissionError)
Example #18
0
 def logout(self):
     loggedInUser = helper.getLoggedInUser()
     if loggedInUser:
         theUser = SSUser.read(loggedInUser)
         theUser.updateLastSeen()
         helper.setLoggedInUser(None)
         return ack
     else:
         return error("No user logged in.", AlreadyLoggedOutError)
Example #19
0
 def join(self, id):
     from server.models.ssuser import SSUser
     theGroup = Group.read(id)
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     if theUser.canJoin(theGroup):
         theUser.join(theGroup)
         return data(theGroup)
     else:
         return error("Operation not permitted. You don't have permission to join this group.", PermissionError)
Example #20
0
 def unreadCount(self, userName):
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     otherUser = SSUser.readByName(userName)
     if loggedInUser == otherUser.id or theUser.isAdmin():
         return data(theUser.unreadCount())
     else:
         return error(
             "You do not have permission to view this user's unread count.",
             PermissionError)
Example #21
0
 def update(self, userName):
     theUser = SSUser.readByName(userName)
     if not theUser:
         return error("User %s does not exist" % userName, UserDoesNotExistError)
     loggedInUser = SSUser.read(helper.getLoggedInUser())
     if loggedInUser and loggedInUser.canModify(theUser):
         theData = json.loads(helper.getRequestBody())
         return data(theUser.update(theData))
     else:
         return error("Operation not permitted. You don't have permission to update this account.")
Example #22
0
 def groups(self, userName, start=None, end=None, limit=25):
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     otherUser = SSUser.readByName(userName)
     if loggedInUser == otherUser.id or theUser.isAdmin():
         return data(otherUser.groups(start=start, end=end, limit=limit))
     else:
         return error(
             "You don't have permission to view this user's groups.",
             PermissionError)
Example #23
0
 def share(self, id, users):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift or theShift.publishData.private:
         return error("You don't have permission to view this shift.", PermissionError)
     targets = users.split(" ")
     userNames = [target[1:] for target in targets if target[0] == "@"]
     userIds = SSUser.namesToIds(userNames)
     theShift.shareWith(userIds, fromUser=SSUser.read(loggedInUser))
     return ack
Example #24
0
 def read(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     theShift = Shift.read(id, loggedInUser)
     if theShift and theUser.canRead(theShift):
         return data(theShift)
     else:
         if not theShift:
             return error("Resource does not exist.", ResourceDoesNotExistError)
         else:
             return error("Operation not permitted. You don't have permission to view this shift. %s" % theShift, PermissionError)
Example #25
0
 def share(self, id, users):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift or theShift.publishData.private:
         return error("You don't have permission to view this shift.",
                      PermissionError)
     targets = users.split(" ")
     userNames = [target[1:] for target in targets if target[0] == "@"]
     userIds = SSUser.namesToIds(userNames)
     theShift.shareWith(userIds, fromUser=SSUser.read(loggedInUser))
     return ack
Example #26
0
 def delete(self, userName):
     theUser = SSUser.readByName(userName)
     if not theUser:
         return error("User %s does not exist" % userName, UserDoesNotExistError)
     loggedInUser = SSUser.read(helper.getLoggedInUser())
     if loggedInUser and loggedInUser.canModify(theUser):
         if theUser.id == loggedInUser.id:
             helper.setLoggedInUser(None)
         theUser.delete()
         return ack
     else:
         return error("Operation not permitted. You don't have permission to delete this account.")
Example #27
0
 def unfavorite(self, id):
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theUser.canRead(theShift):
         return data(theUser.unfavorite(theShift))
     else:
         return error("Operation not permitted. You don't have permission to unfavorite this shift.", PermissionError)
Example #28
0
 def inviteUsers(self, id, users):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     groupAdmin = SSUser.read(loggedInUser)
     theGroup = Group.read(id)
     if groupAdmin.isAdminOf(theGroup):
         db = core.connect()
         users = SSUser.all(db, keys=json.loads(users))
         for user in users:
             groupAdmin.inviteUser(theGroup, user)
         return data(theGroup)
     else:
         return error("Operation not permitted. You don't have permission to modify this group", PermissionError)
Example #29
0
 def comments(self, id, start=None, end=None, limit=25):
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theShift.isPublic() or theUser.canRead(theShift):
         return data(theShift.comments(start=start, end=end, limit=limit))
     else:
         return error("Operation not permitted. You don't have permission to view comments on this shift.", PermissionError)
Example #30
0
 def update(self, userName):
     theUser = SSUser.readByName(userName)
     if not theUser:
         return error("User %s does not exist" % userName,
                      UserDoesNotExistError)
     loggedInUser = SSUser.read(helper.getLoggedInUser())
     if loggedInUser and loggedInUser.canModify(theUser):
         theData = json.loads(helper.getRequestBody())
         return data(theUser.update(theData))
     else:
         return error(
             "Operation not permitted. You don't have permission to update this account."
         )
Example #31
0
 def update(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     theGroup = Group.read(id)
     jsonData = helper.getRequestBody()
     if jsonData != "":
         if theUser.isAdminOf(theGroup):
             groupData = json.loads(jsonData)
             return data(theGroup.update(groupData))
         else:
             return error("You don't have permission to update this group", PermissionError)
     else:
         return error("No data for group.", NoDataError)
Example #32
0
 def shifts(self, userName, start=None, end=None, limit=25, filter=False, query=None):
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     otherUser = SSUser.readByName(userName)
     if query != None:
         query = json.loads(query)
     if loggedInUser == otherUser.id or theUser.isAdmin():
         return data(otherUser.shifts(start=start,
                                      end=end,
                                      limit=limit,
                                      filter=filter,
                                      query=query))
     else:
         return error("You don't have permission to view this user's shifts.", PermissionError)
Example #33
0
 def info(self, id):
     from server.models.ssuser import SSUser
     # TODO: bulk call - David 12/13/2009
     theGroup = Group.read(id)
     memberCount = theGroup.memberCount()
     adminCount = theGroup.adminCount()
     shiftCount = theGroup.shiftCount()
     info = {
         "memberCount": memberCount,
         "adminCount": adminCount,
         "shiftCount": shiftCount
         }
     theUser = SSUser.read(helper.getLoggedInUser())
     info["isAdmin"] = theUser.isAdminOf(theGroup)
     return data(info)
Example #34
0
 def unfavorite(self, id):
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theUser.canRead(theShift):
         return data(theUser.unfavorite(theShift))
     else:
         return error(
             "Operation not permitted. You don't have permission to unfavorite this shift.",
             PermissionError)
Example #35
0
 def delete(self, userName):
     theUser = SSUser.readByName(userName)
     if not theUser:
         return error("User %s does not exist" % userName,
                      UserDoesNotExistError)
     loggedInUser = SSUser.read(helper.getLoggedInUser())
     if loggedInUser and loggedInUser.canModify(theUser):
         if theUser.id == loggedInUser.id:
             helper.setLoggedInUser(None)
         theUser.delete()
         return ack
     else:
         return error(
             "Operation not permitted. You don't have permission to delete this account."
         )
Example #36
0
 def read(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     theShift = Shift.read(id, loggedInUser)
     if theShift and theUser.canRead(theShift):
         return data(theShift)
     else:
         if not theShift:
             return error("Resource does not exist.",
                          ResourceDoesNotExistError)
         else:
             return error(
                 "Operation not permitted. You don't have permission to view this shift. %s"
                 % theShift, PermissionError)
Example #37
0
 def testPublishToFollowers(self):
     json = shiftJson()
     json["createdBy"] = self.fakemary.id
     newShift = Shift.create(json)
     self.fakejohn.follow(self.fakemary)
     fakejohn = SSUser.read(self.fakejohn.id)
     # should be in the list of people fakejohn is following
     self.assertTrue(self.fakemary.id in fakejohn.following())
     # should be in the list of fakemary's followers
     followers = self.fakemary.followers()
     self.assertTrue(self.fakejohn.id in followers)
     newShift.publish({"private":False})
     # should exist in shiftspace/shared db
     theShift = Shift.load(core.connect("shiftspace/shared"), newShift.id)
     self.assertEqual(theShift.summary, newShift.summary)
Example #38
0
 def delete(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id, loggedInUser)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theUser.canModify(theShift):
         theShift.delete()
         return ack
     else:
         return error("Operation not permitted. You don't have permission to delete this shift.", PermissionError)
Example #39
0
 def comments(self, id, start=None, end=None, limit=25):
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id, userId=loggedInUser)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theShift.isPublic() or theUser.canRead(theShift):
         return data(theShift.comments(start=start, end=end, limit=limit))
     else:
         return error(
             "Operation not permitted. You don't have permission to view comments on this shift.",
             PermissionError)
Example #40
0
 def delete(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id, loggedInUser)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theUser.canModify(theShift):
         theShift.delete()
         return ack
     else:
         return error(
             "Operation not permitted. You don't have permission to delete this shift.",
             PermissionError)
Example #41
0
 def unnotify(self, id):
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theUser.canRead(theShift):
         if theUser.isSubscribed(theShift):
             theUser.unsubscribe(theShift)
             return ack
         else:
             return error("You are not getting notification from this comment thread.", NotBeingNotifiedError)
     else:
         return error("Operation not permitted. You don't have permission to be notified of events on this stream.", PermissionError)
Example #42
0
 def update(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     jsonData = helper.getRequestBody()
     if jsonData != "":
         theShift = Shift.read(id, loggedInUser)
         if not theShift:
             return error("Resource does not exist.", ResourceDoesNotExistError)
         if theShift.type != "shift":
             return error("Resource is not of type shift", ResourceTypeError)
         from server.models.ssuser import SSUser
         shiftData = json.loads(jsonData)
         theUser = SSUser.read(loggedInUser)
         if theUser.canModify(theShift):
             return data(theShift.update(shiftData))
         else:
             return error("Operation not permitted. You don't have permission to update this shift.", PermissionError)
     else:
         return error("No data for shift.", NoDataError)
Example #43
0
 def comment(self, id):
     loggedInUser = helper.getLoggedInUser()
     jsonData = helper.getRequestBody()
     if jsonData != "":
         theShift = Shift.read(id)
         if not theShift:
             return error("Resource does not exist.", ResourceDoesNotExistError)
         if theShift.type != "shift":
             return error("Resource is not of type shift", ResourceTypeError)
         from server.models.ssuser import SSUser
         theUser = SSUser.read(loggedInUser)
         theData = json.loads(jsonData)
         if theUser.canRead(theShift):
             from server.models.comment import Comment
             Comment.create(theUser.id, theShift.id, theData["text"], theData.get("subscribe") or False)
             return data(Shift.read(theShift.id, theUser.id))
         else:
             return error("Operation not permitted. You don't have permission to comment on this shift.", PermissionError)
     else:
         return error("No data for comment.", NoDataError)
Example #44
0
 def unnotify(self, id):
     loggedInUser = helper.getLoggedInUser()
     theShift = Shift.read(id)
     if not theShift:
         return error("Resource does not exist.", ResourceDoesNotExistError)
     if theShift.type != "shift":
         return error("Resource is not of type shift", ResourceTypeError)
     from server.models.ssuser import SSUser
     theUser = SSUser.read(loggedInUser)
     if theUser.canRead(theShift):
         if theUser.isSubscribed(theShift):
             theUser.unsubscribe(theShift)
             return ack
         else:
             return error(
                 "You are not getting notification from this comment thread.",
                 NotBeingNotifiedError)
     else:
         return error(
             "Operation not permitted. You don't have permission to be notified of events on this stream.",
             PermissionError)
Example #45
0
 def shifts(self, byHref=None, byDomain=None, byFollowing=False, byGroups=False, start=0, limit=25, count=False, filter=False, query=None):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     if loggedInUser:
         theUser = SSUser.read(loggedInUser)
     else:
         theUser = None
     if query != None:
         query = json.loads(query)
     allShifts = Shift.shifts(user=theUser,
                              byHref=byHref,
                              byDomain=byDomain,
                              byFollowing=byFollowing,
                              byGroups=byGroups,
                              start=start,
                              limit=limit,
                              filter=filter,
                              query=query)
     if count:
       return data(len(allShifts))
     else:
       return data(allShifts)
Example #46
0
 def shifts(self,
            userName,
            start=None,
            end=None,
            limit=25,
            filter=False,
            query=None):
     loggedInUser = helper.getLoggedInUser()
     theUser = SSUser.read(loggedInUser)
     otherUser = SSUser.readByName(userName)
     if query != None:
         query = json.loads(query)
     if loggedInUser == otherUser.id or theUser.isAdmin():
         return data(
             otherUser.shifts(start=start,
                              end=end,
                              limit=limit,
                              filter=filter,
                              query=query))
     else:
         return error(
             "You don't have permission to view this user's shifts.",
             PermissionError)
Example #47
0
 def update(self, id):
     from server.models.ssuser import SSUser
     loggedInUser = helper.getLoggedInUser()
     jsonData = helper.getRequestBody()
     if jsonData != "":
         theShift = Shift.read(id, loggedInUser)
         if not theShift:
             return error("Resource does not exist.",
                          ResourceDoesNotExistError)
         if theShift.type != "shift":
             return error("Resource is not of type shift",
                          ResourceTypeError)
         from server.models.ssuser import SSUser
         shiftData = json.loads(jsonData)
         theUser = SSUser.read(loggedInUser)
         if theUser.canModify(theShift):
             return data(theShift.update(shiftData))
         else:
             return error(
                 "Operation not permitted. You don't have permission to update this shift.",
                 PermissionError)
     else:
         return error("No data for shift.", NoDataError)
Example #48
0
 def read(cls, id, userId=None, proxy=False):
     from server.models.ssuser import SSUser
     theShift = None
     # then try the user public
     if userId:
         db = core.connect(SSUser.publicDb(userId))
         theShift = Shift.load(db, id)
         if not theShift:
             # then user private
             db = core.connect(SSUser.privateDb(userId))
             theShift = Shift.load(db, id)
     else:
         db = core.connect("shiftspace/public")
         theShift = Shift.load(db, id)
     if userId and not theShift:
         theUser = SSUser.read(userId)
         aShift = Shift.load(core.connect("shiftspace/shared"), id)
         if theUser.canRead(aShift):
             theShift = aShift
     if proxy:
         theShift = Shift.load(core.connect("shiftspace/shared"), id)
     if theShift:
         return Shift.joinData(theShift, theShift.createdBy)
Example #49
0
 def read(cls, id, userId=None, proxy=False):
     from server.models.ssuser import SSUser
     theShift = None
     # then try the user public
     if userId:
         db = core.connect(SSUser.publicDb(userId))
         theShift = Shift.load(db, id)
         if not theShift:
             # then user private
             db = core.connect(SSUser.privateDb(userId))
             theShift = Shift.load(db, id)
     else:
         db = core.connect("shiftspace/public")
         theShift = Shift.load(db, id)
     if userId and not theShift:
         theUser = SSUser.read(userId)
         aShift = Shift.load(core.connect("shiftspace/shared"), id)
         if theUser.canRead(aShift):
             theShift = aShift
     if proxy:
         theShift = Shift.load(core.connect("shiftspace/shared"), id)
     if theShift:
         return Shift.joinData(theShift, theShift.createdBy)
Example #50
0
 def shareWith(self, userIds, fromUser=None):
     from server.models.message import Message
     from server.models.ssuser import SSUser
     users = core.fetch(keys=userIds)
     if fromUser:
         userName = fromUser.userName
     else:
         userName = SSUser.read(self.createdBy).userName
     for user in users:
         json = {
             "fromId": self.createdBy,
             "toId": user["_id"],
             "title": "%s has shared a shift with you!" % userName,
             "text": "%s has shared a shift titled '%s' with you!" % (userName, self.summary),
             "meta": "share",
             "content": {
                 "type": "shift",
                 "_id": self.id,
                 "href": self.href,
                 "summary": self.summary
                 }
         }
         Message.create(**json)
Example #51
0
 def testPublishToGroup(self):
     json = shiftJson()
     json["createdBy"] = self.fakemary.id
     newShift = Shift.create(json)
     json = groupJson()
     json["createdBy"] = self.fakemary.id
     newGroup = Group.create(json)
     # make sure fakemary owns the group
     newPerm = Permission.readByUserAndGroup(self.fakemary.id, newGroup.id)
     self.assertTrue(newPerm.level == 4)
     # create read permission for fakejohn
     newPerm = Permission.create("shiftspace", newGroup.id, self.fakejohn.id, level=1)
     fakejohn = SSUser.read(self.fakejohn.id)
     self.assertTrue(Group.db(newGroup.id) in fakejohn.readable())
     publishData = {
         "dbs": [Group.db(newGroup.id)]
         }
     newShift.publish(publishData)
     # should exists in shiftspace/shared
     db = core.connect("shiftspace/shared")
     theShift = Shift.load(db, newShift.id)
     self.assertEqual(theShift.summary, newShift.summary)
     newGroup.delete()
Example #52
0
    def publish(self, publishData=None):
        from server.models.ssuser import SSUser

        if publishData == None:
            return self

        db = core.connect(SSUser.privateDb(self.createdBy))
        dbs = []
        author = SSUser.read(self.createdBy)
        oldPublishData = dict(self.items())["publishData"]
        allowed = []

        # get the private status
        isPrivate = True
        if publishData and publishData.get("private") != None:
            isPrivate = publishData.get("private")
        else:
            isPrivate = self.isPrivate()

        # get the dbs being published to
        publishDbs = (publishData and publishData.get("dbs")) or []

        # get the list of dbs the user is actually allowed to publish to
        allowed = []
        if (publishData and isPrivate and len(publishDbs) > 0):
            from server.models.group import Group
            allowedGroups = author.writeable()
            allowed = list(set(allowedGroups).intersection(set(publishDbs)))

        # upate the private setting, the shift is no longer draft
        self.publishData.private = isPrivate
        self.publishData.draft = False

        # publish or update a copy to group/x, group/y, ...
        newGroupDbs = [s for s in allowed if s.split("/")[0] == "group"]
        oldGroupDbs = [
            s for s in oldPublishData.get("dbs") if s.split("/")[0] == "group"
        ]
        newGroupDbs = list(set(newGroupDbs).difference(set(oldGroupDbs)))
        if newGroupDbs and len(newGroupDbs) > 0:
            dbs.extend(list(set(newGroupDbs)))

        # publish to any user we haven't published to before
        newUserDbs = [s for s in publishDbs if s.split("/")[0] == "user"]
        if newUserDbs and len(newUserDbs) > 0:
            userDbs = list(set(newUserDbs))
            dbs.extend(userDbs)
            self.shareWith([s.split("/")[1] for s in userDbs])

        self.publishData.dbs = dbs
        # store the human readable version
        targets = publishData.get("targets")
        if targets:
            self.publishData.targets = targets

        # update/add to group dbs
        self.updateInGroups(oldGroupDbs)
        self.addToGroups(newGroupDbs)

        # if public shift
        # create in user/public, delete from user/private
        # replicate shiftspace/public to shiftspace/shared
        if not isPrivate:
            publicdb = SSUser.publicDb(self.createdBy)
            if Shift.load(core.connect(publicdb), self.id):
                self.updateIn(publicdb)
            else:
                # TODO: copyTo should probably just be store - David
                self.copyTo(publicdb)
                privatedb = core.connect(SSUser.privateDb(self.createdBy))
                del privatedb[self.id]
                # we need to delete the private copy out of shiftspace/shared
                shared = core.connect("shiftspace/shared")
                del shared[self.id]
            # TODO: check that we have to force it in order to have it ready for replication - David
            db = core.connect(publicdb)
            core.replicate(publicdb, "shiftspace/public")
            core.replicate(publicdb, "shiftspace/shared")
        else:
            privatedb = SSUser.privateDb(self.createdBy)
            self.store(core.connect(privatedb))
            core.replicate(privatedb, "shiftspace/shared")

        return Shift.joinData(self, self.createdBy)
Example #53
0
 def query(self):
     loggedInUser = helper.getLoggedInUser()
     if loggedInUser:
         return data(SSUser.read(loggedInUser))
     else:
         return message("No logged in user.")
 def setUp(self):
     db = core.connect()
     self.fakemary = SSUser.create(fakemary).id
     self.root = SSUser.read("shiftspace").id
 def setUp(self):
     db = core.connect()
     self.fakemary = SSUser.create(fakemary)
     self.fakejohn = SSUser.create(fakejohn)
     self.fakebob = SSUser.create(fakebob)
     self.root = SSUser.read("shiftspace")