def makeAdmin(self, id, userId):
from server.models.ssuser import SSUser
theGroup = Group.read(id)
theUser = SSUser.read(helper.getLoggedInUser())
if theUser.isAdminOf(theGroup):
otherUser = SSUser.read(userId)
theGroup.setPrivilege(otherUser, 3)
return ack
else:
return error("You don't have permission to promote members of this group to admin.", PermissionError)
def shareWith(self, userIds, fromUser=None):
from server.models.message import Message
from server.models.ssuser import SSUser
users = core.fetch(keys=userIds)
if fromUser:
userName = fromUser.userName
else:
userName = SSUser.read(self.createdBy).userName
for user in users:
json = {
"fromId":
self.createdBy,
"toId":
user["_id"],
"title":
"%s has shared a shift with you!" % userName,
"text":
"%s has shared a shift titled '%s' with you!" %
(userName, self.summary),
"meta":
"share",
"content": {
"type": "shift",
"_id": self.id,
"href": self.href,
"summary": self.summary
}
}
Message.create(**json)
def create(cls, userId, groupId, otherId, level):
from server.models.ssuser import SSUser
from server.models.group import Group
db = core.connect()
if not groupId:
raise MissingGroupError
if not userId:
raise MissingCreatorError
if Permission.readByUserAndGroup(otherId, groupId):
raise PermissionAlreadyExistsError
adminable = [
row.value for row in Permission.by_adminable(db, key=userId).rows
]
allowed = groupId in adminable
if not allowed:
theUser = SSUser.read(userId)
allowed = theUser.isAdmin()
if not allowed:
theGroup = Group.read(groupId)
allowed = theUser.isOwnerOf(theGroup)
if not allowed:
raise CreateEventPermissionError
json = {
"createdBy": userId,
"userId": otherId,
"groupId": groupId,
"level": level
}
newPermission = Permission(**utils.clean(json))
newPermission.store(db)
return newPermission
def publish(self, id):
# NOTE: should maybe take publishData url parameter - David 9/5/2009
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id, loggedInUser)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
publishData = json.loads(helper.getRequestBody())
# convert targets to actual database references
if publishData.get("targets"):
from server.models.group import Group
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
targets = publishData["targets"]
# convert short names to group ids
shortNames = [target[1:] for target in targets if target[0] == "&"]
groupIds = Group.shortNamesToIds(shortNames)
# convert user name to user ids
userNames = [target[1:] for target in targets if target[0] == "@"]
userIds = SSUser.namesToIds(userNames)
# create list of dbs being published to
dbs = [Group.db(groupId) for groupId in groupIds]
# validate groups
writeable = theUser.writeable()
if not set(dbs).issubset(set(writeable)):
return error(
"Operation not permitted. You don't have permission to publish to some of these groups",
PermissionError)
# TODO: validate against blocked users - David 2/15/10
dbs.extend([SSUser.db(userId) for userId in userIds])
publishData["dbs"] = dbs
return data(theShift.publish(publishData))
def create(cls, userId, groupId, otherId, level):
from server.models.ssuser import SSUser
from server.models.group import Group
db = core.connect()
if not groupId:
raise MissingGroupError
if not userId:
raise MissingCreatorError
if Permission.readByUserAndGroup(otherId, groupId):
raise PermissionAlreadyExistsError
adminable = [row.value for row in Permission.by_adminable(db, key=userId).rows]
allowed = groupId in adminable
if not allowed:
theUser = SSUser.read(userId)
allowed = theUser.isAdmin()
if not allowed:
theGroup = Group.read(groupId)
allowed = theUser.isOwnerOf(theGroup)
if not allowed:
raise CreateEventPermissionError
json = {
"createdBy": userId,
"userId": otherId,
"groupId": groupId,
"level": level
}
newPermission = Permission(**utils.clean(json))
newPermission.store(db)
return newPermission
def read(self, userName):
theUser = SSUser.readByName(userName)
if not theUser:
return error("User %s does not exist" % userName, UserDoesNotExistError)
loggedInUser = SSUser.read(helper.getLoggedInUser())
canReadFull = loggedInUser.canReadFull(theUser)
return data(theUser.toDict((loggedInUser and canReadFull)))
def publish(self, id):
# NOTE: should maybe take publishData url parameter - David 9/5/2009
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id, loggedInUser)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
publishData = json.loads(helper.getRequestBody())
# convert targets to actual database references
if publishData.get("targets"):
from server.models.group import Group
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
targets = publishData["targets"]
# convert short names to group ids
shortNames = [target[1:] for target in targets if target[0] == "&"]
groupIds = Group.shortNamesToIds(shortNames)
# convert user name to user ids
userNames = [target[1:] for target in targets if target[0] == "@"]
userIds = SSUser.namesToIds(userNames)
# create list of dbs being published to
dbs = [Group.db(groupId) for groupId in groupIds]
dbs.extend([SSUser.db(userId) for userId in userIds])
# validate
writeable = theUser.writeable()
if set(writeable) != set(dbs):
return error("Operation not permitted. You don't have permission to publish to some of these gruops", PermissionError)
publishData["dbs"] = dbs
return data(theShift.publish(publishData))
def comment(self, id):
loggedInUser = helper.getLoggedInUser()
jsonData = helper.getRequestBody()
if jsonData != "":
theShift = Shift.read(id, userId=loggedInUser)
if not theShift:
return error("Shift does not exist.",
ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift",
ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
theData = json.loads(jsonData)
if theUser.canRead(theShift):
from server.models.comment import Comment
Comment.create(theUser.id, theShift.id, theData["text"],
theData.get("subscribe") or False)
return data(Shift.read(theShift.id, theUser.id))
else:
return error(
"Operation not permitted. You don't have permission to comment on this shift.",
PermissionError)
else:
return error("No data for comment.", NoDataError)
def shifts(self,
byHref=None,
byDomain=None,
byFollowing=False,
byGroups=False,
bySpace=None,
start=0,
limit=25,
count=False,
filter=False,
query=None,
all=False):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
if loggedInUser:
theUser = SSUser.read(loggedInUser)
else:
theUser = None
if query != None:
query = json.loads(query)
allShifts = Shift.shifts(user=theUser,
byHref=byHref,
byDomain=byDomain,
byFollowing=byFollowing,
byGroups=byGroups,
bySpace=bySpace,
start=start,
limit=limit,
filter=filter,
query=query,
all=False)
if count:
return data(len(allShifts))
else:
return data(allShifts)
def unfollow(self, userName):
theUser = SSUser.read(helper.getLoggedInUser())
followed = SSUser.readByName(userName)
if theUser.id == followed.id:
return error("You cannot unfollow yourself.", FollowError)
else:
theUser.unfollow(followed)
return data(followed)
def read(self, userName):
theUser = SSUser.readByName(userName)
if not theUser:
return error("User %s does not exist" % userName,
UserDoesNotExistError)
loggedInUser = SSUser.read(helper.getLoggedInUser())
canReadFull = loggedInUser.canReadFull(theUser)
return data(theUser.toDict((loggedInUser and canReadFull)))
def groups(self, userName, start=None, end=None, limit=25):
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
otherUser = SSUser.readByName(userName)
if loggedInUser == otherUser.id or theUser.isAdmin():
return data(otherUser.groups(start=start, end=end, limit=limit))
else:
return error("You don't have permission to view this user's groups.", PermissionError)
def unreadCount(self, userName):
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
otherUser = SSUser.readByName(userName)
if loggedInUser == otherUser.id or theUser.isAdmin():
return data(theUser.unreadCount())
else:
return error("You do not have permission to view this user's unread count.", PermissionError)
def unfollow(self, userName):
theUser = SSUser.read(helper.getLoggedInUser())
followed = SSUser.readByName(userName)
if theUser.id == followed.id:
return error("You cannot unfollow yourself.", FollowError)
else:
theUser.unfollow(followed)
return data(followed)
def logout(self):
loggedInUser = helper.getLoggedInUser()
if loggedInUser:
theUser = SSUser.read(loggedInUser)
theUser.updateLastSeen()
helper.setLoggedInUser(None)
return ack
else:
return error("No user logged in.", AlreadyLoggedOutError)
def updateShift(self, aShift):
from server.models.ssuser import SSUser
author = SSUser.read(aShift.createdBy)
if author.isMemberOf(self):
grpdb = Group.db(self.id)
aShift.updateIn(grpdb)
else:
db = core.connect()
raise NotAMemberError("%s is not a member of %s" % (author.userName, self.longName))
def members(self, id):
from server.models.ssuser import SSUser
theGroup = Group.read(id)
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
if theUser.isAdminOf(theGroup):
return data(theGroup.members())
else:
return error("You don't have permission to view this groups members", PermissionError)
def logout(self):
loggedInUser = helper.getLoggedInUser()
if loggedInUser:
theUser = SSUser.read(loggedInUser)
theUser.updateLastSeen()
helper.setLoggedInUser(None)
return ack
else:
return error("No user logged in.", AlreadyLoggedOutError)
def join(self, id):
from server.models.ssuser import SSUser
theGroup = Group.read(id)
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
if theUser.canJoin(theGroup):
theUser.join(theGroup)
return data(theGroup)
else:
return error("Operation not permitted. You don't have permission to join this group.", PermissionError)
def unreadCount(self, userName):
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
otherUser = SSUser.readByName(userName)
if loggedInUser == otherUser.id or theUser.isAdmin():
return data(theUser.unreadCount())
else:
return error(
"You do not have permission to view this user's unread count.",
PermissionError)
def update(self, userName):
theUser = SSUser.readByName(userName)
if not theUser:
return error("User %s does not exist" % userName, UserDoesNotExistError)
loggedInUser = SSUser.read(helper.getLoggedInUser())
if loggedInUser and loggedInUser.canModify(theUser):
theData = json.loads(helper.getRequestBody())
return data(theUser.update(theData))
else:
return error("Operation not permitted. You don't have permission to update this account.")
def groups(self, userName, start=None, end=None, limit=25):
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
otherUser = SSUser.readByName(userName)
if loggedInUser == otherUser.id or theUser.isAdmin():
return data(otherUser.groups(start=start, end=end, limit=limit))
else:
return error(
"You don't have permission to view this user's groups.",
PermissionError)
def share(self, id, users):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift or theShift.publishData.private:
return error("You don't have permission to view this shift.", PermissionError)
targets = users.split(" ")
userNames = [target[1:] for target in targets if target[0] == "@"]
userIds = SSUser.namesToIds(userNames)
theShift.shareWith(userIds, fromUser=SSUser.read(loggedInUser))
return ack
def read(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
theShift = Shift.read(id, loggedInUser)
if theShift and theUser.canRead(theShift):
return data(theShift)
else:
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
else:
return error("Operation not permitted. You don't have permission to view this shift. %s" % theShift, PermissionError)
def share(self, id, users):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift or theShift.publishData.private:
return error("You don't have permission to view this shift.",
PermissionError)
targets = users.split(" ")
userNames = [target[1:] for target in targets if target[0] == "@"]
userIds = SSUser.namesToIds(userNames)
theShift.shareWith(userIds, fromUser=SSUser.read(loggedInUser))
return ack
def delete(self, userName):
theUser = SSUser.readByName(userName)
if not theUser:
return error("User %s does not exist" % userName, UserDoesNotExistError)
loggedInUser = SSUser.read(helper.getLoggedInUser())
if loggedInUser and loggedInUser.canModify(theUser):
if theUser.id == loggedInUser.id:
helper.setLoggedInUser(None)
theUser.delete()
return ack
else:
return error("Operation not permitted. You don't have permission to delete this account.")
def unfavorite(self, id):
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theUser.canRead(theShift):
return data(theUser.unfavorite(theShift))
else:
return error("Operation not permitted. You don't have permission to unfavorite this shift.", PermissionError)
def inviteUsers(self, id, users):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
groupAdmin = SSUser.read(loggedInUser)
theGroup = Group.read(id)
if groupAdmin.isAdminOf(theGroup):
db = core.connect()
users = SSUser.all(db, keys=json.loads(users))
for user in users:
groupAdmin.inviteUser(theGroup, user)
return data(theGroup)
else:
return error("Operation not permitted. You don't have permission to modify this group", PermissionError)
def comments(self, id, start=None, end=None, limit=25):
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theShift.isPublic() or theUser.canRead(theShift):
return data(theShift.comments(start=start, end=end, limit=limit))
else:
return error("Operation not permitted. You don't have permission to view comments on this shift.", PermissionError)
def update(self, userName):
theUser = SSUser.readByName(userName)
if not theUser:
return error("User %s does not exist" % userName,
UserDoesNotExistError)
loggedInUser = SSUser.read(helper.getLoggedInUser())
if loggedInUser and loggedInUser.canModify(theUser):
theData = json.loads(helper.getRequestBody())
return data(theUser.update(theData))
else:
return error(
"Operation not permitted. You don't have permission to update this account."
)
def update(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
theGroup = Group.read(id)
jsonData = helper.getRequestBody()
if jsonData != "":
if theUser.isAdminOf(theGroup):
groupData = json.loads(jsonData)
return data(theGroup.update(groupData))
else:
return error("You don't have permission to update this group", PermissionError)
else:
return error("No data for group.", NoDataError)
def shifts(self, userName, start=None, end=None, limit=25, filter=False, query=None):
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
otherUser = SSUser.readByName(userName)
if query != None:
query = json.loads(query)
if loggedInUser == otherUser.id or theUser.isAdmin():
return data(otherUser.shifts(start=start,
end=end,
limit=limit,
filter=filter,
query=query))
else:
return error("You don't have permission to view this user's shifts.", PermissionError)
def info(self, id):
from server.models.ssuser import SSUser
# TODO: bulk call - David 12/13/2009
theGroup = Group.read(id)
memberCount = theGroup.memberCount()
adminCount = theGroup.adminCount()
shiftCount = theGroup.shiftCount()
info = {
"memberCount": memberCount,
"adminCount": adminCount,
"shiftCount": shiftCount
}
theUser = SSUser.read(helper.getLoggedInUser())
info["isAdmin"] = theUser.isAdminOf(theGroup)
return data(info)
def unfavorite(self, id):
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theUser.canRead(theShift):
return data(theUser.unfavorite(theShift))
else:
return error(
"Operation not permitted. You don't have permission to unfavorite this shift.",
PermissionError)
def delete(self, userName):
theUser = SSUser.readByName(userName)
if not theUser:
return error("User %s does not exist" % userName,
UserDoesNotExistError)
loggedInUser = SSUser.read(helper.getLoggedInUser())
if loggedInUser and loggedInUser.canModify(theUser):
if theUser.id == loggedInUser.id:
helper.setLoggedInUser(None)
theUser.delete()
return ack
else:
return error(
"Operation not permitted. You don't have permission to delete this account."
)
def read(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
theShift = Shift.read(id, loggedInUser)
if theShift and theUser.canRead(theShift):
return data(theShift)
else:
if not theShift:
return error("Resource does not exist.",
ResourceDoesNotExistError)
else:
return error(
"Operation not permitted. You don't have permission to view this shift. %s"
% theShift, PermissionError)
def testPublishToFollowers(self):
json = shiftJson()
json["createdBy"] = self.fakemary.id
newShift = Shift.create(json)
self.fakejohn.follow(self.fakemary)
fakejohn = SSUser.read(self.fakejohn.id)
# should be in the list of people fakejohn is following
self.assertTrue(self.fakemary.id in fakejohn.following())
# should be in the list of fakemary's followers
followers = self.fakemary.followers()
self.assertTrue(self.fakejohn.id in followers)
newShift.publish({"private":False})
# should exist in shiftspace/shared db
theShift = Shift.load(core.connect("shiftspace/shared"), newShift.id)
self.assertEqual(theShift.summary, newShift.summary)
def delete(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id, loggedInUser)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theUser.canModify(theShift):
theShift.delete()
return ack
else:
return error("Operation not permitted. You don't have permission to delete this shift.", PermissionError)
def comments(self, id, start=None, end=None, limit=25):
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id, userId=loggedInUser)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theShift.isPublic() or theUser.canRead(theShift):
return data(theShift.comments(start=start, end=end, limit=limit))
else:
return error(
"Operation not permitted. You don't have permission to view comments on this shift.",
PermissionError)
def delete(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id, loggedInUser)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theUser.canModify(theShift):
theShift.delete()
return ack
else:
return error(
"Operation not permitted. You don't have permission to delete this shift.",
PermissionError)
def unnotify(self, id):
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theUser.canRead(theShift):
if theUser.isSubscribed(theShift):
theUser.unsubscribe(theShift)
return ack
else:
return error("You are not getting notification from this comment thread.", NotBeingNotifiedError)
else:
return error("Operation not permitted. You don't have permission to be notified of events on this stream.", PermissionError)
def update(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
jsonData = helper.getRequestBody()
if jsonData != "":
theShift = Shift.read(id, loggedInUser)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
shiftData = json.loads(jsonData)
theUser = SSUser.read(loggedInUser)
if theUser.canModify(theShift):
return data(theShift.update(shiftData))
else:
return error("Operation not permitted. You don't have permission to update this shift.", PermissionError)
else:
return error("No data for shift.", NoDataError)
def comment(self, id):
loggedInUser = helper.getLoggedInUser()
jsonData = helper.getRequestBody()
if jsonData != "":
theShift = Shift.read(id)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
theData = json.loads(jsonData)
if theUser.canRead(theShift):
from server.models.comment import Comment
Comment.create(theUser.id, theShift.id, theData["text"], theData.get("subscribe") or False)
return data(Shift.read(theShift.id, theUser.id))
else:
return error("Operation not permitted. You don't have permission to comment on this shift.", PermissionError)
else:
return error("No data for comment.", NoDataError)
def unnotify(self, id):
loggedInUser = helper.getLoggedInUser()
theShift = Shift.read(id)
if not theShift:
return error("Resource does not exist.", ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift", ResourceTypeError)
from server.models.ssuser import SSUser
theUser = SSUser.read(loggedInUser)
if theUser.canRead(theShift):
if theUser.isSubscribed(theShift):
theUser.unsubscribe(theShift)
return ack
else:
return error(
"You are not getting notification from this comment thread.",
NotBeingNotifiedError)
else:
return error(
"Operation not permitted. You don't have permission to be notified of events on this stream.",
PermissionError)
def shifts(self, byHref=None, byDomain=None, byFollowing=False, byGroups=False, start=0, limit=25, count=False, filter=False, query=None):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
if loggedInUser:
theUser = SSUser.read(loggedInUser)
else:
theUser = None
if query != None:
query = json.loads(query)
allShifts = Shift.shifts(user=theUser,
byHref=byHref,
byDomain=byDomain,
byFollowing=byFollowing,
byGroups=byGroups,
start=start,
limit=limit,
filter=filter,
query=query)
if count:
return data(len(allShifts))
else:
return data(allShifts)
def shifts(self,
userName,
start=None,
end=None,
limit=25,
filter=False,
query=None):
loggedInUser = helper.getLoggedInUser()
theUser = SSUser.read(loggedInUser)
otherUser = SSUser.readByName(userName)
if query != None:
query = json.loads(query)
if loggedInUser == otherUser.id or theUser.isAdmin():
return data(
otherUser.shifts(start=start,
end=end,
limit=limit,
filter=filter,
query=query))
else:
return error(
"You don't have permission to view this user's shifts.",
PermissionError)
def update(self, id):
from server.models.ssuser import SSUser
loggedInUser = helper.getLoggedInUser()
jsonData = helper.getRequestBody()
if jsonData != "":
theShift = Shift.read(id, loggedInUser)
if not theShift:
return error("Resource does not exist.",
ResourceDoesNotExistError)
if theShift.type != "shift":
return error("Resource is not of type shift",
ResourceTypeError)
from server.models.ssuser import SSUser
shiftData = json.loads(jsonData)
theUser = SSUser.read(loggedInUser)
if theUser.canModify(theShift):
return data(theShift.update(shiftData))
else:
return error(
"Operation not permitted. You don't have permission to update this shift.",
PermissionError)
else:
return error("No data for shift.", NoDataError)
def read(cls, id, userId=None, proxy=False):
from server.models.ssuser import SSUser
theShift = None
# then try the user public
if userId:
db = core.connect(SSUser.publicDb(userId))
theShift = Shift.load(db, id)
if not theShift:
# then user private
db = core.connect(SSUser.privateDb(userId))
theShift = Shift.load(db, id)
else:
db = core.connect("shiftspace/public")
theShift = Shift.load(db, id)
if userId and not theShift:
theUser = SSUser.read(userId)
aShift = Shift.load(core.connect("shiftspace/shared"), id)
if theUser.canRead(aShift):
theShift = aShift
if proxy:
theShift = Shift.load(core.connect("shiftspace/shared"), id)
if theShift:
return Shift.joinData(theShift, theShift.createdBy)
def read(cls, id, userId=None, proxy=False):
from server.models.ssuser import SSUser
theShift = None
# then try the user public
if userId:
db = core.connect(SSUser.publicDb(userId))
theShift = Shift.load(db, id)
if not theShift:
# then user private
db = core.connect(SSUser.privateDb(userId))
theShift = Shift.load(db, id)
else:
db = core.connect("shiftspace/public")
theShift = Shift.load(db, id)
if userId and not theShift:
theUser = SSUser.read(userId)
aShift = Shift.load(core.connect("shiftspace/shared"), id)
if theUser.canRead(aShift):
theShift = aShift
if proxy:
theShift = Shift.load(core.connect("shiftspace/shared"), id)
if theShift:
return Shift.joinData(theShift, theShift.createdBy)
def shareWith(self, userIds, fromUser=None):
from server.models.message import Message
from server.models.ssuser import SSUser
users = core.fetch(keys=userIds)
if fromUser:
userName = fromUser.userName
else:
userName = SSUser.read(self.createdBy).userName
for user in users:
json = {
"fromId": self.createdBy,
"toId": user["_id"],
"title": "%s has shared a shift with you!" % userName,
"text": "%s has shared a shift titled '%s' with you!" % (userName, self.summary),
"meta": "share",
"content": {
"type": "shift",
"_id": self.id,
"href": self.href,
"summary": self.summary
}
}
Message.create(**json)
def testPublishToGroup(self):
json = shiftJson()
json["createdBy"] = self.fakemary.id
newShift = Shift.create(json)
json = groupJson()
json["createdBy"] = self.fakemary.id
newGroup = Group.create(json)
# make sure fakemary owns the group
newPerm = Permission.readByUserAndGroup(self.fakemary.id, newGroup.id)
self.assertTrue(newPerm.level == 4)
# create read permission for fakejohn
newPerm = Permission.create("shiftspace", newGroup.id, self.fakejohn.id, level=1)
fakejohn = SSUser.read(self.fakejohn.id)
self.assertTrue(Group.db(newGroup.id) in fakejohn.readable())
publishData = {
"dbs": [Group.db(newGroup.id)]
}
newShift.publish(publishData)
# should exists in shiftspace/shared
db = core.connect("shiftspace/shared")
theShift = Shift.load(db, newShift.id)
self.assertEqual(theShift.summary, newShift.summary)
newGroup.delete()
def publish(self, publishData=None):
from server.models.ssuser import SSUser
if publishData == None:
return self
db = core.connect(SSUser.privateDb(self.createdBy))
dbs = []
author = SSUser.read(self.createdBy)
oldPublishData = dict(self.items())["publishData"]
allowed = []
# get the private status
isPrivate = True
if publishData and publishData.get("private") != None:
isPrivate = publishData.get("private")
else:
isPrivate = self.isPrivate()
# get the dbs being published to
publishDbs = (publishData and publishData.get("dbs")) or []
# get the list of dbs the user is actually allowed to publish to
allowed = []
if (publishData and isPrivate and len(publishDbs) > 0):
from server.models.group import Group
allowedGroups = author.writeable()
allowed = list(set(allowedGroups).intersection(set(publishDbs)))
# upate the private setting, the shift is no longer draft
self.publishData.private = isPrivate
self.publishData.draft = False
# publish or update a copy to group/x, group/y, ...
newGroupDbs = [s for s in allowed if s.split("/")[0] == "group"]
oldGroupDbs = [
s for s in oldPublishData.get("dbs") if s.split("/")[0] == "group"
]
newGroupDbs = list(set(newGroupDbs).difference(set(oldGroupDbs)))
if newGroupDbs and len(newGroupDbs) > 0:
dbs.extend(list(set(newGroupDbs)))
# publish to any user we haven't published to before
newUserDbs = [s for s in publishDbs if s.split("/")[0] == "user"]
if newUserDbs and len(newUserDbs) > 0:
userDbs = list(set(newUserDbs))
dbs.extend(userDbs)
self.shareWith([s.split("/")[1] for s in userDbs])
self.publishData.dbs = dbs
# store the human readable version
targets = publishData.get("targets")
if targets:
self.publishData.targets = targets
# update/add to group dbs
self.updateInGroups(oldGroupDbs)
self.addToGroups(newGroupDbs)
# if public shift
# create in user/public, delete from user/private
# replicate shiftspace/public to shiftspace/shared
if not isPrivate:
publicdb = SSUser.publicDb(self.createdBy)
if Shift.load(core.connect(publicdb), self.id):
self.updateIn(publicdb)
else:
# TODO: copyTo should probably just be store - David
self.copyTo(publicdb)
privatedb = core.connect(SSUser.privateDb(self.createdBy))
del privatedb[self.id]
# we need to delete the private copy out of shiftspace/shared
shared = core.connect("shiftspace/shared")
del shared[self.id]
# TODO: check that we have to force it in order to have it ready for replication - David
db = core.connect(publicdb)
core.replicate(publicdb, "shiftspace/public")
core.replicate(publicdb, "shiftspace/shared")
else:
privatedb = SSUser.privateDb(self.createdBy)
self.store(core.connect(privatedb))
core.replicate(privatedb, "shiftspace/shared")
return Shift.joinData(self, self.createdBy)
def query(self):
loggedInUser = helper.getLoggedInUser()
if loggedInUser:
return data(SSUser.read(loggedInUser))
else:
return message("No logged in user.")
def setUp(self):
db = core.connect()
self.fakemary = SSUser.create(fakemary).id
self.root = SSUser.read("shiftspace").id
def setUp(self):
db = core.connect()
self.fakemary = SSUser.create(fakemary)
self.fakejohn = SSUser.create(fakejohn)
self.fakebob = SSUser.create(fakebob)
self.root = SSUser.read("shiftspace")
