def is_user_allowed_admin_action(user_id, target_id, request = None, target_class = 'user_post',): """ @param user_id: the user id of the person initiating the request @param target_id: the id of the item the person is attempting to act upon @param request: optional request passed to query for session info etc @param target_class: optional class of item being targeted """ allow = False from raggregate import queries if user_id is None: return None u = get_user_by_id(user_id) try: # instantly grant whatever action this is to the admin if u.is_user_admin(): return True if target_class == 'user_post': target = queries.find_by_id(target_id) if type(target) == Comment or type(target) == Submission: allow = (str(target.submitter.id) == user_id) elif target_class == 'user_info': allow = (str(target_id) == str(user_id)) except: # always return False in case of exception. pass return allow
def load_parent(self): # raggregate.queries depends on the models defined in this file # so it shouldn't be imported until it's ready to be used in a function # as it's being imported here. Otherwise, we die with dependency problems. # it is probably not advisable to do things this way, but it is much nicer from raggregate import queries if self.parent_id == None: print("No parent id on comment {0}, this is a problem...".format(self.id)) return None p = queries.find_by_id(self.parent_id) return p
def test_find_by_id_user(self): # depends on functional test_create_user u = queries.create_user(username = '******', password='******') res = queries.find_by_id(u.id) self.assertEqual(res.id, u.id) self.assertEqual(res.name, u.name)
def epistle(request): message = '' dbsession = DBSession() s = request.session p = request.session['safe_post'] if 'logged_in' not in s: s['message'] = 'Sorry, you must be logged in to use the messaging feature.' return {'success': False, 'code': 'ENOLOGIN'} if p and 'recipient' in p: if p['recipient'] == '' and p['recipient-name'] == '': s['message'] = "No recipient provided." return {'code': 'ENORECP', 'success': False} if p['recipient'] == '': # look up recipient-name try: recp = queries.get_user_by_name(p['recipient-name']) except sqlalchemy.orm.exc.NoResultFound: #@TODO: discuss facebook name sending implications s['message'] = "Could not find that user." return {'code': 'ENORECP', 'success': False} else: try: recp = queries.get_user_by_id(p['recipient']) except: s['message'] = "Could not find that user." return {'code': 'ENORECP', 'success': False} if p['subject'] == '': subject = None else: subject = p['subject'] if 'parent_id' not in p or p['parent_id'] == '': parent_id = None parent_type = 'epistle' else: parent_id = p['parent_id'] parent_obj = queries.find_by_id(parent_id) if isinstance(parent_obj, Comment): parent_type = 'comment' c = Comment(parent_obj.submission_id, s['users.id'], parent_obj.id, p['body'], in_reply_to = parent_obj.user_id) dbsession.add(c) else: parent_type = 'reply' if parent_type != 'comment': ep = Epistle(recp.id, s['users.id'], p['body'], parent=parent_id, parent_type=parent_type, subject=subject) dbsession.add(ep) message = 'Message sent.' box = request.matchdict['box'] if box == 'in': comments = queries.get_unread_comments_by_user_id(s['users.id']) elif box == 'comments': comments = queries.get_read_comments_by_user_id(s['users.id']) else: comments = [] if box != 'comments': ep = queries.get_epistle_roots(id=s['users.id'], target=box) epistle_children = {} for e in ep: e_id = str(e.id) epistle_children[e_id] = queries.get_epistle_children(e.id) flat_eps = [] [flat_eps.append(e) for e in _unwrap_list(ep)] [flat_eps.append(e) for e in _unwrap_list(epistle_children.values())] for e in flat_eps: if str(e.recipient) == s['users.id']: queries.mark_epistle_read(e) e = _assign_epistle_parent(e) for c in comments: queries.mark_comment_read(c) else: ep = {} epistle_children = {} return {'epistles': {'roots': ep, 'children': epistle_children}, 'comments': comments, 'success': True, 'code': 0,}