def can_unlock(self, item, user_id): """ Function checks whether user can unlock the item or not. """ can_user_edit, error_message = superdesk.get_resource_service('archive').can_edit(item, user_id) if can_user_edit: if not (str(item.get(LOCK_USER, '')) == str(user_id) or (current_user_has_privilege('archive') and current_user_has_privilege('unlock'))): return False, 'You don\'t have permissions to unlock an item.' else: return False, error_message return True, ''
def check_post_permission(self, post): to_be_checked = ( dict(status='open', privilege_required='publish_post'), dict(status='submit_for_aprobation', privilege_required='submit_post') ) for rule in to_be_checked: if 'post_status' in post and post['post_status'] == rule['status']: if not current_user_has_privilege(rule['privilege_required']): raise SuperdeskApiError.forbiddenError( message='User does not have sufficient permissions.')
def can_edit(self, item, user_id): """ Determines if the user can edit the item or not. """ # TODO: modify this function when read only permissions for stages are implemented # TODO: and Content state related checking. if not current_user_has_privilege('archive'): return False, 'User does not have sufficient permissions.' item_location = item.get('task') if item_location: if item_location.get('desk'): if not superdesk.get_resource_service('user_desks').is_member(user_id, item_location.get('desk')): return False, 'User is not a member of the desk.' elif item_location.get('user'): if not str(item_location.get('user')) == str(user_id): return False, 'Item belongs to another user.' return True, ''