def delete_group(self, group_id):
self._verify_owner()
g = self.db.get_group(group_id)
if g.owner.key().id() != self.owner.key().id():
raise PermissionDeniedError()
self.db.delete(g)
return []
def unpurchase_item(self, item_id):
'''
Mark the given item as not purchased if you were the one who
purchased it
'''
_ = lambda x: x.key().id()
self._verify_owner()
item = self.db.get_item(item_id)
if not self._can_read_list(item.parent_list.owner.key().id()):
raise PermissionDeniedError()
oid = _(self.owner)
if item.purchased_by is not None and _(item.purchased_by) != oid:
self._item_already_taken('purchased', item.purchased_by)
if item.reserved_by is not None and _(item.reserved_by) != oid:
self._item_already_taken('reserved', item.reserved_by)
l = None
if item.is_surprise:
l = item.parent_list
self.db.delete(item)
else:
item.purchased_by = None
l = item.put().parent_list
return WishList.from_db(l)
def get_requests(self):
'''
Return a list of all requests
'''
if not self.db.user.is_admin:
raise PermissionDeniedError()
return [AccessReq.from_db(db) for db in self.db.get_reqs()]
def delete(self, resource_id):
"""Decline an invitation"""
extra = dict(resource_id=resource_id)
logging.info('invitations::decline', extra=extra)
invite = self.db.get_group_invite(int(resource_id))
if invite.email != self.owner.email:
raise PermissionDeniedError()
self.db.delete(invite)
self.dump({})
def delete_list(self, list_id):
'''
Delete the given List
'''
l = self.db.get_list(list_id)
oid = l.owner.key().id()
if not self._can_add_to_list(oid):
raise PermissionDeniedError()
l.delete()
return []
def add_group(self, name, desc):
self._verify_owner()
if not self.db.user.is_admin:
raise PermissionDeniedError()
if not self.db.is_group_name_unique(name):
raise DuplicateNameError(Group, name)
g = self.db.add_group(name, desc, self.owner)
self.db.add_group_member(g, self.owner)
return Group.from_db(g)
def get_lists(self, owner_id):
'''
Retrieve all the wish lists for the given owner
'''
if not self._can_read_list(owner_id):
raise PermissionDeniedError()
oid = self.owner.key().id()
own = oid == owner_id
owner = self.db.get_owner(owner_id)
return [WishList.from_db(l, own=own) for l in owner.lists]
def add_list(self, owner_id, name, desc):
'''
Add a new wish list for the given owner, ensuring a unique name
'''
if not self._can_add_to_list(owner_id):
raise PermissionDeniedError()
if not self.db.is_list_name_unique(owner_id, name):
raise DuplicateNameError(WishList, name)
l = self.db.add_list(owner_id, name, desc)
return WishList.from_db(l)
def delete(self, resource_id):
"""Delete an existing resource"""
logging.info('groups::delete', extra=dict(resource_id=resource_id))
group = self.db.get_group(int(resource_id))
# you can only delete your own groups, unless you're an admin
is_group_owner = group.owner.key().id() == self.owner.key().id()
if not self.user.is_admin and not is_group_owner:
raise PermissionDeniedError()
self.db.delete(group)
self.dump({})
def update_item(self, item_id, name, cat, desc, url):
'''
Update the name, category, description and url of an existing item
'''
item = self.db.get_item(item_id)
if not self._can_add_to_list(item.parent_list.owner.key().id()):
raise PermissionDeniedError()
item.name = name
item.category = cat
item.description = desc
item.url = url
return WishList.from_db(item.put().parent_list)
def add_item(self, list_id, name, cat, desc, url, surprise):
'''
Add an item to the given wish list
'''
l = self.db.get_list(list_id)
can_read = self._can_read_list(l.owner.key().id())
can_add = self._can_add_to_list(l.owner.key().id())
if not (can_add or (can_read and surprise)):
raise PermissionDeniedError()
item = self.db.add_list_item(list_id, name, cat, desc, url, surprise)
if surprise:
item.reserved_by = self.owner
item.put()
return WishList.from_db(self.db.get_list(list_id))
def approve_request(self, req_id):
'''
Approve the given AccessRequestDb
'''
if not self.db.user.is_admin:
raise PermissionDeniedError()
req = self.db.get_req(req_id)
self.db.add_owner(req.user)
self.db.delete(req)
to = req.user.email()
subject = 'Account Activated'
body = self.ae.APPROVE_TEMPLATE % extract_name(to)
self.ae.send_mail(to, subject, body)
return []
def get(self, resource_id=None):
"""Fetch request(s)"""
if not self.user.is_admin:
raise PermissionDeniedError()
if resource_id is None:
self.dump([JsRequest.from_db(req) for req in self.db.get_reqs()])
return
req = self.db.get_req(int(resource_id))
if req is None:
self.abort(404)
self.dump(JsRequest.from_db(req))
def update_list(self, list_id, name, desc):
'''
Update the name/description of an existing wish list for
the given owner, ensuring a unique name
'''
l = self.db.get_list(list_id)
oid = l.owner.key().id()
if not self._can_add_to_list(oid):
raise PermissionDeniedError()
if not self.db.is_list_name_unique(oid, name, l.key()):
raise DuplicateNameError(WishList, name)
l.name = name
l.description = desc
return WishList.from_db(l.put())
def deny(self, req_id):
"""Deny the given request"""
if not self.user.is_admin:
raise PermissionDeniedError()
req = self.db.get_req(int(req_id))
if req is None:
self.abort(404)
req.denied = True
req.put()
to = req.user.email()
subject = 'Account Not Activated'
body = self.ae.DENY_TEMPLATE % extract_name(to)
self.ae.send_mail(to, subject, body)
self.dump(JsSuccess())
def approve(self, req_id):
"""Approve the given request"""
if not self.user.is_admin:
raise PermissionDeniedError()
req = self.db.get_req(int(req_id))
if req is None:
self.abort(404)
self.db.add_owner(req.user)
self.db.delete(req)
to = req.user.email()
subject = 'Account Activated'
body = self.ae.APPROVE_TEMPLATE % extract_name(to)
self.ae.send_mail(to, subject, body)
self.dump(JsSuccess())
def deny_request(self, req_id):
'''
Deny the given AccessRequestDb
'''
if not self.db.user.is_admin:
raise PermissionDeniedError()
req = self.db.get_req(req_id)
req.denied = True
req.put()
to = req.user.email()
subject = 'Account Not Activated'
body = self.ae.DENY_TEMPLATE % extract_name(to)
self.ae.send_mail(to, subject, body)
return []
def remove_item(self, item_id):
'''
Remove the given item. If the item has been reserved/purchased, send
an email notification to the the reserver/purchaser
'''
self._verify_owner()
item = self.db.get_item(item_id)
if not self._can_add_to_list(item.parent_list.owner.key().id()):
raise PermissionDeniedError()
if item.reserved_by is not None:
to = item.reserved_by.email
subject = 'Wish List Item Deleted'
name, email = self.owner.nickname, self.owner.email
template_tuple = (
item.reserved_by.nickname,
name,
email,
item.name,
item.parent_list.name,
'Reserved',
name,
email,
)
body = self.ae.DELETED_ITEM_TEMPLATE % template_tuple
self.ae.send_mail(to, subject, body)
elif item.purchased_by is not None:
to = item.purchased_by.email
subject = 'Wish List Item Deleted'
name, email = self.owner.nickname, self.owner.email
template_tuple = (
item.purchased_by.nickname,
name,
email,
item.name,
item.parent_list.name,
'Purchased',
name,
email,
)
body = self.ae.DELETED_ITEM_TEMPLATE % template_tuple
self.ae.send_mail(to, subject, body)
l = item.parent_list
self.db.delete(item)
return WishList.from_db(l)
def get(self, resource_id=None):
"""Fetch group(s)"""
logging.info('groups::get', extra=dict(resource_id=resource_id))
if self.user.is_admin:
owner_groups = self.db.get_groups()
else:
owner_groups = [g for g in self.owner.groups]
owner_groups.extend([m.group for m in self.owner.memberships])
if resource_id is None:
self.dump([JsGroup.from_db(g) for g in owner_groups])
else:
group = self.db.get_group(int(resource_id))
if group not in owner_groups:
raise PermissionDeniedError()
self.dump(JsGroup.from_db(group))
def put(self, resource_id):
"""Update an existing resource"""
extra = dict(resource_id=resource_id, body=self.request.body)
logging.info('groups::put', extra=extra)
data = self.parse_json(self.request.body)
group = self.db.get_group(int(resource_id))
# You can only update your own groups (unless you're an admin)
is_own_group = group.owner.key().id() == self.owner.key().id()
if not self.user.is_admin and not is_own_group:
raise PermissionDeniedError()
if not self.db.is_group_name_unique(data.name, group.key()):
raise DuplicateNameError(JsGroup, data.name)
group.name = data.name
group.description = data.description
self.dump(JsGroup.from_db(group.put()))
def purchase_item(self, item_id):
'''
Mark the given item as purchased
'''
_ = lambda x: x.key().id()
self._verify_owner()
item = self.db.get_item(item_id)
if not self._can_read_list(item.parent_list.owner.key().id()):
raise PermissionDeniedError()
oid = _(self.owner)
if item.purchased_by is not None and _(item.purchased_by) != oid:
self._item_already_taken('purchased', item.purchased_by)
if item.reserved_by is not None and _(item.reserved_by) != oid:
self._item_already_taken('reserved', item.reserved_by)
item.reserved_by = None
item.purchased_by = self.owner
return WishList.from_db(item.put().parent_list)
def wrapped(self, *args, **kwargs):
if not self.user.is_admin:
raise PermissionDeniedError()
return func(self, *args, **kwargs)
def wrapped(self, *args, **kwargs):
if not self.owner:
raise PermissionDeniedError()
return func(self, *args, **kwargs)
def _verify_owner(self):
self.owner = self.db.get_owner_by_user(self.db.user)
if self.owner is None:
raise PermissionDeniedError()