コード例 #1
0
ファイル: shift.py プロジェクト: ljxia/shiftserver
def canComment(id, userId):
    """
    Check if the user can comment on a shift. Allowed if:
        1. Shift is public.
        2. If the shift was published to a stream that the user has permissions on.
    """
    db = core.connect()
    theShift = db[id]
    if not theShift["publishData"]["private"]:
      return True
    # ignore private streams
    shiftStreams = [astream for astream in theShift["publishData"]["streams"]
                    if not stream.isUserPrivateStream(astream)]
    writeable = permission.writeableStreams(userId)
    allowed = set(shiftStreams).intersection(writeable)
    return len(allowed) > 0
コード例 #2
0
ファイル: stream.py プロジェクト: ljxia/shiftserver
def canPost(id, userId):
    """
    Return true if:
        1. User is admin.
        2. User created the stream.
        3. User can write to the stream.
    Parameters:
        id - a stream id.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    theStream = read(id)
    if theStream["createdBy"] == userId:
        return True
    writeable = permission.writeableStreams(userId)
    return id in writeable
コード例 #3
0
ファイル: shift.py プロジェクト: ljxia/shiftserver
def publish(id, publishData):
    """
    Set draft status of a shift to false. Sync publishData field.
    If the shift is private only publish to the streams that
    the user has access. If the shift is publich publish it to
    any of the public non-user streams. Creates the comment stream
    if it doesn't already exist.
    Parameters:
        id - a shift id.
        publishData - a dictionary holding the publish options.
    """
    db = core.connect()
    theShift = db[id]
    theUser = db[theShift["createdBy"]]
    userId = theUser["_id"]
    allowed = []
    publishStreams = publishData.get("streams") or []
    if (publishData.get("private") == True) or (publishData.get("private") == None and isPrivate(id)):
        allowedStreams = permission.writeableStreams(userId)
        allowed = list(set(allowedStreams).intersection(set(publishStreams)))
        # add any private user streams this shift is directed to
        if publishData.get("users"):
            allowed.extend([user.privateStream(user.idForName(userName)) 
                            for userName in publishData["users"]
                            if user.read(userName)])
            del publishData["users"]
        # add streams this user can post to
        allowed.extend([astream for astream in publishStreams
                        if stream.canPost(astream, userId)])
    else:
        allowed.append(user.publicStream(userId))
    # TODO: commentStreams should use the permission of the streams the shift has been published to. -David 7/14/09
    if not commentStream(id):
        streamId = createCommentStream(id)
        user.addNotification(userId, streamId)
        
    # remove duplicates
    publishData["streams"] = list(set(allowed))
    newData = theShift["publishData"]
    newData.update(publishData)
    theShift["publishData"] = newData
    theShift["publishData"]["draft"] = False
    db[id] = theShift
コード例 #4
0
ファイル: event.py プロジェクト: ljxia/shiftserver
def canCreate(data, userId):
    """
    Check if a user can create an event. Allowed under the following conditions:
        1. user is admin.
        2. the stream is public.
        3. the stream is writeable by the user.
    Parameters:
        data - the event data.
        userId - a user id.
    Returns:
        bool.
    """
    if user.isAdmin(userId):
        return True
    streamId = data["streamId"]
    theStream = stream.read(userId)
    if not theStream["private"]:
        return True
    writeable = permission.writeableStreams(userId)
    return (streamId in writeable)