def canComment(id, userId):
"""
Check if the user can comment on a shift. Allowed if:
1. Shift is public.
2. If the shift was published to a stream that the user has permissions on.
"""
db = core.connect()
theShift = db[id]
if not theShift["publishData"]["private"]:
return True
# ignore private streams
shiftStreams = [astream for astream in theShift["publishData"]["streams"]
if not stream.isUserPrivateStream(astream)]
writeable = permission.writeableStreams(userId)
allowed = set(shiftStreams).intersection(writeable)
return len(allowed) > 0
def canPost(id, userId):
"""
Return true if:
1. User is admin.
2. User created the stream.
3. User can write to the stream.
Parameters:
id - a stream id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
theStream = read(id)
if theStream["createdBy"] == userId:
return True
writeable = permission.writeableStreams(userId)
return id in writeable
def publish(id, publishData):
"""
Set draft status of a shift to false. Sync publishData field.
If the shift is private only publish to the streams that
the user has access. If the shift is publich publish it to
any of the public non-user streams. Creates the comment stream
if it doesn't already exist.
Parameters:
id - a shift id.
publishData - a dictionary holding the publish options.
"""
db = core.connect()
theShift = db[id]
theUser = db[theShift["createdBy"]]
userId = theUser["_id"]
allowed = []
publishStreams = publishData.get("streams") or []
if (publishData.get("private") == True) or (publishData.get("private") == None and isPrivate(id)):
allowedStreams = permission.writeableStreams(userId)
allowed = list(set(allowedStreams).intersection(set(publishStreams)))
# add any private user streams this shift is directed to
if publishData.get("users"):
allowed.extend([user.privateStream(user.idForName(userName))
for userName in publishData["users"]
if user.read(userName)])
del publishData["users"]
# add streams this user can post to
allowed.extend([astream for astream in publishStreams
if stream.canPost(astream, userId)])
else:
allowed.append(user.publicStream(userId))
# TODO: commentStreams should use the permission of the streams the shift has been published to. -David 7/14/09
if not commentStream(id):
streamId = createCommentStream(id)
user.addNotification(userId, streamId)
# remove duplicates
publishData["streams"] = list(set(allowed))
newData = theShift["publishData"]
newData.update(publishData)
theShift["publishData"] = newData
theShift["publishData"]["draft"] = False
db[id] = theShift
def canCreate(data, userId):
"""
Check if a user can create an event. Allowed under the following conditions:
1. user is admin.
2. the stream is public.
3. the stream is writeable by the user.
Parameters:
data - the event data.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
streamId = data["streamId"]
theStream = stream.read(userId)
if not theStream["private"]:
return True
writeable = permission.writeableStreams(userId)
return (streamId in writeable)