def invitedsForPostable(self, currentuser, useras, postable): "is user or memberable a member of the postable?" # i need to have access to this if i come in through being a member of a memberable which is a member # authorize_postable member takes care of this. That memberable is NOT the same memberable in the arguments here authorize_postable_owner(False, self, currentuser, useras, postable) inviteds = postable.get_invited_rws() return inviteds
def inviteUserToPostable(self, currentuser, useras, fqpn, user, changerw=False): "invite a user to a postable." ptype = gettype(fqpn) postable = self.getPostable(currentuser, fqpn) usertobeaddedfqin = user.basic.fqin if usertobeaddedfqin == useras.basic.fqin: doabort( "BAD_REQ", "Failed inviting user %s to postable %s as cant invite owner" % (usertobeaddedfqin, fqpn) ) # userq= User.objects(basic__fqin=usertobeaddedfqin) # try: # user=userq.get() # except: # doabort('BAD_REQ', "No such user %s" % usertobeaddedfqin) authorize_postable_owner(False, self, currentuser, useras, postable) try: if not changerw: rw = RWDEFMAP[ptype] else: rw = not RWDEFMAP[ptype] pe = is_pe_in_mble(postable, user.postablesinvitedto) # memb = is_me_in_pble(memberable, postable.members) if pe == False: pe = PostableEmbedded( ptype=ptype.classname, fqpn=postable.basic.fqin, owner=useras.adsid, pname=postable.presentable_name(), readwrite=rw, description=postable.basic.description, ) user.update(safe_update=True, push__postablesinvitedto=pe) memb = is_me_in_pble(user, postable.inviteds) if memb == False: memb = MembableEmbedded( mtype=User.classname, fqmn=usertobeaddedfqin, readwrite=rw, pname=user.presentable_name() ) # BUG: ok to use fqin here instead of getting from oblect? # print "LLL", pe.to_json(), memb.to_json(), "+++++++++++++" # print postable.to_json() postable.update(safe_update=True, push__inviteds=memb) ##print "userq", userq.to_json() except: doabort("BAD_REQ", "Failed inviting user %s to postable %s" % (usertobeaddedfqin, fqpn)) ##print "IIIII", userq.get().groupsinvitedto postable.reload() user.reload() return user, postable
def changeDescriptionOfPostable(self, currentuser, owner, fqpn, description): "give ownership over to another user for g/a/l" ptype = gettype(fqpn) postableq = ptype.objects(basic__fqin=fqpn) try: postable = postableq.get() except: doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn)) # Before anything else, make sure I own the stuff so can transfer it. # Bug this dosent work if useras is a group # useras must be member of postable authorize_postable_owner(False, self, currentuser, owner, postable) try: pe = PostableEmbedded( ptype=ptype.classname, fqpn=postable.basic.fqin, owner=owner.adsid, pname=postable.presentable_name(), readwrite=True, description=description, ) # find new owner as member, locate in postable his membership, update it with readwrite if needed, and make him owner # add embedded postable to his ownership and his membership postableq.update_one(safe_update=True, set__basic__description=description) owner.update(safe_update=True, pull__postablesowned__fqpn=fqpn) owner.update(safe_update=True, push__postablesowned=pe) # if newownertype != User: # # postable.update(safe_update=True, set__owner = newowner.basic.fqin, push__members=memb) # else: # postable.update(safe_update=True, set__owner = newowner.basic.fqin, push__members=newowner.basic.fqin, pull__members=oldownerfqpn) except: doabort("BAD_REQ", "Failed changing owner description for postable %s %s" % (ptype.__name__, fqpn)) owner.reload() postable.reload() return owner, postable
def changeOwnershipOfPostable(self, currentuser, owner, fqpn, newowner): "give ownership over to another user for g/a/l" ptype = gettype(fqpn) postableq = ptype.objects(basic__fqin=fqpn) try: postable = postableq.get() except: doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn)) # Before anything else, make sure I own the stuff so can transfer it. # Bug this dosent work if useras is a group # useras must be member of postable authorize_postable_owner(False, self, currentuser, owner, postable) # try: # newowner=self.getUserForFqin(currentuser, newownerfqin) # except: # #make sure target exists. # doabort('BAD_REQ', "No such newowner %s" % newownerfqin) newownerfqin = newowner.basic.fqin # Either as a user or a group, you must be member of group/app or app respectively to # transfer membership there. But what does it mean for a group to own a group. # it makes sense for library and app, but not for group. Though currently let us have it # there. Then if a group owns a group, the person doing the changing must be owner. # newowner must be member of the postable (group cant own itself) permit( self.isMemberOfPostable(currentuser, newowner, postable), " Possible new owner %s must be member of postable %s %s" % (newownerfqin, ptype.__name__, fqpn), ) # BUG new orners rwmode must be true! # we have removed the possibility of group ownership of postables. CHECK. I've removed the push right now as i assume new owner # must be a member of postable. How does this affect tag ownership if at all? try: # we dont need to be that protective here as we have checked for ownership # and only owners can do this oldownerfqpn = postable.owner members = postable.members # get new user me # memb=MembableEmbedded(mtype=User.classname, fqmn=newowner.basic.fqin, readwrite=True, pname = newowner.presentable_name()) memb = is_me_in_pble(newowner, postable.members) # get postable pe # If owner the pe must already be there. pe = is_pe_in_mble(postable, owner.postablesowned) # pe=PostableEmbedded(ptype=ptype.classname,fqpn=postable.basic.fqin, owner=newowner.adsid, pname = postable.presentable_name(), readwrite=True, description=postable.basic.description) # find new owner as member, locate in postable his membership, update it with readwrite if needed, and make him owner # add embedded postable to his ownership and his membership postable.update(safe_update=True, set__owner=newowner.basic.fqin) newowner.update(safe_update=True, push__postablesowned=pe) # for old owner we have removed ownership by changing owner, now remove ownership from him owner.update(safe_update=True, pull__postablesowned__fqpn=fqpn) # if newownertype != User: # # postable.update(safe_update=True, set__owner = newowner.basic.fqin, push__members=memb) # else: # postable.update(safe_update=True, set__owner = newowner.basic.fqin, push__members=newowner.basic.fqin, pull__members=oldownerfqpn) except: doabort( "BAD_REQ", "Failed changing owner from %s to %s for postable %s %s" % (oldownerfqpn, newowner.basic.fqin, ptype.__name__, fqpn), ) newowner.reload() postable.reload() owner.reload() return newowner, postable
def addMemberableToPostable(self, currentuser, useras, fqpn, memberablefqin, changerw=False, ownermode=False): "add a user, group, or app to a postable=group, app, or library" ptype = gettype(fqpn) mtype = gettype(memberablefqin) # print "types in AMTP", fqpn, ptype, memberablefqin,mtype postableq = ptype.objects(basic__fqin=fqpn) memberableq = mtype.objects(basic__fqin=memberablefqin) # BUG currently restricted admission. Later we will want groups and apps proxying for users. authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) try: postable = postableq.get() except: doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn)) try: memberable = memberableq.get() except: doabort("BAD_REQ", "No such memberable %s %s" % (mtype.__name__, memberablefqin)) if fqpn != "adsgut/group:public": # print "Adding to POSTABLE ", memberable.basic.fqin, postable.basic.fqin, currentuser.basic.fqin, useras.basic.fqin # special case so any user can add themselves to public group # permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) authorize_postable_owner(False, self, currentuser, useras, postable) try: if ownermode: rw = True else: if not changerw: rw = RWDEFMAP[ptype] else: rw = not RWDEFMAP[ptype] # BUG: weneed to check here that this is unique pe = is_pe_in_mble(postable, memberable.postablesin) # memb = is_me_in_pble(memberable, postable.members) # this would be added a second time but we are protected by this line above! if pe == False: pe = PostableEmbedded( ptype=ptype.classname, fqpn=postable.basic.fqin, owner=useras.adsid, pname=postable.presentable_name(), readwrite=rw, description=postable.basic.description, ) memberableq.update(safe_update=True, push__postablesin=pe) memb = is_me_in_pble(memberable, postable.members) if memb == False: memb = MembableEmbedded( mtype=mtype.classname, fqmn=memberablefqin, readwrite=rw, pname=memberable.presentable_name() ) # if we are already there this happened and do nothing.clearly we need to be careful postableq.update(safe_update=True, push__members=memb) except: doabort( "BAD_REQ", "Failed adding memberable %s %s to postable %s %s" % (mtype.__name__, memberablefqin, ptype.__name__, fqpn), ) memberable.reload() return memberable, postableq.get()