def update(self, userName):
if not user.read(userName):
return error("User %s does not exist" % userName, UserDoesNotExistError)
loggedInUser = helper.getLoggedInUser()
if loggedInUser and user.canUpdate(user.idForName(userName),
loggedInUser["_id"]):
theData = json.loads(helper.getRequestBody())
theData["_id"] = user.idForName(userName)
return data(user.update(theData))
else:
return error("Operation not permitted. You don't have permission to update this account.")
def delete(self, userName):
if not user.read(userName):
return error("User %s does not exist" % userName, UserDoesNotExistError)
loggedInUser = helper.getLoggedInUser()
if loggedInUser and user.canDelete(user.idForName(userName),
loggedInUser["_id"]):
if user.idForName(userName) == loggedInUser["_id"]:
helper.setLoggedInUser(None)
user.delete(userName)
return ack
else:
return error("Operation not permitted. You don't have permission to delete this account.")
def setPermission(self, id, userName, level):
loggedInUser = helper.getLoggedInUser()
if stream.canAdmin(id, loggedInUser["_id"]):
permission.updateForUser(user.idForName(userName), id, level)
return ack
else:
return error("Operation not permitted. You don't have permission to view permssions on this stream.", PermissionError)
def comments(self, userName):
loggedInUser = helper.getLoggedInUser()
userId = loggedInUser["_id"]
if user.isAdmin(userId) or user.idForName(userName) == userId:
return data(user.comments(userId))
else:
return error("You don't have permission to view this user's comments.", PermissionError)
def messages(self, userName):
loggedInUser = helper.getLoggedInUser()
messageStream = user.messageStream(user.idForName(userName))
if stream.canRead(messageStream, loggedInUser["_id"]):
return data(event.joinData(event.eventsForStream(messageStream)))
else:
return error("You do not have permission to view this user's messages.", PermissionError)
def read(self, userName):
if not user.read(userName):
return error("User %s does not exist" % userName, UserDoesNotExistError)
loggedInUser = helper.getLoggedInUser()
if loggedInUser and user.canReadFull(user.idForName(userName),
loggedInUser["_id"]):
return data(user.readFull(userName).copy())
else:
return data(user.read(userName).copy())
def unfollow(self, userName):
loggedInUser = helper.getLoggedInUser()
follower = loggedInUser["_id"]
followed = user.idForName(userName)
if follower == followed:
return error("You cannot unfollow yourself.", FollowError)
else:
user.unfollow(follower, followed)
return ack
def add(self, id, userName):
loggedInUser = helper.getLoggedInUser()
if stream.canAdmin(id, loggedInUser["_id"]):
otherId = user.idForName(userName)
if user.isSubscribed(otherId, id):
return error("User %s is already subscribed to that stream." % userName, AlreadySubscribedError)
else:
stream.invite(id, loggedInUser["_id"], otherId)
return ack
else:
return error("Operation not permitted. You don't have permission to subscribe to this stream.", PermissionError)
