def relationship_modification_authorized(handler):
""" Return true if the originid matches a pen name the caller is
authorized to modify. """
acc = authenticated(handler.request)
if not acc:
handler.error(401)
handler.response.out.write("Authentication failed")
return False
originid = intz(handler.request.get('originid'))
pen = cached_get(originid, PenName)
if not pen:
handler.error(404)
handler.response.out.write("Pen " + str(originid) + " not found.")
return False
authok = authorized(acc, pen)
if not authok:
handler.error(401)
handler.response.out.write("Pen name not authorized.")
return False
relatedid = intz(handler.request.get('relatedid'))
if originid == relatedid:
handler.error(400)
handler.response.out.write("Cannot relate to self.")
return False
return True
def acc_review_modification_authorized(acc, handler):
penid = intz(handler.request.get('penid'))
if not penid:
srverr(handler, 401, "No penid specified")
return False
pnm = cached_get(penid, pen.PenName)
if not pnm:
srverr(handler, 404, "Pen " + str(penid) + " not found.")
return False
authok = pen.authorized(acc, pnm)
if not authok:
srverr(handler, 401, "Pen name not authorized.")
return False
return pnm
def comment_access_authorized_pen(handler, penidparamname):
acc = authenticated(handler.request)
if not acc:
self.error(401)
self.response.out.write("Authentication failed")
return False
penid = intz(handler.request.get(penidparamname))
pen = cached_get(penid, PenName)
if not pen:
handler.error(404)
handler.response.out.write("Pen " + str(penid) + " not found.")
return False
authok = authorized(acc, pen)
if not authok:
handler.error(401)
handler.response.out.write("Pen name not authorized.")
return False
return pen
