def relationship_modification_authorized(handler): """ Return true if the originid matches a pen name the caller is authorized to modify. """ acc = authenticated(handler.request) if not acc: handler.error(401) handler.response.out.write("Authentication failed") return False originid = intz(handler.request.get('originid')) pen = cached_get(originid, PenName) if not pen: handler.error(404) handler.response.out.write("Pen " + str(originid) + " not found.") return False authok = authorized(acc, pen) if not authok: handler.error(401) handler.response.out.write("Pen name not authorized.") return False relatedid = intz(handler.request.get('relatedid')) if originid == relatedid: handler.error(400) handler.response.out.write("Cannot relate to self.") return False return True
def acc_review_modification_authorized(acc, handler): penid = intz(handler.request.get('penid')) if not penid: srverr(handler, 401, "No penid specified") return False pnm = cached_get(penid, pen.PenName) if not pnm: srverr(handler, 404, "Pen " + str(penid) + " not found.") return False authok = pen.authorized(acc, pnm) if not authok: srverr(handler, 401, "Pen name not authorized.") return False return pnm
def comment_access_authorized_pen(handler, penidparamname): acc = authenticated(handler.request) if not acc: self.error(401) self.response.out.write("Authentication failed") return False penid = intz(handler.request.get(penidparamname)) pen = cached_get(penid, PenName) if not pen: handler.error(404) handler.response.out.write("Pen " + str(penid) + " not found.") return False authok = authorized(acc, pen) if not authok: handler.error(401) handler.response.out.write("Pen name not authorized.") return False return pen