def publish(self, id): # NOTE: should maybe take publishData url parameter - David 9/5/2009 loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) publishData = json.loads(helper.getRequestBody()) # convert targets to actual database references if publishData.get("targets"): from server.models.group import Group from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) targets = publishData["targets"] # convert short names to group ids shortNames = [target[1:] for target in targets if target[0] == "&"] groupIds = Group.shortNamesToIds(shortNames) # convert user name to user ids userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) # create list of dbs being published to dbs = [Group.db(groupId) for groupId in groupIds] # validate groups writeable = theUser.writeable() if not set(dbs).issubset(set(writeable)): return error( "Operation not permitted. You don't have permission to publish to some of these groups", PermissionError) # TODO: validate against blocked users - David 2/15/10 dbs.extend([SSUser.db(userId) for userId in userIds]) publishData["dbs"] = dbs return data(theShift.publish(publishData))
def publish(self, id): # NOTE: should maybe take publishData url parameter - David 9/5/2009 loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) publishData = json.loads(helper.getRequestBody()) # convert targets to actual database references if publishData.get("targets"): from server.models.group import Group from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) targets = publishData["targets"] # convert short names to group ids shortNames = [target[1:] for target in targets if target[0] == "&"] groupIds = Group.shortNamesToIds(shortNames) # convert user name to user ids userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) # create list of dbs being published to dbs = [Group.db(groupId) for groupId in groupIds] dbs.extend([SSUser.db(userId) for userId in userIds]) # validate writeable = theUser.writeable() if set(writeable) != set(dbs): return error("Operation not permitted. You don't have permission to publish to some of these gruops", PermissionError) publishData["dbs"] = dbs return data(theShift.publish(publishData))
def adminable(cls, userId, dbname=True): from server.models.group import Group db = core.connect() ids = core.values(Permission.by_adminable(db, key=userId)) if dbname: return [Group.db(id) for id in ids] else: return ids
def testPublishToGroup(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) json = groupJson() json["createdBy"] = self.fakemary.id newGroup = Group.create(json) # make sure fakemary owns the group newPerm = Permission.readByUserAndGroup(self.fakemary.id, newGroup.id) self.assertTrue(newPerm.level == 4) # create read permission for fakejohn newPerm = Permission.create("shiftspace", newGroup.id, self.fakejohn.id, level=1) fakejohn = SSUser.read(self.fakejohn.id) self.assertTrue(Group.db(newGroup.id) in fakejohn.readable()) publishData = { "dbs": [Group.db(newGroup.id)] } newShift.publish(publishData) # should exists in shiftspace/shared db = core.connect("shiftspace/shared") theShift = Shift.load(db, newShift.id) self.assertEqual(theShift.summary, newShift.summary) newGroup.delete()
def testPublishToGroupAndUser(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) json = groupJson() json["createdBy"] = self.fakemary.id newGroup = Group.create(json) newPerm = Permission.create("shiftspace", newGroup.id, self.fakejohn.id, level=1) publishData = { "dbs": [Group.db(newGroup.id), SSUser.db(self.fakebob.id)] } newShift.publish(publishData) # should exist in subscriber's feed db = core.connect("shiftspace/shared") theShift = Shift.load(db, newShift.id) self.assertEqual(theShift.summary, newShift.summary) newGroup.delete() # should exist in shiftspace/shared # TODO: inbox if user is peer - David 11/18/09 theShift = Shift.load(core.connect("shiftspace/shared"), newShift.id) self.assertEqual(theShift.summary, newShift.summary)
def testGroupDb(self): json = groupJson() json["createdBy"] = self.fakemary newGroup = Group.create(json) self.assertEqual(Group.db(newGroup.id), "group/%s" % newGroup.id) newGroup.deleteInstance()