class UserEventHook(HTTPAPIHook): TYPES = ('user', ) RE = r'(?P<what>linked_events|categ_events)' DEFAULT_DETAIL = 'basic_events' GUEST_ALLOWED = False VALID_FORMATS = ('json', 'jsonp', 'xml') def _getParams(self): super(UserEventHook, self)._getParams() self._avatar = None # User-specified avatar userId = get_query_parameter(self._queryParams, ['uid', 'userid']) if userId is not None: self._avatar = AvatarHolder().getById(userId) if not self._avatar: raise HTTPAPIError('Avatar does not exist') def _getMethodName(self): return self.PREFIX + '_' + self._pathParams['what'] def _checkProtection(self, aw): if not self._avatar: # No avatar specified => use self. No need to check any permissinos. self._avatar = aw.getUser() return elif not self._avatar.canUserModify(aw.getUser()): raise HTTPAPIError('Access denied', 403) def export_linked_events(self, aw): if not redis_client: raise HTTPAPIError('This API is only available when using Redis') self._checkProtection(aw) links = avatar_links.get_links(self._avatar.user, self._fromDT, self._toDT) for event_id in get_events_registered(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('registration_registrant') for event_id in get_events_with_submitted_surveys( self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('survey_submitter') for event_id in get_events_managed_by(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('conference_manager') for event_id in get_events_created_by(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('conference_creator') return UserRelatedEventFetcher(aw, self, links).events(links.keys()) def export_categ_events(self, aw): self._checkProtection(aw) catIds = [ item['categ'].getId() for item in get_related_categories(self._avatar.user).itervalues() ] return UserCategoryEventFetcher(aw, self).category_events(catIds)
def export_user(self, aw): requested_user = AvatarHolder().getById(self._user_id) user = aw.getUser() if not requested_user: raise HTTPAPIError('Requested user not found', 404) if user: if requested_user.canUserModify(user): return [requested_user.fossilize()] raise HTTPAPIError('You do not have access to that info', 403) raise HTTPAPIError('You need to be logged in', 403)
def export_user(self, aw): requested_user = AvatarHolder().getById(self._user_id) user = aw.getUser() if not requested_user: raise HTTPAPIError('Requested user not found', 404) if user: if requested_user.canUserModify(user): return [requested_user.fossilize()] raise HTTPAPIError('You do not have access to that info', 403) raise HTTPAPIError('You need to be logged in', 403)
class UserEventHook(HTTPAPIHook): TYPES = ('user',) RE = r'(?P<what>linked_events|categ_events)' DEFAULT_DETAIL = 'basic_events' GUEST_ALLOWED = False VALID_FORMATS = ('json', 'jsonp', 'xml') def _getParams(self): super(UserEventHook, self)._getParams() self._avatar = None # User-specified avatar userId = get_query_parameter(self._queryParams, ['uid', 'userid']) if userId is not None: self._avatar = AvatarHolder().getById(userId) if not self._avatar: raise HTTPAPIError('Avatar does not exist') def _getMethodName(self): return self.PREFIX + '_' + self._pathParams['what'] def _checkProtection(self, aw): if not self._avatar: # No avatar specified => use self. No need to check any permissinos. self._avatar = aw.getUser() return elif not self._avatar.canUserModify(aw.getUser()): raise HTTPAPIError('Access denied', 403) def export_linked_events(self, aw): if not redis_client: raise HTTPAPIError('This API is only available when using Redis') self._checkProtection(aw) links = avatar_links.get_links(self._avatar.user, self._fromDT, self._toDT) for event_id in get_events_registered(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('registration_registrant') for event_id in get_events_with_submitted_surveys(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('survey_submitter') for event_id in get_events_managed_by(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('conference_manager') for event_id in get_events_created_by(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('conference_creator') for event_id, principal_roles in get_events_with_linked_sessions(self._avatar.user, self._fromDT, self._toDT).iteritems(): links.setdefault(str(event_id), set()).update(principal_roles) for event_id, principal_roles in get_events_with_linked_contributions(self._avatar.user, self._fromDT, self._toDT).iteritems(): links.setdefault(str(event_id), set()).update(principal_roles) for event_id in get_events_with_linked_event_persons(self._avatar.user, self._fromDT, self._toDT): links.setdefault(str(event_id), set()).add('conference_chair') return UserRelatedEventFetcher(aw, self, links).events(links.keys()) def export_categ_events(self, aw): self._checkProtection(aw) catIds = [item['categ'].getId() for item in get_related_categories(self._avatar.user).itervalues()] return UserCategoryEventFetcher(aw, self).category_events(catIds)
class CategoryBasketBase(LoggedOnlyService, CategoryDisplayBase): def _checkParams(self): LoggedOnlyService._checkParams(self) CategoryDisplayBase._checkParams(self) userId = ParameterManager(self._params).extract('userId', pType=str, allowEmpty=True) if userId is not None: self._avatar = AvatarHolder().getById(userId) else: self._avatar = self._aw.getUser() def _checkProtection(self): LoggedOnlyService._checkProtection(self) CategoryDisplayBase._checkProtection(self) if not self._avatar.canUserModify(self._aw.getUser()): raise ServiceAccessError('Access denied')
class CategoryBasketBase(LoggedOnlyService, CategoryDisplayBase): def _checkParams(self): LoggedOnlyService._checkParams(self) CategoryDisplayBase._checkParams(self) userId = ParameterManager(self._params).extract('userId', pType=str, allowEmpty=True) if userId is not None: self._avatar = AvatarHolder().getById(userId) else: self._avatar = self._aw.getUser() def _checkProtection(self): LoggedOnlyService._checkProtection(self) CategoryDisplayBase._checkProtection(self) if not self._avatar.canUserModify(self._aw.getUser()): raise ServiceAccessError('Access denied')
class UserEventHook(HTTPAPIHook): TYPES = ('user', ) RE = r'(?P<what>linked_events|categ_events)' DEFAULT_DETAIL = 'basic_events' GUEST_ALLOWED = False def _getParams(self): super(UserEventHook, self)._getParams() self._avatar = None # User-specified avatar userId = get_query_parameter(self._queryParams, ['uid', 'userid']) if userId is not None: self._avatar = AvatarHolder().getById(userId) if not self._avatar: raise HTTPAPIError('Avatar does not exist') def _getMethodName(self): return self.PREFIX + '_' + self._pathParams['what'] def _checkProtection(self, aw): if not self._avatar: # No avatar specified => use self. No need to check any permissinos. self._avatar = aw.getUser() return elif not self._avatar.canUserModify(aw.getUser()): raise HTTPAPIError('Access denied', 403) def export_linked_events(self, aw): if not redis_client: raise HTTPAPIError('This API is only available when using Redis') self._checkProtection(aw) links = avatar_links.get_links(self._avatar, self._fromDT, self._toDT) return UserRelatedEventFetcher(aw, self, links).events(links.keys()) def export_categ_events(self, aw): self._checkProtection(aw) catIds = [ item['categ'].getId() for item in self._avatar.getRelatedCategories().itervalues() ] return UserCategoryEventFetcher(aw, self).category_events(catIds)
class UserEventHook(HTTPAPIHook): TYPES = ('user',) RE = r'(?P<what>linked_events|categ_events)' DEFAULT_DETAIL = 'basic_events' GUEST_ALLOWED = False def _getParams(self): super(UserEventHook, self)._getParams() self._what = self._pathParams['what'] self._avatar = None # User-specified avatar userId = get_query_parameter(self._queryParams, ['uid', 'userid']) if userId is not None: self._avatar = AvatarHolder().getById(userId) if not self._avatar: raise HTTPAPIError('Avatar does not exist') def _getMethodName(self): return self.PREFIX + '_' + self._what def _checkProtection(self, aw): if not self._avatar: # No avatar specified => use self. No need to check any permissinos. self._avatar = aw.getUser() return elif not self._avatar.canUserModify(aw.getUser()): raise HTTPAPIError('Access denied', 403) def export_linked_events(self, aw): if not redis_client: raise HTTPAPIError('This API is only available when using Redis') self._checkProtection(aw) links = avatar_links.get_links(self._avatar, self._fromDT, self._toDT) return UserRelatedEventFetcher(aw, self, links).events(links.keys()) def export_categ_events(self, aw): self._checkProtection(aw) catIds = [item['categ'].getId() for item in self._avatar.getRelatedCategories().itervalues()] return UserCategoryEventFetcher(aw, self).category_events(catIds)