def listTrips(self): """Give back a list of trips the user can read""" # pull 10 of the user's own trips my_trips_query = Trip.all() my_trips_query.filter('owner = ', self.user) my_trips = my_trips_query.fetch(limit=10) # pull 10 more trips the user can read tripaccess_query = TripAccess.all() tripaccess_query.filter('user = ', self.user) tripaccess = tripaccess_query.fetch(limit=10) for access in tripaccess: my_trips.append(access.trip) return my_trips
def updateTrip(self, trip): """Determines whether the user is allowed to update a particular trip trip can be a trip key or a trip object""" if isinstance(trip, Trip): pass else: trip = Trip.get(trip) # logic determining whether the user can update the trip # if the user is the owner, OK if self.user == trip.owner: return # if there is a TripAccess object, OK tripaccess_query = TripAccess.all() tripaccess_query.filter('user = '******'trip = ', trip) tripaccess = tripaccess_query.fetch(limit=10) if len(tripaccess) > 0: return raise PermissionError('User not allowed to update this trip')