def send_invitation(self, id):
model = request.environ["sqlalchemy.model"]
db = request.environ["sqlalchemy.session"]
ops = Operations(db, model)
if not ops.can_modify_balance(h.authenticated_user().uid, id):
abort(403)
balance = db.query(model.Balance).filter_by(uid = id).one()
emails = {}
for user in balance.users:
emails[user.user.email] = 1
for invitation in balance.invitations:
emails[invitation.to_address] = 1
user = db.query(model.AuthenticatedUser).filter_by(uid = h.authenticated_user().uid).one()
for address in self.form_result.get('addresses', []):
if emails.has_key(address):
continue
access = model.BalanceInvitation(balance_uid = id, to_address = address, sender = user)
db.save(access)
db.commit()
return redirect_to(h.url_for(action='share'))
def share(self, id):
model = request.environ["sqlalchemy.model"]
db = request.environ["sqlalchemy.session"]
ops = Operations(db, model)
if not ops.can_see_balance(h.authenticated_user().uid, id):
abort(403)
c.balance = db.query(model.Balance).filter_by(uid = id).one()
c.writable = ops.can_modify_balance(h.authenticated_user().uid, id)
return self._render('balances/share.jinja')
def unshare(self, id):
model = request.environ["sqlalchemy.model"]
db = request.environ["sqlalchemy.session"]
ops = Operations(db, model)
user_uid = request.params.get('user_uid')
if not ops.can_modify_balance(h.authenticated_user().uid, id) or h.authenticated_user().uid == user_uid:
abort(403)
if id is not None and user_uid is not None:
user_balance = db.query(model.UserBalance).filter_by(user_uid = user_uid).filter_by(balance_uid = id).first()
if user_balance:
db.delete(user_balance)
db.commit()
return redirect_to(h.url_for(action='share'))
def cancel_invitation(self, id):
model = request.environ["sqlalchemy.model"]
db = request.environ["sqlalchemy.session"]
ops = Operations(db, model)
if not ops.can_modify_balance(h.authenticated_user().uid, id):
abort(403)
try:
bi = db.query(model.BalanceInvitation).filter_by(token=request.params['token']).one()
db.delete(bi)
db.commit()
except:
# we don't care about any errors here
pass
return redirect_to(h.url_for(action='share'))
