def AssertBasePermission(self, mr): """Check that the user has permission to even visit this page.""" super(HotlistIssues, self).AssertBasePermission(mr) try: hotlist = self._GetHotlist(mr) except features_svc.NoSuchHotlistException: return permit_view = permissions.CanViewHotlist(mr.auth.effective_ids, hotlist) if not permit_view: raise permissions.PermissionException( 'User is not allowed to view this hotlist')
def __init__(self, hotlist_pb, user_auth=None, viewed_user_id=None, users_by_id=None, is_starred=False): super(HotlistView, self).__init__(hotlist_pb) self.visible = permissions.CanViewHotlist(user_auth.effective_ids, hotlist_pb) self.access_is_private = ezt.boolean(hotlist_pb.is_private) if not hotlist_pb.owner_ids: # Should never happen. logging.error('Unowned Hotlist: id:%r, name:%r', hotlist_pb.hotlist_id, hotlist_pb.name) self.url = '' return owner_id = hotlist_pb.owner_ids[0] # only one owner allowed owner = users_by_id[owner_id] if owner.user.banned: self.visible = False if owner.obscure_email or not self.visible: self.url = ('/u/%d/hotlists/%s' % (owner_id, hotlist_pb.name)) else: self.url = ('/u/%s/hotlists/%s' % (owner.email, hotlist_pb.name)) if not self.visible: return self.role_name = '' if viewed_user_id in hotlist_pb.owner_ids: self.role_name = 'owner' elif any(effective_id in hotlist_pb.editor_ids for effective_id in user_auth.effective_ids): self.role_name = 'editor' if users_by_id: self.owners = [ users_by_id[owner_id] for owner_id in hotlist_pb.owner_ids ] self.editors = [ users_by_id[editor_id] for editor_id in hotlist_pb.editor_ids ] self.num_issues = len(hotlist_pb.items) self.is_followed = ezt.boolean( user_auth.user_id in hotlist_pb.follower_ids) # TODO(jojwang): if hotlist follower's will not be used, perhaps change # from is_followed to is_member or just use is_starred self.num_followers = len(hotlist_pb.follower_ids) self.is_starred = ezt.boolean(is_starred)
def _GatherHotlists(self, mr): """Return a dict of hotlist names the current user is involved in.""" with self.profiler.Phase('GetUserHotlists'): user_hotlists = self.services.features.GetHotlistsByUserID( mr.cnxn, mr.auth.user_id) user_starred_hids = self.services.hotlist_star.LookupStarredItemIDs( mr.cnxn, mr.auth.user_id) user_starred_hotlists, _ = self.services.features.GetHotlistsByID( mr.cnxn, user_starred_hids) recently_visited_hids = self.services.user.GetRecentlyVisitedHotlists( mr.cnxn, mr.auth.user_id) recently_visited_hotlists, _ = self.services.features.GetHotlistsByID( mr.cnxn, [hid for hid in recently_visited_hids]) hotlists_dict = { 'ownerof': [(h.name, hotlist_helpers.GetURLOfHotlist(mr.cnxn, h, self.services.user)) for h in user_hotlists if mr.auth.user_id in h.owner_ids], 'editorof': [(h.name, hotlist_helpers.GetURLOfHotlist(mr.cnxn, h, self.services.user)) for h in user_hotlists if mr.auth.user_id in h.editor_ids], 'starred_hotlists': [(h.name, hotlist_helpers.GetURLOfHotlist(mr.cnxn, h, self.services.user)) for h in user_starred_hotlists.values() if permissions.CanViewHotlist(mr.auth.effective_ids, h) and h not in user_hotlists], 'visited_hotlists': [(recently_visited_hotlists[hid].name, hotlist_helpers.GetURLOfHotlist(mr.cnxn, recently_visited_hotlists[hid], self.services.user)) for hid in recently_visited_hids if recently_visited_hotlists[hid] not in user_hotlists and hid not in user_starred_hids], 'user': mr.auth.email } return hotlists_dict
def AssertBasePermission(self, mr): super(HotlistPeopleList, self).AssertBasePermission(mr) if not permissions.CanViewHotlist(mr.auth.effective_ids, mr.hotlist): raise permissions.PermissionException( 'User is now allowed to view the hotlist people list')
def HandleRequest(self, mr): hotlist_id = mr.GetIntParam('hotlist_id') list_url = None with work_env.WorkEnv(mr, self.services) as we: if not _ShouldShowFlipper(mr, self.services): return {} issue = we.GetIssueByLocalID(mr.project_id, mr.local_id, use_cache=False) hotlist = None if hotlist_id: hotlist = self.services.features.GetHotlist( mr.cnxn, hotlist_id) if not features_bizobj.IssueIsInHotlist( hotlist, issue.issue_id): raise exceptions.InvalidHotlistException() if not permissions.CanViewHotlist(mr.auth.effective_ids, mr.perms, hotlist): raise permissions.PermissionException() (prev_iid, cur_index, next_iid, total_count) = we.GetIssuePositionInHotlist(issue, hotlist) else: (prev_iid, cur_index, next_iid, total_count) = we.FindIssuePositionInSearch(issue) config = we.GetProjectConfig(self.mr.project_id) if hotlist: mr.ComputeColSpec(hotlist) else: mr.ComputeColSpec(config) list_url = _ComputeBackToListURL(mr, issue, config, hotlist, self.services) prev_url = None next_url = None recognized_params = [(name, mr.GetParam(name)) for name in framework_helpers.RECOGNIZED_PARAMS] if prev_iid: prev_issue = we.services.issue.GetIssue(mr.cnxn, prev_iid) path = '/p/%s%s' % (prev_issue.project_name, urls.ISSUE_DETAIL) prev_url = framework_helpers.FormatURL(recognized_params, path, id=prev_issue.local_id) if next_iid: next_issue = we.services.issue.GetIssue(mr.cnxn, next_iid) path = '/p/%s%s' % (next_issue.project_name, urls.ISSUE_DETAIL) next_url = framework_helpers.FormatURL(recognized_params, path, id=next_issue.local_id) return { 'prev_iid': prev_iid, 'prev_url': prev_url, 'cur_index': cur_index, 'next_iid': next_iid, 'next_url': next_url, 'list_url': list_url, 'total_count': total_count, }
def AssertBasePermission(self, mr): super(HotlistDetails, self).AssertBasePermission(mr) if not permissions.CanViewHotlist(mr.auth.effective_ids, mr.hotlist): raise permissions.PermissionException( 'User is not allowed to view the hotlist details')