def getVisibleUsers(users, request): """ Search users Return a list of persons of the system, optionaly filtered using the available modifiers. The objects returned by this endpoint are intended for user listing and searching, so only username and displayName attributes of a person are returned. If you need the full profile of a user, use the `GET` endpoint of the `User` resource. """ query = {} search_params = searchParams(request) filter_fields = ["username", "displayName", "objectType", 'subscribedTo'] if asbool(search_params.get('twitter_enabled', False)): filter_fields.append("twitterUsername") found_users = users.search(query, show_fields=filter_fields, sort_by_field="username", flatten=0, **search_params) # Filter user results. User filtered_users = [user for user in found_users if request.actor.is_allowed_to_see(user)] handler = JSONResourceRoot(request, flatten(filtered_users, squash=['subscribedTo']), remaining=found_users.remaining) return handler.buildResponse()
def revokePermission(self, subscription, permission, permanent=DEFAULT_CONTEXT_PERMISSIONS_PERMANENCY): """ Revoke a permission on a context's user subscription. Revokes will persist over context default permission changes based on permanent parameter. Non permanent permission revoke will remove grants! """ criteria = {} new_permissions = [] # Add current permissions except revoked one new_permissions = [p for p in subscription['permissions'] if permission != p] if permanent: # Add permission to vetos if not present subscription.setdefault('_vetos', []) if permission not in subscription['_vetos']: subscription['_vetos'].append(permission) # Remove permission from grants if present subscription.setdefault('_grants', []) subscription['_grants'] = [granted for granted in subscription['_grants'] if granted != permission] # Get a dummy context from subscription to determine the fields to update ContextClass = getMaxModelByObjectType(subscription['objectType']) context_unique_field = ContextClass.unique.lstrip('_') temp_context = ContextClass.from_object( self.request, { context_unique_field: subscription[context_unique_field], 'objectType': subscription['objectType'] } ) context_storage_field = temp_context.user_subscription_storage subscription_unique_field = '{}.{}'.format(context_storage_field, context_unique_field) criteria.update({subscription_unique_field: subscription[context_unique_field]}) # update object that matches hash criteria.update({'_id': self['_id']}) # of collection entry with _id # overwrite permissions what = { '$set': { '{}.$.permissions'.format(context_storage_field): new_permissions, '{}.$._grants'.format(context_storage_field): subscription.get('_grants', []), '{}.$._vetos'.format(context_storage_field): subscription.get('_vetos', []) } } subscription['permissions'] = new_permissions fields_to_squash = ['published', 'owner', 'creator', 'tags', 'vetos', 'grants'] subscription = flatten(subscription, squash=fields_to_squash) self.mdb_collection.update(criteria, what) return subscription
def from_object(cls, request, source): instance = cls(request) instance.update(source) instance.old.update(source) instance.old = deepcopy(flatten(instance.old)) if 'id' in source: instance['_id'] = source['id'] instance._post_init_from_object(source) instance.asleep = True return instance
def getPublicContexts(contexts, request): """ Get all public contexts Returns a list of all public subscribable contexts """ found_contexts = contexts.search({'permissions.subscribe': 'public'}, **searchParams(request)) handler = JSONResourceRoot(request, flatten(found_contexts, squash=['owner', 'creator', 'published'])) return handler.buildResponse()
def getConversationMessages(conversation, request): """ Get all messages from a conversation """ query = {'contexts.id': str(conversation['_id'])} # Sorting by _id, as id is indeed the same as published messages = request.db.messages.search(query, sort_direction=DESCENDING, sort_by_field="_id", keep_private_fields=False, **searchParams(request)) inverted = flatten(messages, reverse=True) handler = JSONResourceRoot(request, inverted, remaining=messages.remaining) return handler.buildResponse()
def getActivityComments(activity, request): """ Get activity comments Return the comments for an activity. """ replies = activity.get('replies', {}) items = replies result = flatten(items, keep_private_fields=False) handler = JSONResourceRoot(request, result) return handler.buildResponse()
def wake(self): """ Tries to recover a lazy object from the database. Instances marked as asleep = True, are the only ones that will be waked up. """ if self.asleep: obj = self.alreadyExists() if obj: self.update(obj) self.old.update(obj) self.old = deepcopy(flatten(self.old))
def flatten(self, **kwargs): """ Recursively transforms non-json-serializable values and simplifies $oid and $data BISON structures. Intended for final output Also removes fields starting with underscore _fieldname """ def permission_filter(field): """ Is the field NOT visible on the current request? """ return not(self.has_field_permission(field, 'view') or field == 'objectType') return_dict = flatten(self, filter_method=permission_filter, **kwargs) return return_dict
def prepareUserSubscription(self): """ """ fields_to_squash = ['published', 'owner', 'creator', 'participants', 'tags', 'displayName'] if '_id' != self.unique: fields_to_squash.append('_id') subscription = flatten(self, squash=fields_to_squash) # If we are subscribing the user, read permission is granted user_permissions = ['read'] # Add subscription permissions based on defaults and context values user_permissions = self.subscription_permissions(base=user_permissions) # Assign permissions to the subscription object before adding it subscription['permissions'] = user_permissions return subscription
def reset_permissions(self, subscription, context): subscription['_grants'] = [] subscription['_vetos'] = [] subscription['permissions'] = context.subscription_permissions() criteria = {} criteria.update({'subscribedTo.hash': subscription['hash']}) # update object that matches hash criteria.update({'_id': self['_id']}) # of collection entry with _id # overwrite permissions what = { '$set': { 'subscribedTo.$.permissions': subscription['permissions'], 'subscribedTo.$._grants': subscription['_grants'], 'subscribedTo.$._vetos': subscription['_vetos'], } } self.mdb_collection.update(criteria, what) fields_to_squash = ['published', 'owner', 'creator', 'tags', 'vetos', 'grants'] subscription = flatten(subscription, squash=fields_to_squash) return subscription
def buildObject(self): """ Updates the dict content with the activity structure, with data parsed from the request """ ob = {'actor': {'objectType': 'person', 'displayName': self.data['actor']['displayName'], 'username': self.data['actor']['username'] }, 'verb': self.data['verb'], 'object': None, } wrapper = self.getObjectWrapper(self.data['object']['objectType']) subobject = wrapper(self.request, self.data['object']) ob['object'] = subobject # Append actor as username if object has keywords and actor is a Person if ob['object'].get('_keywords', None): ob['object']['_keywords'].append(self.data['actor']['username']) if 'contexts' in self.data: ob['contexts'] = [flatten(self.data['contexts'][0], preserve=MESSAGE_CONTEXT_FIELDS)] self.update(ob) # Set defaults properties = {} for key, value in self.schema.items(): default = value.get('default', None) # Value is in the request but not set yet, set it please. if key in self.data and key not in self: properties[key] = self.data[key] # Value is not in the request and we have a default, set it please elif 'default' in value.keys(): properties[key] = default self.update(properties)
def test_flatten_with_preserve_and_squash(self): from max.utils.dicts import flatten md = {'key_one': 'Hello', 'key_two': 'World'} flattened = flatten(md, preserve=['key_two'], squash=['key_two']) self.assertIn('key_two', flattened) self.assertNotIn('key_one', flattened)