def _create(self, user, blogpost=None, project_id=None):
if user.is_anonymous() or (blogpost is None and project_id is None):
return False
project = self._get_project(blogpost, project_id)
if blogpost is None:
return project.owner_id == user.id or is_coowner(project.id, user)
return blogpost.user_id == project.owner_id == user.id or is_coowner(project.id, user)
def _only_admin_or_owner(self, user, task):
if not user.is_anonymous():
project = self.project_repo.get(task.project_id)
if project is None:
raise NotFound("Invalid project ID")
return project.owner_id == user.id or user.admin or is_coowner(project.id, user)
return False
def password_needed(self, project, user_id_or_ip):
"""Check if password is required."""
if project.needs_password() and (current_user.is_anonymous() or not (
current_user.admin or current_user.subadmin or current_user.id
== project.owner_id or is_coowner(project.id))):
cookie = self.cookie_handler.get_cookie_from(project)
request_passwd = user_id_or_ip not in cookie
return request_passwd
return False
def _read(self, user, auditlog=None, project_id=None):
if user.is_anonymous() or (auditlog is None and project_id is None):
return False
project = self._get_project(auditlog, project_id)
return user.admin or user.id == project.owner_id or is_coowner(project.id, user)
def _only_admin_or_owner(self, user, project):
return (not user.is_anonymous()
and (project.owner_id == user.id or user.admin or
(user.subadmin and is_coowner(project.id, user))))
def _update(self, user, result):
if user.is_anonymous():
return False
project = self._get_project(result, result.project_id)
return (project.owner_id == user.id or is_coowner(project.id, user))
def _update(self, user, blogpost, project_id=None):
if user.is_anonymous():
return False
return blogpost.user_id == user.id or (project_id is not None and is_coowner(project_id, user))