def testBasicPublish(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) newShift.publish({"private": False}) # should exist in user/public db theShift = Shift.load(core.connect(SSUser.publicDb(self.fakemary.id)), newShift.id) self.assertEqual(theShift.summary, newShift.summary) self.assertTrue(not theShift.publishData.draft) self.assertTrue(not theShift.publishData.private) # should exist in shiftspace/public db theShift = Shift.load(core.connect("shiftspace/public"), newShift.id) self.assertEqual(theShift.summary, newShift.summary) self.assertTrue(not theShift.publishData.draft) self.assertTrue(not theShift.publishData.private) # should exist in shiftspace/shared db theShift = Shift.load(core.connect("shiftspace/shared"), newShift.id) self.assertEqual(theShift.summary, newShift.summary) self.assertTrue(not theShift.publishData.draft) self.assertTrue(not theShift.publishData.private) # should _not_ exist in user/private db theShift = Shift.load(core.connect(SSUser.privateDb(self.fakemary.id)), newShift.id) self.assertEqual(theShift, None)
def publish(self, id): # NOTE: should maybe take publishData url parameter - David 9/5/2009 loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) publishData = json.loads(helper.getRequestBody()) # convert targets to actual database references if publishData.get("targets"): from server.models.group import Group from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) targets = publishData["targets"] # convert short names to group ids shortNames = [target[1:] for target in targets if target[0] == "&"] groupIds = Group.shortNamesToIds(shortNames) # convert user name to user ids userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) # create list of dbs being published to dbs = [Group.db(groupId) for groupId in groupIds] # validate groups writeable = theUser.writeable() if not set(dbs).issubset(set(writeable)): return error( "Operation not permitted. You don't have permission to publish to some of these groups", PermissionError) # TODO: validate against blocked users - David 2/15/10 dbs.extend([SSUser.db(userId) for userId in userIds]) publishData["dbs"] = dbs return data(theShift.publish(publishData))
def publish(self, id): # NOTE: should maybe take publishData url parameter - David 9/5/2009 loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) publishData = json.loads(helper.getRequestBody()) # convert targets to actual database references if publishData.get("targets"): from server.models.group import Group from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) targets = publishData["targets"] # convert short names to group ids shortNames = [target[1:] for target in targets if target[0] == "&"] groupIds = Group.shortNamesToIds(shortNames) # convert user name to user ids userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) # create list of dbs being published to dbs = [Group.db(groupId) for groupId in groupIds] dbs.extend([SSUser.db(userId) for userId in userIds]) # validate writeable = theUser.writeable() if set(writeable) != set(dbs): return error("Operation not permitted. You don't have permission to publish to some of these gruops", PermissionError) publishData["dbs"] = dbs return data(theShift.publish(publishData))
def update(self, fields, updateDbs=True): from server.models.ssuser import SSUser if fields.get("content"): self.content = fields.get("content") if fields.get("summary"): self.summary = self.content["summary"] = fields.get("summary") if fields.get("broken"): self.broken = fields.get("broken") if fields.get("dbs"): self.dbs = list(set(self.dbs.extend(fields.get("dbs")))) self.modified = datetime.now() # update the correct user db if self.publishData.private: db = SSUser.privateDb(self.createdBy) else: db = SSUser.publicDb(self.createdBy) self.store(core.connect(db)) core.replicate(db, "shiftspace/shared") # update followers and groups if updateDbs: for db in self.publishData.dbs: dbtype, dbid = db.split("/") if dbtype == "group": from server.models.group import Group Group.read(dbid).updateShift(self) return Shift.joinData(self, self.createdBy)
def read(self, userName): theUser = SSUser.readByName(userName) if not theUser: return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = SSUser.read(helper.getLoggedInUser()) canReadFull = loggedInUser.canReadFull(theUser) return data(theUser.toDict((loggedInUser and canReadFull)))
def unfollow(self, userName): theUser = SSUser.read(helper.getLoggedInUser()) followed = SSUser.readByName(userName) if theUser.id == followed.id: return error("You cannot unfollow yourself.", FollowError) else: theUser.unfollow(followed) return data(followed)
def unreadCount(self, userName): loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) otherUser = SSUser.readByName(userName) if loggedInUser == otherUser.id or theUser.isAdmin(): return data(theUser.unreadCount()) else: return error("You do not have permission to view this user's unread count.", PermissionError)
def groups(self, userName, start=None, end=None, limit=25): loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) otherUser = SSUser.readByName(userName) if loggedInUser == otherUser.id or theUser.isAdmin(): return data(otherUser.groups(start=start, end=end, limit=limit)) else: return error("You don't have permission to view this user's groups.", PermissionError)
def create(cls, shiftJson): from server.models.ssuser import SSUser newShift = Shift(**utils.clean(shiftJson)) createdBy = newShift.createdBy db = core.connect(SSUser.privateDb(createdBy)) newShift.domain = utils.domain(newShift.href) newShift.store(db) core.replicate(SSUser.privateDb(createdBy), "shiftspace/shared") return Shift.joinData(newShift, newShift.createdBy)
def makeAdmin(self, id, userId): from server.models.ssuser import SSUser theGroup = Group.read(id) theUser = SSUser.read(helper.getLoggedInUser()) if theUser.isAdminOf(theGroup): otherUser = SSUser.read(userId) theGroup.setPrivilege(otherUser, 3) return ack else: return error("You don't have permission to promote members of this group to admin.", PermissionError)
def delete(self): from server.models.ssuser import SSUser db = core.connect(SSUser.privateDb(self.createdBy)) if db.get(self.id): del db[self.id] else: db = core.connect(SSUser.publicDb(self.createdBy)) if db.get(self.id): del db[self.id] core.replicate(db.name, "shiftspace/shared")
def update(self, userName): theUser = SSUser.readByName(userName) if not theUser: return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = SSUser.read(helper.getLoggedInUser()) if loggedInUser and loggedInUser.canModify(theUser): theData = json.loads(helper.getRequestBody()) return data(theUser.update(theData)) else: return error("Operation not permitted. You don't have permission to update this account.")
def groups(self, userName, start=None, end=None, limit=25): loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) otherUser = SSUser.readByName(userName) if loggedInUser == otherUser.id or theUser.isAdmin(): return data(otherUser.groups(start=start, end=end, limit=limit)) else: return error( "You don't have permission to view this user's groups.", PermissionError)
def unreadCount(self, userName): loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) otherUser = SSUser.readByName(userName) if loggedInUser == otherUser.id or theUser.isAdmin(): return data(theUser.unreadCount()) else: return error( "You do not have permission to view this user's unread count.", PermissionError)
def create(cls, userId, shiftId, text, subscribe=False): from server.models.ssuser import SSUser from server.models.shift import Shift from server.models.message import Message # first try the public feed theShift = Shift.load(core.connect("shiftspace/shared"), shiftId) shiftAuthor = SSUser.load(core.connect(), theShift.createdBy) theUser = SSUser.load(core.connect(), userId) server = core.server() # create the comment db if necessary dbexists = True if not theShift.hasThread(): server.create(Comment.db(shiftId)) dbexists = False # get the db db = core.connect(Comment.db(shiftId)) # if db just created, sync the views and subscribe shift author if not dbexists: Comment.by_created.sync(db) Comment.all_subscribed.sync(db) shiftAuthor.subscribe(theShift) # subscribe the user making the comment if not theUser.isSubscribed(theShift) and subscribe: theUser.subscribe(theShift) # create comment and comment stub json = { "createdBy": userId, "shiftId": shiftId, "shiftAuthor": theShift.createdBy, "text": text, } newComment = Comment(**utils.clean(json)) newComment.store(db) subscribers = theShift.subscribers() # make a private copy # TODO: need to think about the implications of a private copy here - David newComment.copyTo(SSUser.privateDb(theUser.id)) # send each subscriber a message if len(subscribers) > 0: # TODO: needs to be optimized with a fast join - David for subscriber in subscribers: if subscriber != userId: astr = ((subscriber == theShift.createdBy) and "your") or ("%s's" % shiftAuthor.userName) json = { "fromId": userId, "toId": subscriber, "title": "%s just commented on %s shift!" % (theUser.userName, astr), "text": "%s just commented on %s shift!" % (theUser.userName, astr), "meta": "comment" } Message.create(**utils.clean(json)) # TODO: don't replicate if peer - David 11/21/09 core.replicate(Comment.db(shiftId), "shiftspace/shared") return newComment
def create(cls, shiftJson): from server.models.ssuser import SSUser cleaned = utils.clean(shiftJson) sanitized = sanitizeShift(cleaned) newShift = Shift(**sanitized) createdBy = newShift.createdBy db = core.connect(SSUser.privateDb(createdBy)) newShift.domain = utils.domain(newShift.href) newShift.store(db) core.replicate(SSUser.privateDb(createdBy), "shiftspace/shared") return Shift.joinData(newShift, newShift.createdBy)
def create(cls, userId, shiftId, text, subscribe=False): from server.models.ssuser import SSUser from server.models.shift import Shift from server.models.message import Message # first try the public feed theShift = Shift.load(core.connect("shiftspace/shared"), shiftId) shiftAuthor = SSUser.load(core.connect(), theShift.createdBy) theUser = SSUser.load(core.connect(), userId) server = core.sharedServer() # create the comment db if necessary dbexists = True if not theShift.hasThread(): server.create(Comment.db(shiftId)) dbexists = False # get the db db = core.connect(Comment.db(shiftId)) # if db just created, sync the views and subscribe shift author if not dbexists: Comment.by_created.sync(db) Comment.all_subscribed.sync(db) shiftAuthor.subscribe(theShift) # subscribe the user making the comment if not theUser.isSubscribed(theShift) and subscribe: theUser.subscribe(theShift) # create comment and comment stub json = { "createdBy": userId, "shiftId": shiftId, "shiftAuthor": theShift.createdBy, "text": text, } newComment = Comment(**utils.clean(json)) newComment.store(db) subscribers = theShift.subscribers() # make a private copy # TODO: need to think about the implications of a private copy here - David newComment.copyTo(SSUser.privateDb(theUser.id)) # send each subscriber a message if len(subscribers) > 0: # TODO: needs to be optimized with a fast join - David for subscriber in subscribers: if subscriber != userId: astr = ((subscriber == theShift.createdBy) and "your") or ("%s's" % shiftAuthor.userName) json = { "fromId": userId, "toId": subscriber, "title": "%s just commented on %s shift!" % (theUser.userName, astr), "text": "%s just commented on %s shift!" % (theUser.userName, astr), "meta": "comment" } Message.create(**utils.clean(json)) # TODO: don't replicate if peer - David 11/21/09 core.replicate(Comment.db(shiftId), "shiftspace/shared") return newComment
def share(self, id, users): from server.models.ssuser import SSUser loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id) if not theShift or theShift.publishData.private: return error("You don't have permission to view this shift.", PermissionError) targets = users.split(" ") userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) theShift.shareWith(userIds, fromUser=SSUser.read(loggedInUser)) return ack
def delete(self, userName): theUser = SSUser.readByName(userName) if not theUser: return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = SSUser.read(helper.getLoggedInUser()) if loggedInUser and loggedInUser.canModify(theUser): if theUser.id == loggedInUser.id: helper.setLoggedInUser(None) theUser.delete() return ack else: return error("Operation not permitted. You don't have permission to delete this account.")
def inviteUsers(self, id, users): from server.models.ssuser import SSUser loggedInUser = helper.getLoggedInUser() groupAdmin = SSUser.read(loggedInUser) theGroup = Group.read(id) if groupAdmin.isAdminOf(theGroup): db = core.connect() users = SSUser.all(db, keys=json.loads(users)) for user in users: groupAdmin.inviteUser(theGroup, user) return data(theGroup) else: return error("Operation not permitted. You don't have permission to modify this group", PermissionError)
def update(self, userName): theUser = SSUser.readByName(userName) if not theUser: return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = SSUser.read(helper.getLoggedInUser()) if loggedInUser and loggedInUser.canModify(theUser): theData = json.loads(helper.getRequestBody()) return data(theUser.update(theData)) else: return error( "Operation not permitted. You don't have permission to update this account." )
def read(cls, id, userId=None): from server.models.ssuser import SSUser if userId != None: # then try the user public db = core.connect(SSUser.publicDb(userId)) theShift = Shift.load(db, id) if not theShift: # then user private db = core.connect(SSUser.privateDb(userId)) theShift = Shift.load(db, id) else: theShift = Shift.load(core.connect("shiftspace/shared"), id) if theShift: return Shift.joinData(theShift, theShift.createdBy)
def shifts(self, userName, start=None, end=None, limit=25, filter=False, query=None): loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) otherUser = SSUser.readByName(userName) if query != None: query = json.loads(query) if loggedInUser == otherUser.id or theUser.isAdmin(): return data(otherUser.shifts(start=start, end=end, limit=limit, filter=filter, query=query)) else: return error("You don't have permission to view this user's shifts.", PermissionError)
def markRead(self, value=True): from server.models.ssuser import SSUser db = core.connect(SSUser.messagesDb(self.toId)) if value: if not self.isRead(): db[Message.makeReadId(self.id, self.toId)] = { "type": "message-read", "msgId": self.id, "toId": self.toId, } else: del db[Message.makeReadId(self.id, self.toId)] core.replicate(SSUser.messagesDb(self.toId), "shiftspace/shared") return self
def create(cls, fromId, toId, title, text, meta="generic", content=None): from server.models.ssuser import SSUser db = core.connect(SSUser.messagesDb(toId)) json = { "fromId": fromId, "toId": toId, "title": text, "text": text, "meta": meta, "content": content or {} } newMessage = Message(**utils.clean(json)) newMessage.store(db) core.replicate(SSUser.messagesDb(toId), "shiftspace/shared") return newMessage
def delete(self, userName): theUser = SSUser.readByName(userName) if not theUser: return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = SSUser.read(helper.getLoggedInUser()) if loggedInUser and loggedInUser.canModify(theUser): if theUser.id == loggedInUser.id: helper.setLoggedInUser(None) theUser.delete() return ack else: return error( "Operation not permitted. You don't have permission to delete this account." )
def create(cls, userId, groupId, otherId, level): from server.models.ssuser import SSUser from server.models.group import Group db = core.connect() if not groupId: raise MissingGroupError if not userId: raise MissingCreatorError if Permission.readByUserAndGroup(otherId, groupId): raise PermissionAlreadyExistsError adminable = [ row.value for row in Permission.by_adminable(db, key=userId).rows ] allowed = groupId in adminable if not allowed: theUser = SSUser.read(userId) allowed = theUser.isAdmin() if not allowed: theGroup = Group.read(groupId) allowed = theUser.isOwnerOf(theGroup) if not allowed: raise CreateEventPermissionError json = { "createdBy": userId, "userId": otherId, "groupId": groupId, "level": level } newPermission = Permission(**utils.clean(json)) newPermission.store(db) return newPermission
def shareWith(self, userIds, fromUser=None): from server.models.message import Message from server.models.ssuser import SSUser users = core.fetch(keys=userIds) if fromUser: userName = fromUser.userName else: userName = SSUser.read(self.createdBy).userName for user in users: json = { "fromId": self.createdBy, "toId": user["_id"], "title": "%s has shared a shift with you!" % userName, "text": "%s has shared a shift titled '%s' with you!" % (userName, self.summary), "meta": "share", "content": { "type": "shift", "_id": self.id, "href": self.href, "summary": self.summary } } Message.create(**json)
def create(cls, userId, groupId, otherId, level): from server.models.ssuser import SSUser from server.models.group import Group db = core.connect() if not groupId: raise MissingGroupError if not userId: raise MissingCreatorError if Permission.readByUserAndGroup(otherId, groupId): raise PermissionAlreadyExistsError adminable = [row.value for row in Permission.by_adminable(db, key=userId).rows] allowed = groupId in adminable if not allowed: theUser = SSUser.read(userId) allowed = theUser.isAdmin() if not allowed: theGroup = Group.read(groupId) allowed = theUser.isOwnerOf(theGroup) if not allowed: raise CreateEventPermissionError json = { "createdBy": userId, "userId": otherId, "groupId": groupId, "level": level } newPermission = Permission(**utils.clean(json)) newPermission.store(db) return newPermission
def shifts(self, byHref=None, byDomain=None, byFollowing=False, byGroups=False, bySpace=None, start=0, limit=25, count=False, filter=False, query=None, all=False): from server.models.ssuser import SSUser loggedInUser = helper.getLoggedInUser() if loggedInUser: theUser = SSUser.read(loggedInUser) else: theUser = None if query != None: query = json.loads(query) allShifts = Shift.shifts(user=theUser, byHref=byHref, byDomain=byDomain, byFollowing=byFollowing, byGroups=byGroups, bySpace=bySpace, start=start, limit=limit, filter=filter, query=query, all=False) if count: return data(len(allShifts)) else: return data(allShifts)
def read(cls, id, userId=None): db = core.connect("shiftspace/shared") theMessage = Message.load(db, id) if theMessage == None and userId: db = core.connect(SSUser.messagesDb(userId)) theMessage = Message.load(db, id) return Message.joinData(theMessage, userId)
def comment(self, id): loggedInUser = helper.getLoggedInUser() jsonData = helper.getRequestBody() if jsonData != "": theShift = Shift.read(id, userId=loggedInUser) if not theShift: return error("Shift does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) theData = json.loads(jsonData) if theUser.canRead(theShift): from server.models.comment import Comment Comment.create(theUser.id, theShift.id, theData["text"], theData.get("subscribe") or False) return data(Shift.read(theShift.id, theUser.id)) else: return error( "Operation not permitted. You don't have permission to comment on this shift.", PermissionError) else: return error("No data for comment.", NoDataError)
def testBasicPublish(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) newShift.publish({"private":False}) # should exist in user/public db theShift = Shift.load(core.connect(SSUser.publicDb(self.fakemary.id)), newShift.id) self.assertEqual(theShift.summary, newShift.summary) # should exist in master/public db theShift = Shift.load(core.connect("shiftspace/public"), newShift.id) self.assertEqual(theShift.summary, newShift.summary) # should exist in shiftspace/shared db theShift = Shift.load(core.connect("shiftspace/shared"), newShift.id) self.assertEqual(theShift.summary, newShift.summary) # should _not_ exist in user/private db theShift = Shift.load(core.connect(SSUser.privateDb(self.fakemary.id)), newShift.id) self.assertEqual(theShift, None)
def members(self, id): from server.models.ssuser import SSUser theGroup = Group.read(id) loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) if theUser.isAdminOf(theGroup): return data(theGroup.members()) else: return error("You don't have permission to view this groups members", PermissionError)
def logout(self): loggedInUser = helper.getLoggedInUser() if loggedInUser: theUser = SSUser.read(loggedInUser) theUser.updateLastSeen() helper.setLoggedInUser(None) return ack else: return error("No user logged in.", AlreadyLoggedOutError)
def testUpdate(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) newShift.update({"summary":"changed!"}) theShift = Shift.read(newShift.id, self.fakemary.id) self.assertEqual(theShift.summary, "changed!") db = core.connect(SSUser.privateDb(self.fakemary.id)) del db[theShift.id]
def updateShift(self, aShift): from server.models.ssuser import SSUser author = SSUser.read(aShift.createdBy) if author.isMemberOf(self): grpdb = Group.db(self.id) aShift.updateIn(grpdb) else: db = core.connect() raise NotAMemberError("%s is not a member of %s" % (author.userName, self.longName))
def join(self, id): from server.models.ssuser import SSUser theGroup = Group.read(id) loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) if theUser.canJoin(theGroup): theUser.join(theGroup) return data(theGroup) else: return error("Operation not permitted. You don't have permission to join this group.", PermissionError)
def testRead(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) theShift = Shift.read(newShift.id, self.fakemary.id) self.assertEqual(theShift.source.server, newShift.source.server) self.assertEqual(theShift.source.database, newShift.source.database) self.assertEqual(theShift.createdBy, self.fakemary.id) db = core.connect(SSUser.privateDb(self.fakemary.id)) del db[theShift.id]
def read(self, id): from server.models.ssuser import SSUser loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) theShift = Shift.read(id, loggedInUser) if theShift and theUser.canRead(theShift): return data(theShift) else: if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) else: return error("Operation not permitted. You don't have permission to view this shift. %s" % theShift, PermissionError)
def testPublishToUser(self): json = shiftJson() json["createdBy"] = self.fakemary.id newShift = Shift.create(json) publishData = { "dbs": [SSUser.db(self.fakejohn.id)] } newShift.publish(publishData) # should exist in user feed # TODO: in inbox if peer - David 11/18/09 theShift = Shift.load(core.connect("shiftspace/shared"), newShift.id) self.assertEqual(theShift.summary, newShift.summary)
def comments(self, id, start=None, end=None, limit=25): loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) if theShift.isPublic() or theUser.canRead(theShift): return data(theShift.comments(start=start, end=end, limit=limit)) else: return error("Operation not permitted. You don't have permission to view comments on this shift.", PermissionError)
def shifts(self, userName, start=None, end=None, limit=25, filter=False, query=None): loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) otherUser = SSUser.readByName(userName) if query != None: query = json.loads(query) if loggedInUser == otherUser.id or theUser.isAdmin(): return data( otherUser.shifts(start=start, end=end, limit=limit, filter=filter, query=query)) else: return error( "You don't have permission to view this user's shifts.", PermissionError)
def read(cls, id, userId=None, proxy=False): from server.models.ssuser import SSUser theShift = None # then try the user public if userId: db = core.connect(SSUser.publicDb(userId)) theShift = Shift.load(db, id) if not theShift: # then user private db = core.connect(SSUser.privateDb(userId)) theShift = Shift.load(db, id) else: db = core.connect("shiftspace/public") theShift = Shift.load(db, id) if userId and not theShift: theUser = SSUser.read(userId) aShift = Shift.load(core.connect("shiftspace/shared"), id) if theUser.canRead(aShift): theShift = aShift if proxy: theShift = Shift.load(core.connect("shiftspace/shared"), id) if theShift: return Shift.joinData(theShift, theShift.createdBy)
def read(self, id): from server.models.ssuser import SSUser loggedInUser = helper.getLoggedInUser() theUser = SSUser.read(loggedInUser) theShift = Shift.read(id, loggedInUser) if theShift and theUser.canRead(theShift): return data(theShift) else: if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) else: return error( "Operation not permitted. You don't have permission to view this shift. %s" % theShift, PermissionError)
def comments(self, id, start=None, end=None, limit=25): loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, userId=loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) if theShift.isPublic() or theUser.canRead(theShift): return data(theShift.comments(start=start, end=end, limit=limit)) else: return error( "Operation not permitted. You don't have permission to view comments on this shift.", PermissionError)
def login(self, userName, password): loggedInUser = helper.getLoggedInUser() if not loggedInUser: theUser = SSUser.readByName(userName) if not theUser: return error("Invalid user name.", InvalidUserNameError) if theUser and (theUser.password == md5hash(password)): helper.setLoggedInUser(theUser.id) # TODO: perhaps don't update yet, might want to use for unread counts - David theUser.updateLastSeen() return data(theUser) else: return error("Incorrect password.", IncorrectPasswordError) else: return error("Already logged in.", AlreadyLoggedInError)
def unfavorite(self, id): loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) if theUser.canRead(theShift): return data(theUser.unfavorite(theShift)) else: return error( "Operation not permitted. You don't have permission to unfavorite this shift.", PermissionError)
def join(self): loggedInUser = helper.getLoggedInUser() if loggedInUser: return error("You are logged in. You cannot create an account.", AlreadyLoggedInError) theData = json.loads(helper.getRequestBody()) if theData.get("userName"): theData["userName"] = theData["userName"].strip() valid, msg, errType = self.isValid(theData) result = None if valid: theUser = SSUser.create(theData) helper.setLoggedInUser(theUser.id) return data(theUser) else: return error(msg, errType)
def delete(self): """ Delete a single comment. """ from server.models.ssuser import SSUser db = core.connect(SSUser.privateDb(self.createdBy)) try: del db[self.id] except: pass db = core.connect(Comment.db(self.shiftId)) try: del db[self.id] except: pass core.replicate(Comment.db(self.shiftId), "shiftspace/shared")