def publish(self, id): # NOTE: should maybe take publishData url parameter - David 9/5/2009 loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) publishData = json.loads(helper.getRequestBody()) # convert targets to actual database references if publishData.get("targets"): from server.models.group import Group from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) targets = publishData["targets"] # convert short names to group ids shortNames = [target[1:] for target in targets if target[0] == "&"] groupIds = Group.shortNamesToIds(shortNames) # convert user name to user ids userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) # create list of dbs being published to dbs = [Group.db(groupId) for groupId in groupIds] dbs.extend([SSUser.db(userId) for userId in userIds]) # validate writeable = theUser.writeable() if set(writeable) != set(dbs): return error("Operation not permitted. You don't have permission to publish to some of these gruops", PermissionError) publishData["dbs"] = dbs return data(theShift.publish(publishData))
def publish(self, id): # NOTE: should maybe take publishData url parameter - David 9/5/2009 loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id, loggedInUser) if not theShift: return error("Resource does not exist.", ResourceDoesNotExistError) if theShift.type != "shift": return error("Resource is not of type shift", ResourceTypeError) publishData = json.loads(helper.getRequestBody()) # convert targets to actual database references if publishData.get("targets"): from server.models.group import Group from server.models.ssuser import SSUser theUser = SSUser.read(loggedInUser) targets = publishData["targets"] # convert short names to group ids shortNames = [target[1:] for target in targets if target[0] == "&"] groupIds = Group.shortNamesToIds(shortNames) # convert user name to user ids userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) # create list of dbs being published to dbs = [Group.db(groupId) for groupId in groupIds] # validate groups writeable = theUser.writeable() if not set(dbs).issubset(set(writeable)): return error( "Operation not permitted. You don't have permission to publish to some of these groups", PermissionError) # TODO: validate against blocked users - David 2/15/10 dbs.extend([SSUser.db(userId) for userId in userIds]) publishData["dbs"] = dbs return data(theShift.publish(publishData))
def share(self, id, users): from server.models.ssuser import SSUser loggedInUser = helper.getLoggedInUser() theShift = Shift.read(id) if not theShift or theShift.publishData.private: return error("You don't have permission to view this shift.", PermissionError) targets = users.split(" ") userNames = [target[1:] for target in targets if target[0] == "@"] userIds = SSUser.namesToIds(userNames) theShift.shareWith(userIds, fromUser=SSUser.read(loggedInUser)) return ack