class AccessRules(object):
def __init__(self, aerospike_connector):
self._signs_engine = SignsEngine(aerospike_connector)
def check_can_read_sign(self, access_token, sign_id=None, sign_info=None):
if access_token.is_admin == True:
return True
# Retrieve SignInfo if not presented
if sign_info == None:
sign_info = self._signs_engine.get_info(sign_id)
if sign_info.is_private == False or sign_info.user_id == access_token.user_id:
return True
# Check access table
if self._signs_engine.check_access(access_token.user_id,
sign_info.sign_id) == True:
return True
raise APIAccessError('User {} has no read access to sign {}'.format(
access_token.user_id, sign_info.sign_id))
def check_can_edit_sign(self, access_token, sign_id=None, sign_info=None):
if access_token.is_admin == True:
return True
# Retrieve SignInfo if not presented
if sign_info == None:
sign_info = self._signs_engine.get_info(sign_id)
if sign_info.user_id == access_token.user_id:
return True
raise APIAccessError('User {} has no edit access to sign {}'.format(
access_token.user_id, sign_info.sign_id))
def check_can_view_private_info(self, access_token, user_id):
if access_token.is_admin == True or access_token.user_id == user_id:
return True
raise APIAccessError(
'User {} has no access to private user info {}'.format(
access_token.user_id, user_id))
def check_can_edit_user_info(self, access_token, user_id):
if access_token.is_admin == True or access_token.user_id == user_id:
return True
raise APIAccessError(
'User {} has no access to edit user info {}'.format(
access_token.user_id, user_id))
class GetSignSession(POSTSession):
def __init__(self, global_context):
self._sign_engine = SignsEngine(global_context)
self._access_rules = global_context.access_rules
self._params = Params()
def _init_session_params(self, query):
self._params.parse(query)
def _run_session(self):
info = self._sign_engine.get_info(self._params.sign_id)
# Check user credentials
self._access_rules.check_can_read_sign(self._params.user_token,
sign_info=info)
result = {
'sign_id': info.sign_id,
'user_id': info.user_id,
'latitude': info.latitude,
'longitude': info.longitude,
'radius': info.radius,
'timestamp': info.timestamp,
'time_to_live': info.time_to_live,
'is_private': info.is_private
}
if 'meta_blob' in self._params.properties:
result['meta_blob'] = self._sign_engine.get_meta(
self._params.sign_id)
if 'object_blob' in self._params.properties:
result['object_blob'] = self._sign_engine.get_object(
self._params.sign_id)
if 'image_blob' in self._params.properties:
result['image_blob'] = self._sign_engine.get_image(
self._params.sign_id)
if 'preview_blob' in self._params.properties:
result['preview_blob'] = self._sign_engine.get_preview(
self._params.sign_id)
return result
class UpdateSignSession(POSTSession):
def __init__(self, global_context):
self._params = Params()
self._sign_engine = SignsEngine(global_context)
self._access_rules = global_context.access_rules
def _init_session_params(self, query):
self._params.user_token = query.get_user_token()
self._params.sign_id = query.get_required_int64('sign_id')
self._params.is_private = query.get_optional_bool('is_private')
def _run_session(self):
info = self._sign_engine.get_info(self._params.sign_id)
# Check user credentials
self._access_rules.check_can_edit_sign(self._params.user_token,
sign_info=info)
if self._params.is_private != None:
self._sign_engine.set_sign_privacy(self._params.sign_id,
self._params.is_private)
return {'success': True}
class GetSignStatsSession(POSTSession):
def __init__(self, global_context):
self._sign_engine = SignsEngine(global_context)
self._access_rules = global_context.access_rules
self._params = Params()
def _init_session_params(self, query):
self._params.parse(query)
def _run_session(self):
info = self._sign_engine.get_info(self._params.sign_id)
# Check user credentials
self._access_rules.check_can_read_sign(self._params.user_token,
sign_info=info)
result = {
'success': True,
'data': {
'likes_count': info.likes_count,
'views_count': info.views_count
}
}
return result