def canRead(id, userId):
"""
Check if a user can read a shift. The user must have
either:
1. Created the shift
2. The shift must be published and public
3. If the user is subscribed to a stream the shift is on.
4. If the shift is published to the user's private stream.
Parameters:
id - a shift id.
Returns:
bool.
"""
db = core.connect()
theShift = db[id]
if user.isAdmin(userId):
return True
if theShift["createdBy"] == userId:
return True
if theShift["publishData"]["draft"]:
return False
theUser = db[userId]
if not theShift["publishData"]["private"]:
return True
if theUser["privateStream"] in theShift["publishData"]["streams"]:
return True
shiftStreams = theShift["publishData"]["streams"]
readableStreams = permission.readableStreams(userId)
allowed = set(shiftStreams).intersection(readableStreams)
return len(allowed) > 0
def canUnpublish(id, userId):
"""
Check where a user can unpublish a shift.
Parameters:
id - a shift id.
userId - a user id.
Returns:
bool.
"""
db = core.connect()
theShift = db[id]
return user.isAdmin(userId) or (userId == theShift['createdBy'])
def canDelete(id, userId):
"""
Check if a user can delete an event. Allowed under the following conditions:
1. the user is admin.
2. the user created the event.
Parameters:
id - an event id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
theEvent = read(id)
return theEvent["createdBy"] == userId
def canDelete(id, userId):
"""
Returns true if:
1. User is admin.
2. User created the stream.
Parameters:
id - a stream id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
theStream = read(id)
if theStream["createdBy"] == userId:
return True
return False
def canAdmin(id, userId):
"""
Return true if:
1. User is admin.
2. User created the stream.
3. User can admin the stream.
Parameters:
id - a stream id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
theStream = read(id)
if theStream["createdBy"] == userId:
return True
adminable = permission.adminStreams(userId)
return id in adminable
def canCreate(data, userId):
"""
Check if a user can create an event. Allowed under the following conditions:
1. user is admin.
2. the stream is public.
3. the stream is writeable by the user.
Parameters:
data - the event data.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
streamId = data["streamId"]
theStream = stream.read(userId)
if not theStream["private"]:
return True
writeable = permission.writeableStreams(userId)
return (streamId in writeable)
def canRead(id, userId):
"""
Check if a user can read an event. Allowed under the following conditions:
1. the user is admin.
2. the stream is public.
3. the stream is readable by the user.
Parameters:
id - an event id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
streamId = data["streamId"]
theStream = stream.read(userId)
if not theStream["private"]:
return True
readable = permission.readableStreams(userId)
return (streamId in readable)
def canRead(id, userId):
"""
Returns true if:
1. User is admin.
2. The stream is public.
3. The user created the stream.
4. The user has read permission for the stream.
Parameters:
id - a stream id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
theStream = read(id)
if theStream["createdBy"] == userId:
return True
if not theStream["private"]:
return True
readableStreams = permission.readableStreams(userId)
return id in readableStreams
def canSubscribe(id, userId):
"""
Return true if:
1. User is admin.
2. User created the stream.
3. The stream is public.
4. User has join permissions.
Parameters:
id - a stream id.
userId - a user id.
Returns:
bool.
"""
if user.isAdmin(userId):
return True
theStream = read(id)
if theStream["createdBy"] == userId:
return True
if not theStream["private"]:
return True
joinable = permission.joinableStreams(userId)
return id in joinable
def create(data):
"""
Create will fail if:
1. No stream specified.
2. No creator specified.
3. Attempting to create an event on a public stream.
4. Attempting to create a permission for a user on a stream if a permission
for that user on that stream already exists.
5. Attempting to create an event without proper permission. Must either be
an amdin for that stream or running as admin for shiftserver.
Parameters:
data - dictionary containing the permission data.
Returns:
a dictionary of the new permission document values.
"""
db = core.connect()
streamId = data["streamId"]
createdBy = data["createdBy"]
if not streamId:
raise MissingStreamError
if not createdBy:
raise MissingCreatorError
if stream.isPublic(streamId):
raise CreateEventOnPublicStreamError
if permissionForUser(createdBy, streamId):
raise PermissionAlreadyExistsError
allowed = user.isAdmin(createdBy)
if not allowed:
allowed = stream.isOwner(streamId, createdBy)
if not allowed:
adminable = adminStreams(createdBy)
allowed = streamId in adminable
if not allowed:
raise CreateEventPermissionError
newPermission = schema.permission()
newPermission.update(data)
newPermission["type"] = "permission"
id = db.create(newPermission)
return db[id]
def canCreate(id, userId):
if user.isAdmin(userId):
return True
return True
