diff options
Diffstat (limited to 'sugar_network/resources/user.py')
-rw-r--r-- | sugar_network/resources/user.py | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/sugar_network/resources/user.py b/sugar_network/resources/user.py index a120832..717888c 100644 --- a/sugar_network/resources/user.py +++ b/sugar_network/resources/user.py @@ -15,10 +15,15 @@ import active_document as ad from sugar_network.node import stats +from active_toolkit import enforce class User(ad.Document): + @ad.active_property(prefix='L', typecast=[], default=['public']) + def layer(self, value): + return value + @ad.active_property(slot=1, prefix='N', full_text=True) def name(self, value): return value @@ -43,7 +48,7 @@ class User(ad.Document): def tags(self, value): return value - @ad.active_property(slot=5, prefix='L', full_text=True, default='') + @ad.active_property(slot=5, prefix='P', full_text=True, default='') def location(self, value): return value @@ -51,9 +56,11 @@ class User(ad.Document): def birthday(self, value): return value - @ad.document_command(method='GET', cmd='stats-info', - permissions=ad.ACCESS_AUTHOR) - def _stats_info(self): + @ad.document_command(method='GET', cmd='stats-info') + def _stats_info(self, request): + enforce(request.principal == self['guid'], ad.Forbidden, + 'Operation is permitted only for authors') + status = {} rrd = stats.get_rrd(self.guid) for name, __, last_update in rrd.dbs: @@ -65,9 +72,11 @@ class User(ad.Document): 'status': status, } - @ad.document_command(method='POST', cmd='stats-upload', - permissions=ad.ACCESS_AUTHOR) + @ad.document_command(method='POST', cmd='stats-upload') def _stats_upload(self, request): + enforce(request.principal == self['guid'], ad.Forbidden, + 'Operation is permitted only for authors') + name = request.content['name'] values = request.content['values'] rrd = stats.get_rrd(self.guid) |