abstract BaseAuth.is_authority_for

- allows us to check parent auth entities to see if they have authority over child auth entities (i.e. Facebook users and pages)
snarfed · May 22, 2015 · d04835e · d04835e
1 parent 2ac5772
commit d04835e
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/facebook.py b/facebook.py
@@ -106,6 +106,20 @@ def for_page(self, page_id):
 
     return None
 
+  def is_authority_for(self, key):
+    """Additionally check if the key represents a Page that this user has
+    authority over.
+
+    Args:
+      auth_entity_key: ndb.Key
+
+    Returns: boolean, true if key represents this user or one of the
+    user's pages.
+    """
+    return super(FacebookAuth, self).is_authority_for(key) or any(
+      key == self.for_page(page.get('id')).key
+      for page in json.loads(self.pages_json))
+
 
 class StartHandler(handlers.StartHandler):
   """Starts Facebook auth. Requests an auth code and expects a redirect back.

diff --git a/models.py b/models.py
@@ -64,6 +64,21 @@ def urlopen(self, url, **kwargs):
     """
     raise NotImplementedError()
 
+  def is_authority_for(self, key):
+    """When disabling or modifying an account, it's useful to re-auth the
+    user to make sure they have have permission to modify that
+    account. Typically this means the auth entity represents the exact
+    same user, but in some cases (e.g., Facebook Pages), a user may
+    control several unique identities. So authenticating as a user
+    should give you authority over their pages.
+
+    Args:
+      key: ndb.Key
+
+    Returns: boolean, true if key represents the same account as this entity
+    """
+    return self.key == key
+
   @staticmethod
   def urlopen_access_token(url, access_token, api_key=None, **kwargs):
     """Wraps urllib2.urlopen() and adds an access_token query parameter.