|
|
|
|
@ -255,7 +255,7 @@ class EventCreationHandler(object): |
|
|
|
|
|
|
|
|
|
@defer.inlineCallbacks |
|
|
|
|
def create_event(self, requester, event_dict, token_id=None, txn_id=None, |
|
|
|
|
prev_events_and_hashes=None): |
|
|
|
|
prev_events_and_hashes=None, require_consent=True): |
|
|
|
|
""" |
|
|
|
|
Given a dict from a client, create a new event. |
|
|
|
|
|
|
|
|
|
@ -276,6 +276,9 @@ class EventCreationHandler(object): |
|
|
|
|
where *hashes* is a map from algorithm to hash. |
|
|
|
|
|
|
|
|
|
If None, they will be requested from the database. |
|
|
|
|
|
|
|
|
|
require_consent (bool): Whether to check if the requester has |
|
|
|
|
consented to privacy policy. |
|
|
|
|
Raises: |
|
|
|
|
ResourceLimitError if server is blocked to some resource being |
|
|
|
|
exceeded |
|
|
|
|
@ -317,7 +320,7 @@ class EventCreationHandler(object): |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
is_exempt = yield self._is_exempt_from_privacy_policy(builder, requester) |
|
|
|
|
if not is_exempt: |
|
|
|
|
if require_consent and not is_exempt: |
|
|
|
|
yield self.assert_accepted_privacy_policy(requester) |
|
|
|
|
|
|
|
|
|
if token_id is not None: |
|
|
|
|
@ -388,17 +391,6 @@ class EventCreationHandler(object): |
|
|
|
|
if self._block_events_without_consent_error is None: |
|
|
|
|
return |
|
|
|
|
|
|
|
|
|
# exempt AS users from needing consent |
|
|
|
|
if requester.app_service is not None: |
|
|
|
|
return |
|
|
|
|
|
|
|
|
|
# Check if the user has accepted the privacy policy. We only do this if |
|
|
|
|
# the requester has an associated access_token_id, which indicates that |
|
|
|
|
# this action came from a user request rather than an automatice server |
|
|
|
|
# or admin action. |
|
|
|
|
if requester.access_token_id is None: |
|
|
|
|
return |
|
|
|
|
|
|
|
|
|
user_id = requester.user.to_string() |
|
|
|
|
|
|
|
|
|
# exempt the system notices user |
|
|
|
|
|
Erik Johnston
6 years ago