py_tasks_melange: app/soc/views/helper/access.py@0fe0cb8f7253 (annotated)

293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	1	#!/usr/bin/python2.5
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	2	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	3	# Copyright 2008 the Melange authors.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	4	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	6	# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	7	# You may obtain a copy of the License at
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	8	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	10	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	14	# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	15	# limitations under the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	16
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	17	"""Access control helper.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	18
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	19	The functions in this module can be used to check access control
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	20	related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	21	met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	22	either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	23	do not meet the required criteria.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	24	"""
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	25
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	26	__authors__ = [
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	27	'"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	28	'"Sverre Rabbelier" <sverre@rabbelier.nl>',
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	29	'"Lennard de Rijk" <ljvderijk@gmail.com>',
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	30	'"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	31	]
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	32
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	33
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	34	from google.appengine.api import users
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	35	from google.appengine.api import memcache
315 c4f1a07ee340 Add missing blank lines between imports in access.py module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 309 diff changeset	36
746 018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 729 diff changeset	37	from django.core import urlresolvers
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	38	from django.utils.translation import ugettext
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	39
481 94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be Todd Larsen <tlarsen@google.com> parents: 448 diff changeset	40	from soc.logic import accounts
720 9eb2522dfa83 Make it possible to invite another Host as Host Sverre Rabbelier <srabbelier@gmail.com> parents: 714 diff changeset	41	from soc.logic import dicts
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	42	from soc.logic.models.club_admin import logic as club_admin_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	43	from soc.logic.models.host import logic as host_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	44	from soc.logic.models.notification import logic as notification_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	45	from soc.logic.models.request import logic as request_logic
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	46	from soc.logic.models.role import logic as role_logic
891 3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect(). Todd Larsen <tlarsen@google.com> parents: 890 diff changeset	47	from soc.logic.models.site import logic as site_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	48	from soc.logic.models.user import logic as user_logic
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	49	from soc.views import helper
543 280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge Todd Larsen <tlarsen@google.com> parents: 525 diff changeset	50	from soc.views import out_of_band
891 3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect(). Todd Larsen <tlarsen@google.com> parents: 890 diff changeset	51	from soc.views.helper import redirects
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	52
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	53
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	54	DEF_NO_USER_LOGIN_MSG= ugettext(
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	55	'Please create <a href="/user/create_profile">User Profile</a>'
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	56	' in order to view this page.')
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	57
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	58	DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	59	'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	60	' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	61	' in order to view this page.')
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	62
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	63	DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	64	'Please <a href="%%(sign_out)s">sign out</a>'
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	65	' and <a href="%%(sign_in)s">sign in</a>'
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	66	' again as %(role)s to view this page.')
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	67
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	68	DEF_PAGE_DENIED_MSG = ugettext(
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	69	'Access to this page has been restricted')
2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	70
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	71	DEF_LOGOUT_MSG_FMT = ugettext(
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	72	'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	73
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	74	DEF_GROUP_NOT_FOUND_MSG = ugettext(
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	75	'The requested Group can not be found')
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	76
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	77	DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	78	'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	79	' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	80	'<ul>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	81	' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	82	' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	83	' used to create another one</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	84	' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	85	'</ul>')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	86
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	87	def denySidebar(fun):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	88	"""Decorator that denies access if the sidebar is calling.
612 3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	89	"""
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	90
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	91	from functools import wraps
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	92
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	93	@wraps(fun)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	94	def wrapper(self, django_args, args, *kwargs):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	95	if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	96	raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	97	return fun(self, django_args, args, *kwargs)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	98	return wrapper
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	99
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	100
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	101	def allowDeveloper(fun):
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	102	"""Decorator that allows access if the current user is a Developer.
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	103	"""
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	104
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	105	from functools import wraps
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	106
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	107	@wraps(fun)
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	108	def wrapper(self, django_args, args, *kwargs):
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	109	try:
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	110	# if the current user is a developer we allow access
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	111	return self.checkIsDeveloper(django_args)
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	112	except out_of_band.Error:
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	113	return fun(self, django_args, args, *kwargs)
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	114	return wrapper
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	115
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	116
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	117	class Checker(object):
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	118	"""
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	119	The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	120	when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	121	rather then modifying rights directly if so desired.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	122	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	123
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	124	def __init__(self, params):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	125	"""Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	126	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	127
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	128	base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	129	self.rights = base.rights if base else {}
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	130	self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	131	self.user = None
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	132
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	133	def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	134	"""Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	135	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	136
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	137	oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	138	self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	139
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	140	def __getitem__(self, key):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	141	"""Retrieves the right checkers and massages then into a default format.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	142
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	143	The result is guaranteed to be a list of 2-tuples, the first element is a
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	144	checker (iff there is an checker with the specified name), the second
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	145	element is a list of arguments that should be passed to the checker when
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	146	calling it in addition to the standard django_args.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	147	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	148
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	149	result = []
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	150
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	151	for i in self.rights.get(key, []):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	152	# Be nice an repack so that it is always a list with tuples
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	153	if isinstance(i, tuple):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	154	name, arg = i
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	155	tmp = (name, (arg if isinstance(arg, list) else [arg]))
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	156	result.append(tmp)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	157	else:
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	158	tmp = (i, [])
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	159	result.append(tmp)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	160
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	161	return result
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	162
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	163	def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	164	"""Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	165	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	166
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	167	return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	168
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	169	def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	170	"""Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	171	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	172
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	173	retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	174
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	175	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	176	memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	177
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	178	def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	179	"""Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	180	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	181
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	182	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	183	return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	184
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	185	def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	186	"""Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	187	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	188
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	189	checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	190	checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	191
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	192	def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	193	"""Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	194	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	195
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	196	cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	197
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	198	if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	199	try:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	200	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	201	self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	202	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	203	except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	204	self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	205	raise
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	206
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	207	if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	208	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	209
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	210	# re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	211	raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	212
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	213	def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	214	"""Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	215	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	216
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	217	if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	218	self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	219	else:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	220	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	221
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	222	def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	223	"""Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	224	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	225
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	226	self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	227	self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	228
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	229	def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	230	"""Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	231
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	232	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	233	access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	234	rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	235	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	236
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	237	Rights usage:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	238	The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	239	to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	240	are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	241	request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	242	are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	243	the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	244	type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	245	value are called.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	246	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	247
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	248	use_cache = django_args.get('SIDEBAR_CALLING')
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	249
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	250	# Call each access checker
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	251	for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	252	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	253
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	254	if access_type not in self.rights:
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	255	# No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	256	for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	257	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	258	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	259
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	260	for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	261	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	262
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	263	def allow(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	264	"""Never raises an alternate HTTP response. (an access no-op, basically).
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	265
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	266	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	267	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	268	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	269
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	270	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	271
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	272	def deny(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	273	"""Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	274
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	275	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	276	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	277
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	278	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	279	always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	280	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	281
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	282	context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	283	context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	284
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	285	raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	286
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	287	def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	288	"""Raises an alternate HTTP response if Google Account is not logged in.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	289
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	290	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	291	django_args: a dictionary with django's arguments
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	292
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	293	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	294	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	295	* if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	296	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	297
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	298	if self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	299	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	300
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	301	raise out_of_band.LoginRequest()
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	302
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	303	def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	304	"""Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	305
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	306	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	307	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	308
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	309	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	310	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	311	* if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	312	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	313
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	314	if not self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	315	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	316
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	317	raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	318
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	319	def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	320	"""Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	321
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	322	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	323	django_args: a dictionary with django's arguments
895 e70ffd079438 Even developers need to agree to the terms of service for Melange Sverre Rabbelier <srabbelier@gmail.com> parents: 892 diff changeset	324
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	325	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	326	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	327	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	328	* if no Google Account is logged in at all
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	329	* if User has not agreed to the site-wide ToS, if one exists
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	330	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	331
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	332	self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	333
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	334	if not self.user:
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	335	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	336
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	337	if user_logic.agreesToSiteToS(self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	338	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	339
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	340	# Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	341	# agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	342	login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	343	'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	344
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	345	raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	346
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	347	def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	348	"""Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	349
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	350	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	351	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	352
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	353	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	354	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	355	* if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	356	* if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	357	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	358
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	359	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	360
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	361	if not self.user and not user_logic.isFormerAccount(self.id):
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	362	# this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	363	return
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	364
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	365	message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	366	'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	367	raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	368
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	369
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	370	def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	371	"""Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	372
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	373	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	374	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	375
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	376	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	377	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	378	* if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	379	* if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	380	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	381
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	382	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	383
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	384	if not self.user:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	385	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	386
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	387	return
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	388
948 bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 943 diff changeset	389
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	390	def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	391	"""Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	392
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	393	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	394	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	395
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	396	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	397	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	398	* if User is not a Developer, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	399	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	400	* if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	401	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	402
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	403	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	404
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	405	if accounts.isDeveloper(account=self.id):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	406	return
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	407
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	408	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	409	'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	410
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	411	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	412
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	413	def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	414	"""Raises an alternate HTTP response if the specified group is not in an
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	415	active state.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	416
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	417	Note that state hasn't been implemented yet
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	418
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	419	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	420	group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	421	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	422
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	423	group_entity = role_logic.getGroupEntityFromScopePath(
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	424	group_logic.logic, django_args['scope_path'])
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	425
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	426	if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	427	raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	428
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	429	# TODO(ljvderijk) check if the group is active
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	430	return
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	431
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	432	def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	433	"""Raises an alternate HTTP response if the specified request does not exist
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	434	or if it's state is not group_accepted.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	435	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	436
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	437	self.checkIsUser(django_args)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	438
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	439	user_entity = user_logic.getForCurrentAccount()
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	440
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	441	if user_entity.link_id != django_args['link_id']:
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	442	self.deny(django_args)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	443
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	444	fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	445	'scope_path': django_args['scope_path'],
958 b4309e3cb899 Fix some missing dots in access and club_admin modules. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 950 diff changeset	446	'role': role_name}
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	447
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	448	request_entity = request_logic.getFromFieldsOr404(**fields)
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	449
940 a40056afef83 Changed the access checks to comply with state in request. Lennard de Rijk <ljvderijk@gmail.com> parents: 931 diff changeset	450	if request_entity.state != 'group_accepted':
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	451	# TODO tell the user that this request has not been accepted yet
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	452	self.deny(django_args)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	453
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	454	return
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	455
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	456	def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	457	"""Raises an alternate HTTP response if the specified request does not exist
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	458	or if it's state is completed or denied.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	459	"""
948 bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 943 diff changeset	460
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	461	fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	462	'scope_path': django_args['scope_path'],
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	463	'role': role_name}
129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	464
129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	465	request_entity = request_logic.getFromFieldsOr404(**fields)
129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	466
129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	467	if request_entity.state in ['completed', 'denied']:
129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	468	# TODO tell the user that this request has been processed
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	469	self.deny(django_args)
940 a40056afef83 Changed the access checks to comply with state in request. Lennard de Rijk <ljvderijk@gmail.com> parents: 931 diff changeset	470
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	471	return
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	472
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	473	def checkIsMyGroupAcceptedRequest(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	474	"""Raises an alternate HTTP response if the specified request does not exist
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	475	or if it's state is not group_accepted.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	476	"""
709 e71b20847eb0 Add checkIsHost in access Sverre Rabbelier <srabbelier@gmail.com> parents: 699 diff changeset	477
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	478	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	479
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	480	user_entity = user_logic.getForCurrentAccount()
709 e71b20847eb0 Add checkIsHost in access Sverre Rabbelier <srabbelier@gmail.com> parents: 699 diff changeset	481
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	482	if user_entity.link_id != django_args['link_id']:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	483	# not the current user's request
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	484	self.deny(django_args)
709 e71b20847eb0 Add checkIsHost in access Sverre Rabbelier <srabbelier@gmail.com> parents: 699 diff changeset	485
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	486	fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	487	'scope_path': django_args['scope_path'],
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	488	'role': django_args['role']}
999 71f15c023847 Developers are hosts for every sponsor now. Lennard de Rijk <ljvderijk@gmail.com> parents: 996 diff changeset	489
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	490	request_entity = request_logic.getForFields(fields, unique=True)
709 e71b20847eb0 Add checkIsHost in access Sverre Rabbelier <srabbelier@gmail.com> parents: 699 diff changeset	491
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	492	if not request_entity:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	493	# TODO return 404
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	494	self.deny(django_args)
995 886c981fda2c Added rights check to sponsor.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 992 diff changeset	495
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	496	if request_entity.state != 'group_accepted':
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	497	self.deny(django_args)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	498
709 e71b20847eb0 Add checkIsHost in access Sverre Rabbelier <srabbelier@gmail.com> parents: 699 diff changeset	499	return
e71b20847eb0 Add checkIsHost in access Sverre Rabbelier <srabbelier@gmail.com> parents: 699 diff changeset	500
1037 f706ac5beccf Fix wrong order of decorators and some cleanup Sverre Rabbelier <srabbelier@gmail.com> parents: 1023 diff changeset	501	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	502	@denySidebar
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	503	def checkIsHost(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	504	"""Raises an alternate HTTP response if Google Account has no Host entity.
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	505
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	506	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	507	request: a Django HTTP request
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	508
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	509	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	510	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	511	* if User is not already a Host, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	512	* if User has not agreed to the site-wide ToS, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	513	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	514	* if the user is not even logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	515	"""
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	516
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	517	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	518
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	519	user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	520
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	521	if django_args.get('scope_path'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	522	scope_path = django_args['scope_path']
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	523	else:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	524	scope_path = django_args['link_id']
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	525
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	526	fields = {'user': user,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	527	'scope_path': scope_path,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	528	'state': 'active'}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	529
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	530	host = host_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	531
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	532	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	533
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	534	user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	535
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	536	fields = {'user': user,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	537	'state': 'active'}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	538
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	539	host = host_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	540
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	541	if host:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	542	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	543
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	544	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	545	'role': 'a Program Administrator '}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	546
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	547	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	548
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	549	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	550	def checkIsHostForSponsor(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	551	"""Raises an alternate HTTP response if Google Account has no Host entity
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	552	for the specified Sponsor.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	553
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	554	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	555	request: a Django HTTP request
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	556
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	557	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	558	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	559	* if User is not already a Host for the specified program, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	560	* if User has not agreed to the site-wide ToS, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	561	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	562	* if the user is not even logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	563	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	564
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	565	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	566
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	567	user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	568
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	569	if django_args.get('scope_path'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	570	scope_path = django_args['scope_path']
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	571	else:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	572	scope_path = django_args['link_id']
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	573
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	574	fields = {'user': user,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	575	'scope_path': scope_path,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	576	'state': 'active'}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	577
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	578	host = host_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	579
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	580	if host:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	581	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	582
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	583	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	584	'role': 'a Program Administrator '}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	585
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	586	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	587
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	588	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	589	def checkIsClubAdminForClub(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	590	"""Returns an alternate HTTP response if Google Account has no Club Admin
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	591	entity for the specified club.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	592
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	593	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	594	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	595
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	596	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	597	AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	598
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	599	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	600	None if Club Admin exists for the specified club, or a subclass of
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	601	django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	602	should be returned by the calling view.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	603	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	604
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	605	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	606
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	607	user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	608
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	609	if django_args.get('scope_path'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	610	scope_path = django_args['scope_path']
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	611	else:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	612	scope_path = django_args['link_id']
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	613
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	614	fields = {'user': user,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	615	'scope_path': scope_path,
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	616	'state': 'active'}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	617
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	618	club_admin_entity = club_admin_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	619
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	620	if club_admin_entity:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	621	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	622
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	623	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	624	'role': 'a Club Admin for this Club'}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	625
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	626	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	627
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	628	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	629	def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	630	"""Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	631	entity for the specified Club.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	632
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	633	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	634	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	635
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	636	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	637	AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	638
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	639	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	640	None if Club App exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	641	of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	642	should be returned by the calling view.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	643	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	644
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	645	self.checkIsUser(django_args)
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	646
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	647	user = user_logic.getForCurrentAccount()
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	648
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	649	properties = {
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	650	'applicant': user,
892 c3cdb581ffd2 Replaced boolean properties in soc/models/group_app with status property. Lennard de Rijk <ljvderijk@gmail.com> parents: 891 diff changeset	651	'status': 'accepted'
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	652	}
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	653
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	654	application = app_logic.logic.getForFields(properties, unique=True)
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	655
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	656	if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	657	return
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	658
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	659	# TODO(srabbelier) Make this give a proper error message
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	660	self.deny(django_args)
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	661
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	662	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	663	def checkIsMyNotification(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	664	"""Returns an alternate HTTP response if this request is for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	665	a Notification belonging to the current user.
729 7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL Sverre Rabbelier <srabbelier@gmail.com> parents: 727 diff changeset	666
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	667	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	668	django_args: a dictionary with django's arguments
872 70e0b6d8ff73 Prepare access to receive args and kwargs as argument Sverre Rabbelier <srabbelier@gmail.com> parents: 814 diff changeset	669
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	670	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	671	AccessViolationResponse: if the required authorization is not met
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	672
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	673	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	674	None if the current User is allowed to access this Notification.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	675	"""
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	676
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	677	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	678
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	679	properties = dicts.filter(django_args, ['link_id', 'scope_path'])
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	680
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	681	notification = notification_logic.getForFields(properties, unique=True)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	682	user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	683
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	684	# We need to check to see if the key's are equal since the User
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	685	# objects are different and the default __eq__ method does not check
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	686	# if the keys are equal (which is what we want).
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	687	if user.key() == notification.scope.key():
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	688	return None
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	689
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	690	# TODO(ljvderijk) Make this give a proper error message
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	691	self.deny(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	692
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	693	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	694	def checkIsMyApplication(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	695	"""Returns an alternate HTTP response if this request is for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	696	a Application belonging to the current user.
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	697
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	698	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	699	request: a Django HTTP request
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	700
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	701	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	702	AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	703
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	704	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	705	None if the current User is allowed to access this Application.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	706	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	707
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	708	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	709
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	710	properties = dicts.filter(django_args, ['link_id'])
882 267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	711
267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	712	application = app_logic.logic.getForFields(properties, unique=True)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	713
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	714	if not application:
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	715	self.deny(django_args)
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	716
882 267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	717	# We need to check to see if the key's are equal since the User
267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	718	# objects are different and the default __eq__ method does not check
267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	719	# if the keys are equal (which is what we want).
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	720	if self.user.key() == application.applicant.key():
882 267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	721	return None
267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	722
267e31f1a0b6 Added club_app model and logic. Lennard de Rijk <ljvderijk@gmail.com> parents: 872 diff changeset	723	# TODO(srabbelier) Make this give a proper error message
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	724	self.deny(django_args)
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	725
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	726	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	727	def checkIsMyActiveRole(self, django_args, role_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	728	"""Returns an alternate HTTP response if there is no active role found for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	729	the current user using the given role_logic.
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	730
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	731	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	732	AccessViolationResponse: if the required authorization is not met
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	733
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	734	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	735	None if the current User has no active role for the given role_logic.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	736	"""
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	737
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	738	if not self.user or self.user.link_id != django_args['link_id']:
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	739	# not my role
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	740	self.deny(django_args)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	741
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	742	fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	743	'scope_path': django_args['scope_path']
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	744	}
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	745
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	746	role_entity = role_logic.logic.getForFields(fields, unique=True)
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	747
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	748	if not role_entity:
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	749	# no role found
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	750	self.deny(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	751
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	752	if role_entity.state == 'active':
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	753	# this role exist and is active
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	754	return
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	755	else:
6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	756	# this role is not active
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	757	self.deny(django_args)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	758
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	759	def checkHasPickGetArgs(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	760	"""Raises an alternate HTTP response if the request misses get args.
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	761
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	762	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	763	django_args: a dictionary with django's arguments
931 1131884c3c56 Add a simple access check for a picker Sverre Rabbelier <srabbelier@gmail.com> parents: 927 diff changeset	764
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	765	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	766	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	767	* if continue is not in request.GET
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	768	* if field is not in request.GET
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	769	"""
931 1131884c3c56 Add a simple access check for a picker Sverre Rabbelier <srabbelier@gmail.com> parents: 927 diff changeset	770
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	771	get_args = django_args.get('GET', {})
931 1131884c3c56 Add a simple access check for a picker Sverre Rabbelier <srabbelier@gmail.com> parents: 927 diff changeset	772
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	773	if 'continue' in get_args and 'field' in get_args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	774	return
931 1131884c3c56 Add a simple access check for a picker Sverre Rabbelier <srabbelier@gmail.com> parents: 927 diff changeset	775
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	776	#TODO(SRabbelier) inform user that return_url and field are required
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	777	self.deny(django_args)
931 1131884c3c56 Add a simple access check for a picker Sverre Rabbelier <srabbelier@gmail.com> parents: 927 diff changeset	778
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	779	def checkIsDocumentPublic(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	780	"""Checks whether a document is public.
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	781
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	782	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	783	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	784	"""
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	785
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	786	# TODO(srabbelier): A proper check needs to be done to see if the document
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	787	# is public or not, probably involving analysing it's scope or such.
1023 d849b47645f9 Bugfixes after recent refactoring Sverre Rabbelier <srabbelier@gmail.com> parents: 1017 diff changeset	788	self.allow(django_args)

author	Lennard de Rijk <ljvderijk@gmail.com>
	Wed, 28 Jan 2009 17:33:05 +0000
changeset 1048	0fe0cb8f7253
parent 1043	5e15994b2033
child 1061	09c243461de8
permissions	-rw-r--r--