py_tasks_melange: app/soc/modules/ghop/views/helper/access.py@2289f97d6216 (annotated)

2840 41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	1	#!/usr/bin/python2.5
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	2	#
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	3	# Copyright 2009 the Melange authors.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	4	#
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License");
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	6	# you may not use this file except in compliance with the License.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	7	# You may obtain a copy of the License at
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	8	#
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	10	#
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	14	# See the License for the specific language governing permissions and
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	15	# limitations under the License.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	16
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	17	"""Access control helper.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	18
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	19	See soc.views.helper.access module.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	20	"""
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	21
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	22	__authors__ = [
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	23	'"Madhusudan.C.S" <madhusudancs@gmail.com>'
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	24	]
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	25
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	26
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	27	from django.utils.translation import ugettext
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	28
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	29	from soc.logic.helper import timeline as timeline_helper
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	30	from soc.logic.models import host as host_logic
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	31	from soc.logic.models import user as user_logic
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	32	from soc.views import out_of_band
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	33	from soc.views.helper import access
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	34
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	35	from soc.modules.ghop.logic.models import mentor as ghop_mentor_logic
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	36	from soc.modules.ghop.logic.models import org_admin as ghop_org_admin_logic
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	37	from soc.modules.ghop.logic.models import task as ghop_task_logic
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	38
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	39
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	40	DEF_CANT_EDIT_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	41	'This task cannot be edited since it has been claimed at least '
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	42	'once before.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	43
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	44	DEF_MAX_TASKS_REACHED_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	45	'You have reached the maximum number of Tasks allowed '
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	46	'for your organization for this program.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	47
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	48	DEF_NEED_ROLE_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	49	'You do not have the required role.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	50
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	51	DEF_NO_ACTIVE_ENTITY_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	52	'There is no such active entity.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	53
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	54	DEF_NO_PUB_TASK_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	55	'There is no such published task.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	56
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	57	DEF_PAGE_INACTIVE_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	58	'This page is inactive at this time.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	59
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	60	DEF_SIGN_UP_AS_OA_MENTOR_MSG = ugettext(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	61	'You first need to sign up as an Org Admin or a Mentor.')
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	62
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	63
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	64	class GHOPChecker(access.Checker):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	65	"""See soc.views.helper.access.Checker.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	66	"""
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	67
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	68	@access.allowDeveloper
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	69	@access.denySidebar
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	70	def checkCanOrgAdminOrMentorEdit(self, django_args,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	71	key_location, check_limit):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	72	"""Checks if the mentors can create task for this program,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	73	and obeys the task quota limit assigned for their org when check_limit is
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	74	True.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	75
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	76	Args:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	77	django_args: a dictionary with django's arguments
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	78	key_location: the key for django_args in which the key_name
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	79	from the mentor is stored
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	80	check_limit: iff true checks if the organization reached the
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	81	task quota limit for the given program.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	82	"""
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	83
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	84	self.checkIsUser(django_args)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	85
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	86	user_account = user_logic.logic.getForCurrentAccount()
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	87
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	88	filter = {
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	89	'user': user_account,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	90	'scope_path': django_args[key_location],
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	91	'status': 'active'
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	92	}
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	93
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	94	role_entity = ghop_org_admin_logic.logic.getForFields(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	95	filter, unique=True)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	96	if not role_entity:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	97	role_entity = ghop_mentor_logic.logic.getForFields(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	98	filter, unique=True)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	99
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	100	if not role_entity:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	101	raise out_of_band.AccessViolation(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	102	message_fmt=DEF_SIGN_UP_AS_OA_MENTOR_MSG)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	103
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	104	program_entity = role_entity.program
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	105
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	106	if not timeline_helper.isActivePeriod(program_entity.timeline,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	107	'program'):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	108	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	109
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	110	org_entity = role_entity.scope
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	111
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	112	if check_limit:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	113	# count all tasks from this organization
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	114	fields = {'scope': org_entity}
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	115	task_query = ghop_task_logic.logic.getQueryForFields(fields)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	116
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	117	if task_query.count() >= org_entity.task_quota_limit:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	118	# too many tasks access denied
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	119	raise out_of_band.AccessViolation(message_fmt=DEF_MAX_TASKS_REACHED)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	120
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	121	if 'link_id' in django_args:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	122	task_filter = {
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	123	'link_id': django_args['link_id'],
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	124	'scope_path': django_args['scope_path'],
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	125	}
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	126	task_entity = ghop_task_logic.logic.getFromKeyFields(task_filter)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	127
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	128	if task_entity.status not in ['Unapproved', 'Unpublished', 'Open']:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	129	# task is claimed at least once
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	130	raise out_of_band.AccessViolation(message_fmt=DEF_CANT_EDIT_MSG)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	131
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	132	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	133
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	134	@access.allowDeveloper
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	135	@access.denySidebar
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	136	def checkRoleAndStatusForTask(self, django_args, allowed_roles,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	137	role_status, task_status):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	138	"""Checks if the current user has access to the given task.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	139
2841 2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	140	This method checks if the current user is in one of the allowed_roles
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	141	and has specified role_status, If yes, allows him to access the Task page.
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	142
2840 41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	143	Args:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	144	django_args: a dictionary with django's arguments
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	145	allowed_roles: list with names for the roles allowed to pass access check
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	146	role_status: list with states allowed for the role
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	147	task_status: a list with states allowed for the task
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	148
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	149	Raises:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	150	AccessViolationResponse:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	151	- If there is no task found
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	152	- If the task is not in one of the required states.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	153	- If the user does not have any of the required roles
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	154	"""
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	155
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	156	self.checkIsUser(django_args)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	157
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	158	if 'link_id' in django_args:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	159	# bail out with 404 if no task is found
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	160	task_entity = ghop_task_logic.logic.getFromKeyFieldsOr404(django_args)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	161
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	162	if not task_entity.status in task_status:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	163	# this task can not be accessed at the moment
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	164	raise out_of_band.AccessViolation(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	165	message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	166
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	167	user_entity = self.user
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	168
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	169	filter = {
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	170	'user': user_entity,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	171	'status': role_status}
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	172
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	173	if 'host' in allowed_roles:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	174	# check if the current user is a host for this proposal's program
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	175	filter['scope'] = task_entity.program
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	176
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	177	if host_logic.logic.getForFields(filter, unique=True):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	178	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	179
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	180	if 'ghop/org_admin' in allowed_roles:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	181	# check if the current user is an admin for this task's org
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	182	filter['scope_path'] = django_args['scope_path']
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	183
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	184	if ghop_org_admin_logic.logic.getForFields(filter, unique=True):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	185	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	186
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	187	if 'ghop/mentor' in allowed_roles:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	188	# check if the current user is a mentor for this task's org
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	189	filter['scope_path'] = django_args['scope_path']
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	190
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	191	if ghop_mentor_logic.logic.getForFields(filter, unique=True):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	192	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	193
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	194	if 'public' in allowed_roles:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	195	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	196
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	197	# no roles found, access denied
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	198	raise out_of_band.AccessViolation(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	199	message_fmt=DEF_NEED_ROLE_MSG)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	200
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	201	def checkStatusForTask(self, django_args):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	202	"""Checks if the current user has access to the given task.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	203
2841 2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	204	This method checks if the current user is either an GHOP Org Admin or a
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	205	Mentor and is active, if yes it allows them to view the task page at any
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	206	task state. If the user is none of the above, it checks the status of the
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	207	task, and if it is in one of the valid published states it allows access
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	208	to view the task page.
2289f97d6216 Updated the docstrings for GHOP access methods. Madhusudan.C.S <madhusudancs@gmail.com> parents: 2840 diff changeset	209
2840 41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	210	Args:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	211	django_args: a dictionary with django's arguments
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	212
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	213	Raises:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	214	AccessViolationResponse:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	215	- If there is no task found
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	216	- If the task is not in one of the required states.
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	217	"""
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	218
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	219	try:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	220	self.checkIsUser(django_args)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	221	user_entity = self.user
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	222
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	223	filter = {
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	224	'user': user_entity,
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	225	'status': 'active',
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	226	'scope_path': django_args['scope_path'],
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	227	}
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	228
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	229	if ghop_org_admin_logic.logic.getForFields(filter, unique=True):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	230	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	231
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	232	if ghop_mentor_logic.logic.getForFields(filter, unique=True):
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	233	return
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	234
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	235	except out_of_band.Error:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	236	pass
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	237
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	238	# bail out with 404 if no task is found
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	239	task_entity = ghop_task_logic.logic.getFromKeyFieldsOr404(django_args)
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	240
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	241	if task_entity.status in ['Unapproved', 'Unpublished', 'Invalid']:
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	242	# this proposal can not be task at the moment
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	243	raise out_of_band.AccessViolation(
41f7938a35b0 Added access checks for GHOP Module. Madhusudan.C.S <madhusudancs@gmail.com> parents: diff changeset	244	message_fmt=DEF_NO_PUB_TASK_MSG)

author	Madhusudan.C.S <madhusudancs@gmail.com>
	Sun, 30 Aug 2009 17:50:54 +0530
changeset 2841	2289f97d6216
parent 2840	41f7938a35b0
child 2922	6e373954bbf6
permissions	-rw-r--r--