app/soc/views/helper/access.py
author Sverre Rabbelier <srabbelier@gmail.com>
Sat, 31 Jan 2009 22:32:54 +0000
changeset 1135 24d695060863
parent 1122 659984867a9a
child 1142 da2487767ef4
permissions -rw-r--r--
Hook up the ACL system for documents. Org access checks are left unimplemented as they are not done yet. Patch by: Sverre Rabbelier
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     1
#!/usr/bin/python2.5
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     2
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     3
# Copyright 2008 the Melange authors.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     4
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     5
# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     6
# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     7
# You may obtain a copy of the License at
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     8
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     9
#   http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    10
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    11
# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    12
# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    14
# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    15
# limitations under the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    16
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    17
"""Access control helper.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    18
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    19
The functions in this module can be used to check access control
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    20
related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    21
met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    22
either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    23
do not meet the required criteria.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    24
"""
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    25
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    26
__authors__ = [
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    27
  '"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    28
  '"Sverre Rabbelier" <sverre@rabbelier.nl>',
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
    29
  '"Lennard de Rijk" <ljvderijk@gmail.com>',
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    30
  '"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    31
  ]
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    32
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    33
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    34
from google.appengine.api import users
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
    35
from google.appengine.api import memcache
315
c4f1a07ee340 Add missing blank lines between imports in access.py module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 309
diff changeset
    36
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
    37
from django.core import urlresolvers
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    38
from django.utils.translation import ugettext
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    39
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
    40
from soc.logic import accounts
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
    41
from soc.logic import dicts
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    42
from soc.logic import rights as rights_logic
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
    43
from soc.logic.models.club_admin import logic as club_admin_logic
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    44
from soc.logic.models.club_member import logic as club_member_logic
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
    45
from soc.logic.models.document import logic as document_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    46
from soc.logic.models.host import logic as host_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    47
from soc.logic.models.notification import logic as notification_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    48
from soc.logic.models.request import logic as request_logic
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
    49
from soc.logic.models.role import logic as role_logic
891
3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect().
Todd Larsen <tlarsen@google.com>
parents: 890
diff changeset
    50
from soc.logic.models.site import logic as site_logic
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
    51
from soc.logic.models.program import logic as program_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    52
from soc.logic.models.user import logic as user_logic
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
    53
from soc.logic.models.timeline import logic as timeline_logic
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    54
from soc.views import helper
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
    55
from soc.views import out_of_band
891
3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect().
Todd Larsen <tlarsen@google.com>
parents: 890
diff changeset
    56
from soc.views.helper import redirects
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    57
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    58
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    59
DEF_NO_USER_LOGIN_MSG= ugettext(
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    60
  'Please create <a href="/user/create_profile">User Profile</a>'
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    61
  ' in order to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    62
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    63
DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    64
  'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    65
  ' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    66
  ' in order to view this page.')
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    67
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    68
DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    69
  'Please <a href="%%(sign_out)s">sign out</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    70
  ' and <a href="%%(sign_in)s">sign in</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    71
  ' again as %(role)s to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    72
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    73
DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext(
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    74
  'You need to be in the %(status)s group to %(action)s'
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    75
  ' documents in the %(prefix)s prefix.')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    76
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    77
DEF_PAGE_DENIED_MSG = ugettext(
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    78
  'Access to this page has been restricted')
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    79
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    80
DEF_LOGOUT_MSG_FMT = ugettext(
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    81
    'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    82
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
    83
DEF_GROUP_NOT_FOUND_MSG = ugettext(
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
    84
    'The requested Group can not be found')
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
    85
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    86
DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    87
    'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    88
    ' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    89
    '<ul>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    90
    ' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    91
    ' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    92
    ' used to create another one</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    93
    ' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    94
    '</ul>')
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    95
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
    96
def denySidebar(fun):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
    97
  """Decorator that denies access if the sidebar is calling.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    98
  """
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    99
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   100
  from functools import wraps
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   101
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   102
  @wraps(fun)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   103
  def wrapper(self, django_args, *args, **kwargs):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   104
    if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   105
      raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   106
    return fun(self, django_args, *args, **kwargs)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   107
  return wrapper
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   108
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   109
1073
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   110
def allowIfCheckPasses(checker_name):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   111
  """Returns a decorator that allows access if the specified checker passes.
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   112
  """
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   113
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   114
  from functools import wraps
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   115
1073
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   116
  def decorator(fun):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   117
    """Decorator that allows access if the current user is a Developer.
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   118
    """
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   119
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   120
    @wraps(fun)
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   121
    def wrapper(self, django_args, *args, **kwargs):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   122
      try:
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   123
        # if the check passes we allow access regardless
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   124
        return self.doCheck(checker_name, django_args, [])
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   125
      except out_of_band.Error:
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   126
        # otherwise we run the original check
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   127
        return fun(self, django_args, *args, **kwargs)
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   128
    return wrapper
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   129
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   130
  return decorator
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   131
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   132
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   133
allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   134
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   135
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   136
class Checker(object):
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   137
  """
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   138
  The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   139
  when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   140
  rather then modifying rights directly if so desired.
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   141
  """
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   142
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   143
  MEMBERSHIP = {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   144
    'anyone': 'allow',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   145
    'club_admin': 'checkIsClubAdminForScope',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   146
    'club_member': 'checkIsClubMemberForScope',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   147
    'host': 'checkHasHostEntity',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   148
    'org_admin': 'deny',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   149
    'org_mentor': 'deny',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   150
    'org_student': 'deny',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   151
    'user': 'checkIsUser',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   152
    'user_self': 'checkIsUserSelf',
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   153
    }
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   154
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   155
  def __init__(self, params):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   156
    """Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   157
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   158
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   159
    base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   160
    self.rights = base.rights if base else {}
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   161
    self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   162
    self.user = None
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   163
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   164
  def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   165
    """Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   166
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   167
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   168
    oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   169
    self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   170
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   171
  def __getitem__(self, key):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   172
    """Retrieves the right checkers and massages then into a default format.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   173
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   174
    The result is guaranteed to be a list of 2-tuples, the first element is a
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   175
    checker (iff there is an checker with the specified name), the second
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   176
    element is a list of arguments that should be passed to the checker when
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   177
    calling it in addition to the standard django_args.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   178
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   179
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   180
    result = []
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   181
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   182
    for i in self.rights.get(key, []):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   183
      # Be nice an repack so that it is always a list with tuples
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   184
      if isinstance(i, tuple):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   185
        name, arg = i
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   186
        tmp = (name, (arg if isinstance(arg, list) else [arg]))
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   187
        result.append(tmp)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   188
      else:
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   189
        tmp = (i, [])
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   190
        result.append(tmp)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   191
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   192
    return result
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   193
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   194
  def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   195
    """Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   196
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   197
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   198
    return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   199
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   200
  def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   201
    """Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   202
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   203
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   204
    retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   205
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   206
    memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   207
    memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   208
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   209
  def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   210
    """Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   211
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   212
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   213
    memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   214
    return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   215
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   216
  def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   217
    """Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   218
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   219
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   220
    checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   221
    checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   222
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   223
  def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   224
    """Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   225
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   226
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   227
    cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   228
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   229
    if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   230
      try:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   231
        self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   232
        self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   233
        return
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   234
      except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   235
        self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   236
        raise
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   237
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   238
    if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   239
      return
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   240
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   241
    # re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   242
    raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   243
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   244
  def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   245
    """Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   246
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   247
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   248
    if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   249
      self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   250
    else:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   251
      self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   252
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   253
  def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   254
    """Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   255
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   256
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   257
    self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   258
    self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   259
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   260
  def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   261
    """Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   262
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   263
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   264
      access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   265
      rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   266
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   267
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   268
    Rights usage:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   269
      The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   270
      to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   271
      are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   272
      request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   273
      are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   274
      the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   275
      type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   276
      value are called.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   277
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   278
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   279
    use_cache = django_args.get('SIDEBAR_CALLING')
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   280
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   281
    # Call each access checker
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   282
    for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   283
      self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   284
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   285
    if access_type not in self.rights:
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   286
      # No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   287
      for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   288
        self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   289
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   290
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   291
    for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   292
      self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   293
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   294
  def checkMembership(self, action, prefix, status, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   295
    """Checks whether the user has access to the specified status.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   296
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   297
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   298
      action: the action that was performed (e.g., 'read')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   299
      prefix: the prefix, determines what access set is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   300
      status: the access status (e.g., 'public')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   301
      django_args: the django args to pass on to the checkers
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   302
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   303
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   304
    checker = rights_logic.Checker(prefix)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   305
    roles = checker.getMembership(status)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   306
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   307
    message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   308
        'action': action,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   309
        'prefix': prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   310
        'status': status,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   311
        }
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   312
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   313
    # try to see if they belong to any of the roles, if not, raise an
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   314
    # access violation for the specified action, prefix and status.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   315
    for role in roles:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   316
      try:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   317
        checker_name = self.MEMBERSHIP[role]
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   318
        self.doCheck(checker_name, django_args, [])
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   319
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   320
        # the check passed, we can stop now
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   321
        break
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   322
      except out_of_band.Error:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   323
        continue
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   324
    else:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   325
      raise out_of_band.AccessViolation(message_fmt)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   326
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   327
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   328
  def allow(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   329
    """Never raises an alternate HTTP response.  (an access no-op, basically).
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   330
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   331
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   332
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   333
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   334
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   335
    return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   336
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   337
  def deny(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   338
    """Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   339
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   340
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   341
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   342
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   343
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   344
      always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   345
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   346
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   347
    context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   348
    context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   349
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   350
    raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   351
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   352
  def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   353
    """Raises an alternate HTTP response if Google Account is not logged in.
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   354
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   355
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   356
      django_args: a dictionary with django's arguments
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   357
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   358
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   359
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   360
      * if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   361
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   362
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   363
    if self.id:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   364
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   365
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   366
    raise out_of_band.LoginRequest()
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   367
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   368
  def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   369
    """Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   370
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   371
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   372
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   373
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   374
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   375
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   376
      * if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   377
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   378
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   379
    if not self.id:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   380
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   381
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   382
    raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   383
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   384
  def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   385
    """Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   386
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   387
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   388
      django_args: a dictionary with django's arguments
895
e70ffd079438 Even developers need to agree to the terms of service for Melange
Sverre Rabbelier <srabbelier@gmail.com>
parents: 892
diff changeset
   389
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   390
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   391
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   392
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   393
      * if no Google Account is logged in at all
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   394
      * if User has not agreed to the site-wide ToS, if one exists
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   395
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   396
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   397
    self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   398
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   399
    if not self.user:
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   400
      raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   401
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   402
    if user_logic.agreesToSiteToS(self.user):
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   403
      return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   404
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   405
    # Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   406
    # agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   407
    login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   408
        'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   409
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   410
    raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   411
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   412
  @allowDeveloper
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   413
  def checkIsUserSelf(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   414
    """Checks whether the specified user is the logged in user
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   415
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   416
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   417
      django_args: the keyword args from django, only scope_path is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   418
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   419
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   420
    if not 'scope_path' in django_args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   421
      self.deny(django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   422
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   423
    if self.user.link_id == django_args['scope_path']:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   424
      return
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   425
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   426
    raise out_of_band.AccessViolation()
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   427
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   428
  def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   429
    """Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   430
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   431
    Args:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   432
      django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   433
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   434
    Raises:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   435
      AccessViolationResponse:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   436
      * if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   437
      * if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   438
    """
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   439
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   440
    self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   441
1048
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   442
    if not self.user and not user_logic.isFormerAccount(self.id):
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   443
      # this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   444
      return
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   445
1048
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   446
    message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   447
        'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   448
    raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   449
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   450
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   451
  def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   452
    """Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   453
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   454
    Args:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   455
      django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   456
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   457
    Raises:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   458
      AccessViolationResponse:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   459
      * if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   460
      * if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   461
    """
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   462
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   463
    self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   464
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   465
    if not self.user:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   466
      raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   467
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   468
    return
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   469
948
bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 943
diff changeset
   470
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   471
  def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   472
    """Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   473
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   474
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   475
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   476
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   477
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   478
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   479
      * if User is not a Developer, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   480
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   481
      * if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   482
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   483
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   484
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   485
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   486
    if accounts.isDeveloper(account=self.id):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   487
      return
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   488
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   489
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   490
        'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   491
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   492
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   493
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   494
  @allowDeveloper
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   495
  @denySidebar
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   496
  def checkIsGroupActive(self, django_args, group_logic):
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   497
    """Raises an alternate HTTP response if Group status is not active.
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   498
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   499
    Args:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   500
      django_args: a dictionary with django's arguments
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   501
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   502
    Raises:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   503
      AccessViolationResponse:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   504
      * if no Group is found
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   505
      * if the Group status is not active
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   506
    """
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   507
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   508
    fields = {'link_id': django_args['link_id']}
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   509
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   510
    if django_args.get('scope_path'):
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   511
      fields['scope_path'] = django_args['scope_path']
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   512
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   513
    group_entity = group_logic.logic.getFromKeyFieldsOr404(fields)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   514
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   515
    if group_entity.status == 'active':
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   516
      return
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   517
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   518
    # TODO tell the user that this group is not active
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   519
    self.deny(django_args)
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   520
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   521
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   522
  def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   523
    """Raises an alternate HTTP response if the specified group is not in an
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   524
    active status.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   525
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   526
    Note that status hasn't been implemented yet
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   527
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   528
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   529
      group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   530
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   531
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   532
    group_entity = role_logic.getGroupEntityFromScopePath(
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   533
        group_logic.logic, django_args['scope_path'])
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   534
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   535
    if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   536
      raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   537
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   538
    if group_entity.status != 'active':
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   539
      # TODO tell the user that this group is not active
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   540
      self.deny(django_args)
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   541
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   542
    return
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   543
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   544
  def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   545
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   546
       or if it's status is not group_accepted. Also when the group this request
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   547
       is from is in an inactive or invalid status access will be denied.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   548
    """
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   549
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   550
    self.checkIsUser(django_args)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   551
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   552
    user_entity = user_logic.getForCurrentAccount()
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   553
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   554
    if user_entity.link_id != django_args['link_id']:
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   555
      self.deny(django_args)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   556
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   557
    fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   558
        'scope_path': django_args['scope_path'],
958
b4309e3cb899 Fix some missing dots in access and club_admin modules.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 950
diff changeset
   559
        'role': role_name}
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   560
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   561
    request_entity = request_logic.getFromKeyFieldsOr404(fields)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   562
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   563
    if request_entity.status != 'group_accepted':
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   564
      # TODO tell the user that this request has not been accepted yet
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   565
      self.deny(django_args)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   566
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   567
    if request_entity.scope.status in ['invalid', 'inactive']:
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   568
      # TODO tell the user that it is not possible to create this role anymore
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   569
      self.deny(django_args)
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   570
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   571
    return
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   572
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   573
  def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   574
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   575
       or if it's status is completed or denied. Also Raises an alternate HTTP response
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   576
       whenever the group in the request is not active.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   577
    """
948
bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 943
diff changeset
   578
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   579
    fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   580
        'scope_path': django_args['scope_path'],
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   581
        'role': role_name}
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   582
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   583
    request_entity = request_logic.getFromKeyFieldsOr404(fields)
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   584
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   585
    if request_entity.status in ['completed', 'denied']:
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   586
      # TODO tell the user that this request has been processed
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   587
      self.deny(django_args)
940
a40056afef83 Changed the access checks to comply with state in request.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 931
diff changeset
   588
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   589
    if request_entity.scope.status != 'active':
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   590
      # TODO tell the user that this group cannot process requests
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   591
      self.deny(django_args)
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   592
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   593
    return
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   594
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   595
  def checkIsMyGroupAcceptedRequest(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   596
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   597
       or if it's status is not group_accepted.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   598
    """
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   599
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   600
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   601
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   602
    user_entity = user_logic.getForCurrentAccount()
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   603
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   604
    if user_entity.link_id != django_args['link_id']:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   605
      # not the current user's request
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   606
      self.deny(django_args)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   607
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   608
    fields = {'link_id': django_args['link_id'],
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   609
              'scope_path': django_args['scope_path'],
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   610
              'role': django_args['role']}
999
71f15c023847 Developers are hosts for every sponsor now.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 996
diff changeset
   611
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   612
    request_entity = request_logic.getForFields(fields, unique=True)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   613
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   614
    if not request_entity:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   615
      # TODO return 404
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   616
      self.deny(django_args)
995
886c981fda2c Added rights check to sponsor.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 992
diff changeset
   617
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   618
    if request_entity.status != 'group_accepted':
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   619
      self.deny(django_args)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   620
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   621
    return
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   622
1037
f706ac5beccf Fix wrong order of decorators and some cleanup
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1023
diff changeset
   623
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   624
  @denySidebar
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   625
  def checkIsHost(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   626
    """Raises an alternate HTTP response if Google Account has no Host entity.
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   627
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   628
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   629
      request: a Django HTTP request
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   630
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   631
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   632
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   633
      * if User is not already a Host, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   634
      * if User has not agreed to the site-wide ToS, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   635
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   636
      * if the user is not even logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   637
    """
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   638
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   639
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   640
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   641
    scope_path = None
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   642
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   643
    if 'scope_path' in django_args:
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   644
      scope_path = django_args['scope_path']
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   645
    if 'link_id' in django_args:
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   646
      scope_path = django_args['link_id']
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   647
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   648
    fields = {'user': self.user,
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   649
              'status': 'active'}
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   650
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   651
    if scope_path:
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   652
      fields['scope_path'] = scope_path
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   653
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   654
    host = host_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   655
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   656
    if host:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   657
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   658
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   659
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   660
        'role': 'a Program Administrator '}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   661
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   662
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   663
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   664
  def checkHasHostEntity(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   665
    """Checks whether the current user has a Host entity.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   666
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   667
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   668
    self.checkIsHost({})
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   669
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   670
  @denySidebar
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   671
  @allowDeveloper
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   672
  def checkIsHostForProgram(self, django_args):
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   673
    """Checks if the user is a host for the specified program.
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   674
    """
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   675
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   676
    key_fields = program_logic.getKeyFieldsFromFields(django_args)
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   677
    program = program_logic.getFromKeyFields(key_fields)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   678
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   679
    if not program or program.status == 'invalid':
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   680
      self.deny(django_args)
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   681
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   682
    new_args = {'scope_path': program.scope_path }
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   683
    self.checkIsHost(new_args)
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   684
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   685
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   686
  def checkIsHostForSponsor(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   687
    """Raises an alternate HTTP response if Google Account has no Host entity
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   688
       for the specified Sponsor.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   689
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   690
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   691
      request: a Django HTTP request
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   692
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   693
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   694
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   695
      * if User is not already a Host for the specified program, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   696
      * if User has not agreed to the site-wide ToS, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   697
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   698
      * if the user is not even logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   699
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   700
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   701
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   702
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   703
    user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   704
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   705
    if django_args.get('scope_path'):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   706
      scope_path = django_args['scope_path']
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   707
    else:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   708
      scope_path = django_args['link_id']
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   709
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   710
    fields = {'user': user,
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   711
              'scope_path': scope_path,
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   712
              'status': 'active'}
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   713
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   714
    host = host_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   715
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   716
    if host:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   717
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   718
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   719
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   720
        'role': 'a Program Administrator '}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   721
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   722
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   723
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   724
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   725
  def checkIsClubAdminForClub(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   726
    """Returns an alternate HTTP response if Google Account has no Club Admin
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   727
       entity for the specified club.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   728
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   729
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   730
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   731
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   732
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   733
       AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   734
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   735
    Returns:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   736
      None if Club Admin exists for the specified club, or a subclass of
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   737
      django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   738
      should be returned by the calling view.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   739
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   740
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   741
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   742
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   743
    user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   744
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   745
    if django_args.get('scope_path'):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   746
      scope_path = django_args['scope_path']
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   747
    else:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   748
      scope_path = django_args['link_id']
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   749
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   750
    fields = {'user': user,
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   751
              'scope_path': scope_path,
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   752
              'status': 'active'}
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   753
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   754
    club_admin_entity = club_admin_logic.getForFields(fields, unique=True)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   755
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   756
    if club_admin_entity:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   757
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   758
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   759
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   760
        'role': 'a Club Admin for this Club'}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   761
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   762
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   763
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   764
  @allowDeveloper
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   765
  @allowIfCheckPasses('checkIsClubAdminForClub')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   766
  def checkIsClubMemberForClub(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   767
    """Returns an alternate HTTP response if Google Account has no Club Member
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   768
       entity for the specified club.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   769
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   770
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   771
      django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   772
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   773
     Raises:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   774
       AccessViolationResponse: if the required authorization is not met
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   775
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   776
    Returns:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   777
      None if Club Member exists for the specified club, or a subclass of
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   778
      django.http.HttpResponse which contains the alternate response
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   779
      should be returned by the calling view.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   780
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   781
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   782
    self.checkIsUser(django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   783
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   784
    if django_args.get('scope_path'):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   785
      scope_path = django_args['scope_path']
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   786
    else:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   787
      scope_path = django_args['link_id']
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   788
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   789
    fields = {'user': self.user,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   790
              'scope_path': scope_path,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   791
              'status': 'active'}
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   792
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   793
    club_member_entity = club_member_logic.getForFields(fields, unique=True)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   794
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   795
    if club_member_entity:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   796
      return
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   797
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   798
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   799
        'role': 'a Club Member for this Club'}
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   800
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   801
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   802
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   803
  def checkIsClubAdminForScope(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   804
    """Checks whether the current user is a Club Mdmin.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   805
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   806
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   807
      django_args: the keyword arguments from django, only scope_path is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   808
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   809
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   810
    scope_path = django_args['scope_path']
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   811
    self.checkIsClubAdminForClub({'link_id': scope_path})
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   812
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   813
  def checkIsClubMemberForScope(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   814
    """Checks whether the current user is a Club Mdmin.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   815
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   816
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   817
      django_args: the keyword arguments from django, only scope_path is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   818
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   819
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   820
    scope_path = django_args['scope_path']
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   821
    self.checkIsClubMemberForClub({'link_id': scope_path})
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   822
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   823
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   824
  def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   825
    """Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   826
       entity for the specified Club.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   827
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   828
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   829
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   830
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   831
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   832
       AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   833
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   834
    Returns:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   835
      None if Club App  exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   836
      of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   837
      should be returned by the calling view.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   838
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   839
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   840
    self.checkIsUser(django_args)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   841
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   842
    user = user_logic.getForCurrentAccount()
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   843
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   844
    properties = {
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   845
        'applicant': user,
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   846
        'status': 'accepted'
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   847
        }
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   848
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   849
    application = app_logic.logic.getForFields(properties, unique=True)
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   850
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   851
    if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   852
      return
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   853
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   854
    # TODO(srabbelier) Make this give a proper error message
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   855
    self.deny(django_args)
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   856
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   857
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   858
  def checkIsMyNotification(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   859
    """Returns an alternate HTTP response if this request is for
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   860
       a Notification belonging to the current user.
729
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   861
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   862
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   863
      django_args: a dictionary with django's arguments
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   864
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   865
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   866
       AccessViolationResponse: if the required authorization is not met
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   867
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   868
    Returns:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   869
      None if the current User is allowed to access this Notification.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   870
    """
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   871
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   872
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   873
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   874
    properties = dicts.filter(django_args, ['link_id', 'scope_path'])
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   875
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   876
    notification = notification_logic.getForFields(properties, unique=True)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   877
    user = user_logic.getForCurrentAccount()
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   878
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   879
    # We need to check to see if the key's are equal since the User
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   880
    # objects are different and the default __eq__ method does not check
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   881
    # if the keys are equal (which is what we want).
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   882
    if user.key() == notification.scope.key():
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   883
      return None
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   884
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   885
    # TODO(ljvderijk) Make this give a proper error message
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   886
    self.deny(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   887
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   888
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   889
  def checkIsMyApplication(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   890
    """Returns an alternate HTTP response if this request is for
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   891
       a Application belonging to the current user.
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   892
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   893
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   894
      request: a Django HTTP request
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   895
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   896
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   897
       AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   898
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   899
    Returns:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   900
      None if the current User is allowed to access this Application.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   901
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   902
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   903
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   904
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   905
    properties = dicts.filter(django_args, ['link_id'])
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   906
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   907
    application = app_logic.logic.getForFields(properties, unique=True)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   908
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   909
    if not application:
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   910
      self.deny(django_args)
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   911
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   912
    # We need to check to see if the key's are equal since the User
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   913
    # objects are different and the default __eq__ method does not check
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   914
    # if the keys are equal (which is what we want).
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   915
    if self.user.key() == application.applicant.key():
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   916
      return None
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   917
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   918
    # TODO(srabbelier) Make this give a proper error message
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   919
    self.deny(django_args)
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   920
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   921
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   922
  def checkIsMyActiveRole(self, django_args, role_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   923
    """Returns an alternate HTTP response if there is no active role found for
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   924
       the current user using the given role_logic.
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   925
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   926
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   927
       AccessViolationResponse: if the required authorization is not met
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   928
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   929
    Returns:
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   930
      None if the current User has an active role for the given role_logic.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   931
    """
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   932
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   933
    if not self.user or self.user.link_id != django_args['link_id']:
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   934
      # not my role
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   935
      self.deny(django_args)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   936
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   937
    fields = {'link_id': django_args['link_id'],
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   938
              'scope_path': django_args['scope_path'],
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   939
              }
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   940
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   941
    role_entity = role_logic.logic.getFromKeyFieldsOr404(fields)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   942
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   943
    if role_entity.status != 'active':
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   944
      # role is not active
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   945
      self.deny(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   946
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   947
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   948
  @allowDeveloper
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   949
  @denySidebar
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   950
  def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   951
    """Returns an alternate HTTP response if the user is not allowed to manage
1068
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   952
       the role given in args. 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   953
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   954
     Args:
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   955
       role_logic: determines the logic for the role in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   956
       manage_role_logic: determines the logic for the role which is allowed 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   957
           to manage this role.
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   958
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   959
     Raises:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   960
       AccessViolationResponse: if the required authorization is not met
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   961
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   962
    Returns:
1068
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   963
      None if the given role is active and belongs to the current user.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   964
      None if the current User has an active role (from manage_role_logic) 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   965
           that belongs to the same scope as the role that needs to be managed
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   966
    """
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   967
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   968
    try:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   969
      # check if it is my role the user's own role
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   970
      self.checkIsMyActiveRole(django_args, role_logic)
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   971
    except out_of_band.Error:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   972
      pass
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   973
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   974
    # apparently it's not the user's role so check if managing this role is allowed
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   975
    fields = {'link_id': django_args['link_id'],
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   976
              'scope_path': django_args['scope_path'],
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   977
              }
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   978
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   979
    role_entity = role_logic.logic.getFromKeyFieldsOr404(fields)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   980
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   981
    if role_entity.status != 'active':
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   982
      # cannot manage this entity
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   983
      self.deny(django_args)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   984
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   985
    fields = {'link_id': self.user.link_id,
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   986
        'scope_path': django_args['scope_path'],
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   987
        'status' : 'active'
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   988
        }
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   989
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   990
    manage_entity = manage_role_logic.logic.getForFields(fields, unique=True)
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   991
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   992
    if not manage_entity:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   993
      self.deny(django_args)
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   994
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   995
    return
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   996
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   997
  def checkHasPickGetArgs(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   998
    """Raises an alternate HTTP response if the request misses get args.
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   999
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1000
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1001
      django_args: a dictionary with django's arguments
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
  1002
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1003
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1004
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1005
      * if continue is not in request.GET
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1006
      * if field is not in request.GET
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1007
    """
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
  1008
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1009
    get_args = django_args.get('GET', {})
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
  1010
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1011
    if 'continue' in get_args and 'field' in get_args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1012
      return
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
  1013
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1014
    #TODO(SRabbelier) inform user that return_url and field are required
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
  1015
    self.deny(django_args)
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
  1016
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
  1017
  @denySidebar
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
  1018
  @allowDeveloper
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1019
  def checkIsDocumentReadable(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1020
    """Checks whether a document is readable.
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
  1021
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1022
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1023
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
  1024
    """
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
  1025
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
  1026
    key_fields = document_logic.getKeyFieldsFromFields(django_args)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1027
    document = document_logic.getFromKeyFields(key_fields)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1028
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1029
    self.checkMembership('read', document.prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1030
                         document.read_access, django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1031
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1032
  @denySidebar
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1033
  @allowDeveloper
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1034
  def checkIsDocumentWritable(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1035
    """Checks whether a document is writable.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1036
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1037
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1038
      django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1039
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1040
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1041
    key_fields = document_logic.getKeyFieldsFromFields(django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1042
    document = document_logic.getFromKeyFields(key_fields)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1043
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1044
    self.checkMembership('write', document.prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1045
                         document.write_access, django_args)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1046
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1047
  @allowIfCheckPasses('checkIsHostForProgram')
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1048
  def checkIsProgramVisible(self, django_args):
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1049
    """Checks whether a program is visible.
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1050
    """
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1051
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1052
    if 'entity' in django_args:
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1053
      program = django_args['entity']
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1054
    else:
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
  1055
      key_fields = program_logic.getKeyFieldsFromFields(django_args)
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
  1056
      program = program_logic.getFromKeyFields(key_fields)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1057
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1058
    if not program:
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1059
      self.deny(django_args)
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1060
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1061
    if program.status == 'visible':
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1062
      return
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1063
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1064
    context = django_args.get('context', {})
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1065
    context['title'] = 'Access denied'
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1066
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1067
    message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1068
        'role': ugettext('a Program Administrator')}
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1069
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1070
    raise out_of_band.AccessViolation(DEF_DEV_LOGOUT_LOGIN_MSG_FMT,
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
  1071
                                      context=context)
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1072
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1073
  def checkCanEditTimeline(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1074
    """Checks whether this program's timeline may be edited.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
  1075
    """
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1076
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1077
    time_line_keyname = django_args['scope_path']
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1078
    timeline_entity = timeline_logic.getFromKeyName(time_line_keyname)
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1079
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1080
    if not timeline_entity:
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1081
      # timeline does not exists so deny
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1082
      self.deny(django_args)
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1083
1122
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
  1084
    split_keyname = time_line_keyname.rsplit('/')
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1085
1122
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
  1086
    fields = {'scope_path' : split_keyname[0],
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
  1087
        'link_id' : split_keyname[1],
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1088
        }
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1089
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
  1090
    return self.checkIsHostForProgram(fields)