| author | Sverre Rabbelier <srabbelier@gmail.com> |
| Sat, 31 Jan 2009 22:32:54 +0000 | |
| changeset 1135 | 24d695060863 |
| parent 1122 | 659984867a9a |
| child 1142 | da2487767ef4 |
| permissions | -rw-r--r-- |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
1 |
#!/usr/bin/python2.5 |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
2 |
# |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
3 |
# Copyright 2008 the Melange authors. |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
4 |
# |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
5 |
# Licensed under the Apache License, Version 2.0 (the "License"); |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
6 |
# you may not use this file except in compliance with the License. |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
7 |
# You may obtain a copy of the License at |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
8 |
# |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
9 |
# http://www.apache.org/licenses/LICENSE-2.0 |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
10 |
# |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
11 |
# Unless required by applicable law or agreed to in writing, software |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
12 |
# distributed under the License is distributed on an "AS IS" BASIS, |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
13 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
14 |
# See the License for the specific language governing permissions and |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
15 |
# limitations under the License. |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
16 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
17 |
"""Access control helper. |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
18 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
19 |
The functions in this module can be used to check access control |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
20 |
related requirements. When the specified required conditions are not |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
21 |
met, an exception is raised. This exception contains a views that |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
22 |
either prompts for authentication, or informs the user that they |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
23 |
do not meet the required criteria. |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
24 |
""" |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
25 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
26 |
__authors__ = [ |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
27 |
'"Todd Larsen" <tlarsen@google.com>', |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
28 |
'"Sverre Rabbelier" <sverre@rabbelier.nl>', |
| 726 | 29 |
'"Lennard de Rijk" <ljvderijk@gmail.com>', |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
30 |
'"Pawel Solyga" <pawel.solyga@gmail.com>', |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
31 |
] |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
32 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
33 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
34 |
from google.appengine.api import users |
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
35 |
from google.appengine.api import memcache |
|
315
c4f1a07ee340
Add missing blank lines between imports in access.py module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
309
diff
changeset
|
36 |
|
|
746
018efb9863dc
Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
729
diff
changeset
|
37 |
from django.core import urlresolvers |
|
970
8b5611d5b053
Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents:
965
diff
changeset
|
38 |
from django.utils.translation import ugettext |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
39 |
|
|
481
94834a1e6c01
Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents:
448
diff
changeset
|
40 |
from soc.logic import accounts |
|
720
9eb2522dfa83
Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents:
714
diff
changeset
|
41 |
from soc.logic import dicts |
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
42 |
from soc.logic import rights as rights_logic |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
43 |
from soc.logic.models.club_admin import logic as club_admin_logic |
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
44 |
from soc.logic.models.club_member import logic as club_member_logic |
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
45 |
from soc.logic.models.document import logic as document_logic |
|
887
b8c1a6bc913e
Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents:
884
diff
changeset
|
46 |
from soc.logic.models.host import logic as host_logic |
|
b8c1a6bc913e
Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents:
884
diff
changeset
|
47 |
from soc.logic.models.notification import logic as notification_logic |
|
b8c1a6bc913e
Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents:
884
diff
changeset
|
48 |
from soc.logic.models.request import logic as request_logic |
|
979
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
49 |
from soc.logic.models.role import logic as role_logic |
|
891
3d40190f35b6
Move getToSLink() to soc.views.helper.redirects.getToSRedirect().
Todd Larsen <tlarsen@google.com>
parents:
890
diff
changeset
|
50 |
from soc.logic.models.site import logic as site_logic |
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
51 |
from soc.logic.models.program import logic as program_logic |
|
887
b8c1a6bc913e
Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents:
884
diff
changeset
|
52 |
from soc.logic.models.user import logic as user_logic |
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
53 |
from soc.logic.models.timeline import logic as timeline_logic |
|
508
2b90baceac88
Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents:
481
diff
changeset
|
54 |
from soc.views import helper |
|
543
280a1ac6bcc1
Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents:
525
diff
changeset
|
55 |
from soc.views import out_of_band |
|
891
3d40190f35b6
Move getToSLink() to soc.views.helper.redirects.getToSRedirect().
Todd Larsen <tlarsen@google.com>
parents:
890
diff
changeset
|
56 |
from soc.views.helper import redirects |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
57 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
58 |
|
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
59 |
DEF_NO_USER_LOGIN_MSG= ugettext( |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
60 |
'Please create <a href="/user/create_profile">User Profile</a>' |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
61 |
' in order to view this page.') |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
62 |
|
|
970
8b5611d5b053
Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents:
965
diff
changeset
|
63 |
DEF_AGREE_TO_TOS_MSG_FMT = ugettext( |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
64 |
'You must agree to the <a href="%(tos_link)s">site-wide Terms of' |
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
65 |
' Service</a> in your <a href="/user/edit_profile">User Profile</a>' |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
66 |
' in order to view this page.') |
|
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
67 |
|
|
970
8b5611d5b053
Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents:
965
diff
changeset
|
68 |
DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext( |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
69 |
'Please <a href="%%(sign_out)s">sign out</a>' |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
70 |
' and <a href="%%(sign_in)s">sign in</a>' |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
71 |
' again as %(role)s to view this page.') |
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
72 |
|
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
73 |
DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext( |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
74 |
'You need to be in the %(status)s group to %(action)s' |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
75 |
' documents in the %(prefix)s prefix.') |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
76 |
|
|
970
8b5611d5b053
Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents:
965
diff
changeset
|
77 |
DEF_PAGE_DENIED_MSG = ugettext( |
|
508
2b90baceac88
Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents:
481
diff
changeset
|
78 |
'Access to this page has been restricted') |
|
2b90baceac88
Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents:
481
diff
changeset
|
79 |
|
|
970
8b5611d5b053
Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents:
965
diff
changeset
|
80 |
DEF_LOGOUT_MSG_FMT = ugettext( |
|
590
37735d97b541
Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents:
543
diff
changeset
|
81 |
'Please <a href="%(sign_out)s">sign out</a> in order to view this page') |
|
37735d97b541
Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents:
543
diff
changeset
|
82 |
|
|
979
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
83 |
DEF_GROUP_NOT_FOUND_MSG = ugettext( |
|
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
84 |
'The requested Group can not be found') |
|
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
85 |
|
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
86 |
DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext( |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
87 |
'The <b><i>%(email)s</i></b> account cannot be used with this site, for' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
88 |
' one or more of the following reasons:' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
89 |
'<ul>' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
90 |
' <li>the account is invalid</li>' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
91 |
' <li>the account is already attached to a User profile and cannot be' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
92 |
' used to create another one</li>' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
93 |
' <li>the account is a former account that cannot be used again</li>' |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
94 |
'</ul>') |
|
508
2b90baceac88
Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents:
481
diff
changeset
|
95 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
96 |
def denySidebar(fun): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
97 |
"""Decorator that denies access if the sidebar is calling. |
|
612
3cca81b1e5a1
Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents:
590
diff
changeset
|
98 |
""" |
|
3cca81b1e5a1
Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents:
590
diff
changeset
|
99 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
100 |
from functools import wraps |
|
508
2b90baceac88
Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents:
481
diff
changeset
|
101 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
102 |
@wraps(fun) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
103 |
def wrapper(self, django_args, *args, **kwargs): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
104 |
if django_args.get('SIDEBAR_CALLING'):
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
105 |
raise out_of_band.Error("Sidebar Calling")
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
106 |
return fun(self, django_args, *args, **kwargs) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
107 |
return wrapper |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
108 |
|
|
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
109 |
|
|
1073
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
110 |
def allowIfCheckPasses(checker_name): |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
111 |
"""Returns a decorator that allows access if the specified checker passes. |
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
112 |
""" |
|
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
113 |
|
|
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
114 |
from functools import wraps |
|
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
115 |
|
|
1073
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
116 |
def decorator(fun): |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
117 |
"""Decorator that allows access if the current user is a Developer. |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
118 |
""" |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
119 |
|
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
120 |
@wraps(fun) |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
121 |
def wrapper(self, django_args, *args, **kwargs): |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
122 |
try: |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
123 |
# if the check passes we allow access regardless |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
124 |
return self.doCheck(checker_name, django_args, []) |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
125 |
except out_of_band.Error: |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
126 |
# otherwise we run the original check |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
127 |
return fun(self, django_args, *args, **kwargs) |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
128 |
return wrapper |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
129 |
|
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
130 |
return decorator |
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
131 |
|
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
132 |
|
|
feea88d0e1d8
Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1068
diff
changeset
|
133 |
allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
|
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
134 |
|
|
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
135 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
136 |
class Checker(object): |
|
590
37735d97b541
Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents:
543
diff
changeset
|
137 |
""" |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
138 |
The __setitem__() and __getitem__() methods are overloaded to DTRT |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
139 |
when adding new access rights, and retrieving them, so use these |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
140 |
rather then modifying rights directly if so desired. |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
141 |
""" |
|
972
43018f61b481
Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents:
970
diff
changeset
|
142 |
|
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
143 |
MEMBERSHIP = {
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
144 |
'anyone': 'allow', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
145 |
'club_admin': 'checkIsClubAdminForScope', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
146 |
'club_member': 'checkIsClubMemberForScope', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
147 |
'host': 'checkHasHostEntity', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
148 |
'org_admin': 'deny', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
149 |
'org_mentor': 'deny', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
150 |
'org_student': 'deny', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
151 |
'user': 'checkIsUser', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
152 |
'user_self': 'checkIsUserSelf', |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
153 |
} |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
154 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
155 |
def __init__(self, params): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
156 |
"""Adopts base.rights as rights if base is set. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
157 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
158 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
159 |
base = params.get('rights') if params else None
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
160 |
self.rights = base.rights if base else {}
|
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
161 |
self.id = None |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
162 |
self.user = None |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
163 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
164 |
def __setitem__(self, key, value): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
165 |
"""Sets a value only if no old value exists. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
166 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
167 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
168 |
oldvalue = self.rights.get(key) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
169 |
self.rights[key] = oldvalue if oldvalue else value |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
170 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
171 |
def __getitem__(self, key): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
172 |
"""Retrieves the right checkers and massages then into a default format. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
173 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
174 |
The result is guaranteed to be a list of 2-tuples, the first element is a |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
175 |
checker (iff there is an checker with the specified name), the second |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
176 |
element is a list of arguments that should be passed to the checker when |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
177 |
calling it in addition to the standard django_args. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
178 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
179 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
180 |
result = [] |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
181 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
182 |
for i in self.rights.get(key, []): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
183 |
# Be nice an repack so that it is always a list with tuples |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
184 |
if isinstance(i, tuple): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
185 |
name, arg = i |
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
186 |
tmp = (name, (arg if isinstance(arg, list) else [arg])) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
187 |
result.append(tmp) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
188 |
else: |
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
189 |
tmp = (i, []) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
190 |
result.append(tmp) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
191 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
192 |
return result |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
193 |
|
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
194 |
def key(self, checker_name): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
195 |
"""Returns the key for the specified checker for the current user. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
196 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
197 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
198 |
return "%s.%s" % (self.id, checker_name) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
199 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
200 |
def put(self, checker_name, value): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
201 |
"""Puts the result for the specified checker in the cache. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
202 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
203 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
204 |
retention = 30 |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
205 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
206 |
memcache_key = self.key(checker_name) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
207 |
memcache.add(memcache_key, value, retention) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
208 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
209 |
def get(self, checker_name): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
210 |
"""Retrieves the result for the specified checker from cache. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
211 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
212 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
213 |
memcache_key = self.key(checker_name) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
214 |
return memcache.get(memcache_key) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
215 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
216 |
def doCheck(self, checker_name, django_args, args): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
217 |
"""Runs the specified checker with the specified arguments. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
218 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
219 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
220 |
checker = getattr(self, checker_name) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
221 |
checker(django_args, *args) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
222 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
223 |
def doCachedCheck(self, checker_name, django_args, args): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
224 |
"""Retrieves from cache or runs the specified checker. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
225 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
226 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
227 |
cached = self.get(checker_name) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
228 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
229 |
if cached is None: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
230 |
try: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
231 |
self.doCheck(checker_name, django_args, args) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
232 |
self.put(checker_name, True) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
233 |
return |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
234 |
except out_of_band.Error, e: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
235 |
self.put(checker_name, e) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
236 |
raise |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
237 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
238 |
if cached is True: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
239 |
return |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
240 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
241 |
# re-raise the cached exception |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
242 |
raise cached |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
243 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
244 |
def check(self, use_cache, checker_name, django_args, args): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
245 |
"""Runs the checker, optionally using the cache. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
246 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
247 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
248 |
if use_cache: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
249 |
self.doCachedCheck(checker_name, django_args, args) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
250 |
else: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
251 |
self.doCheck(checker_name, django_args, args) |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
252 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
253 |
def setCurrentUser(self, id, user): |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
254 |
"""Sets up everything for the current user. |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
255 |
""" |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
256 |
|
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
257 |
self.id = id |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
258 |
self.user = user |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
259 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
260 |
def checkAccess(self, access_type, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
261 |
"""Runs all the defined checks for the specified type. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
262 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
263 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
264 |
access_type: the type of request (such as 'list' or 'edit') |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
265 |
rights: a dictionary containing access check functions |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
266 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
267 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
268 |
Rights usage: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
269 |
The rights dictionary is used to check if the current user is allowed |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
270 |
to view the page specified. The functions defined in this dictionary |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
271 |
are always called with the provided django_args dictionary as argument. On any |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
272 |
request, regardless of what type, the functions in the 'any_access' value |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
273 |
are called. If the specified type is not in the rights dictionary, all |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
274 |
the functions in the 'unspecified' value are called. When the specified |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
275 |
type _is_ in the rights dictionary, all the functions in that access_type's |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
276 |
value are called. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
277 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
278 |
|
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
279 |
use_cache = django_args.get('SIDEBAR_CALLING')
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
280 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
281 |
# Call each access checker |
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
282 |
for checker_name, args in self['any_access']: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
283 |
self.check(use_cache, checker_name, django_args, args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
284 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
285 |
if access_type not in self.rights: |
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
286 |
# No checks defined, so do the 'generic' checks and bail out |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
287 |
for checker_name, args in self['unspecified']: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
288 |
self.check(use_cache, checker_name, django_args, args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
289 |
return |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
290 |
|
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
291 |
for checker_name, args in self[access_type]: |
|
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
292 |
self.check(use_cache, checker_name, django_args, args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
293 |
|
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
294 |
def checkMembership(self, action, prefix, status, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
295 |
"""Checks whether the user has access to the specified status. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
296 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
297 |
Args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
298 |
action: the action that was performed (e.g., 'read') |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
299 |
prefix: the prefix, determines what access set is used |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
300 |
status: the access status (e.g., 'public') |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
301 |
django_args: the django args to pass on to the checkers |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
302 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
303 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
304 |
checker = rights_logic.Checker(prefix) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
305 |
roles = checker.getMembership(status) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
306 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
307 |
message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
308 |
'action': action, |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
309 |
'prefix': prefix, |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
310 |
'status': status, |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
311 |
} |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
312 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
313 |
# try to see if they belong to any of the roles, if not, raise an |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
314 |
# access violation for the specified action, prefix and status. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
315 |
for role in roles: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
316 |
try: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
317 |
checker_name = self.MEMBERSHIP[role] |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
318 |
self.doCheck(checker_name, django_args, []) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
319 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
320 |
# the check passed, we can stop now |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
321 |
break |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
322 |
except out_of_band.Error: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
323 |
continue |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
324 |
else: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
325 |
raise out_of_band.AccessViolation(message_fmt) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
326 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
327 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
328 |
def allow(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
329 |
"""Never raises an alternate HTTP response. (an access no-op, basically). |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
330 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
331 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
332 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
333 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
334 |
|
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
335 |
return |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
336 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
337 |
def deny(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
338 |
"""Always raises an alternate HTTP response. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
339 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
340 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
341 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
342 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
343 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
344 |
always raises AccessViolationResponse if called |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
345 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
346 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
347 |
context = django_args.get('context', {})
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
348 |
context['title'] = 'Access denied' |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
349 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
350 |
raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context) |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
351 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
352 |
def checkIsLoggedIn(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
353 |
"""Raises an alternate HTTP response if Google Account is not logged in. |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
354 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
355 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
356 |
django_args: a dictionary with django's arguments |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
357 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
358 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
359 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
360 |
* if no Google Account is even logged in |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
361 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
362 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
363 |
if self.id: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
364 |
return |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
365 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
366 |
raise out_of_band.LoginRequest() |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
367 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
368 |
def checkNotLoggedIn(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
369 |
"""Raises an alternate HTTP response if Google Account is logged in. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
370 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
371 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
372 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
373 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
374 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
375 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
376 |
* if a Google Account is currently logged in |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
377 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
378 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
379 |
if not self.id: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
380 |
return |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
381 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
382 |
raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT) |
|
888
a75ae24f04cb
Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents:
887
diff
changeset
|
383 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
384 |
def checkIsUser(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
385 |
"""Raises an alternate HTTP response if Google Account has no User entity. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
386 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
387 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
388 |
django_args: a dictionary with django's arguments |
|
895
e70ffd079438
Even developers need to agree to the terms of service for Melange
Sverre Rabbelier <srabbelier@gmail.com>
parents:
892
diff
changeset
|
389 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
390 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
391 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
392 |
* if no User exists for the logged-in Google Account, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
393 |
* if no Google Account is logged in at all |
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
394 |
* if User has not agreed to the site-wide ToS, if one exists |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
395 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
396 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
397 |
self.checkIsLoggedIn(django_args) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
398 |
|
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
399 |
if not self.user: |
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
400 |
raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
401 |
|
|
1017
6ad4fdb48840
Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1016
diff
changeset
|
402 |
if user_logic.agreesToSiteToS(self.user): |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
403 |
return |
|
293
1edd01373e71
Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff
changeset
|
404 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
405 |
# Would not reach this point of site-wide ToS did not exist, since |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
406 |
# agreesToSiteToS() call above always returns True if no ToS is in effect. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
407 |
login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
408 |
'tos_link': redirects.getToSRedirect(site_logic.getSingleton())} |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
409 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
410 |
raise out_of_band.LoginRequest(message_fmt=login_msg_fmt) |
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
411 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
412 |
@allowDeveloper |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
413 |
def checkIsUserSelf(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
414 |
"""Checks whether the specified user is the logged in user |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
415 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
416 |
Args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
417 |
django_args: the keyword args from django, only scope_path is used |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
418 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
419 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
420 |
if not 'scope_path' in django_args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
421 |
self.deny(django_args) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
422 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
423 |
if self.user.link_id == django_args['scope_path']: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
424 |
return |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
425 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
426 |
raise out_of_band.AccessViolation() |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
427 |
|
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
428 |
def checkIsUnusedAccount(self, django_args): |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
429 |
"""Raises an alternate HTTP response if Google Account has a User entity. |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
430 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
431 |
Args: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
432 |
django_args: a dictionary with django's arguments |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
433 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
434 |
Raises: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
435 |
AccessViolationResponse: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
436 |
* if a User exists for the logged-in Google Account, or |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
437 |
* if a User has this Gooogle Account in their formerAccounts list |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
438 |
""" |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
439 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
440 |
self.checkIsLoggedIn(django_args) |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
441 |
|
|
1048
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
442 |
if not self.user and not user_logic.isFormerAccount(self.id): |
|
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
443 |
# this account has not been used yet |
|
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
444 |
return |
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
445 |
|
|
1048
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
446 |
message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
|
|
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
447 |
'email' : self.id.email()} |
|
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
448 |
raise out_of_band.LoginRequest(message_fmt=message_fmt) |
|
0fe0cb8f7253
Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1043
diff
changeset
|
449 |
|
|
1043
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
450 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
451 |
def checkHasUserEntity(self, django_args): |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
452 |
"""Raises an alternate HTTP response if Google Account has no User entity. |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
453 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
454 |
Args: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
455 |
django_args: a dictionary with django's arguments |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
456 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
457 |
Raises: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
458 |
AccessViolationResponse: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
459 |
* if no User exists for the logged-in Google Account, or |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
460 |
* if no Google Account is logged in at all |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
461 |
""" |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
462 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
463 |
self.checkIsLoggedIn(django_args) |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
464 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
465 |
if not self.user: |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
466 |
raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG) |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
467 |
|
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
468 |
return |
|
5e15994b2033
Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1037
diff
changeset
|
469 |
|
|
948
bd956f419ad9
Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
943
diff
changeset
|
470 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
471 |
def checkIsDeveloper(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
472 |
"""Raises an alternate HTTP response if Google Account is not a Developer. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
473 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
474 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
475 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
476 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
477 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
478 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
479 |
* if User is not a Developer, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
480 |
* if no User exists for the logged-in Google Account, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
481 |
* if no Google Account is logged in at all |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
482 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
483 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
484 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
485 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
486 |
if accounts.isDeveloper(account=self.id): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
487 |
return |
|
979
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
488 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
489 |
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
490 |
'role': 'a Site Developer '} |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
491 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
492 |
raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
493 |
|
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
494 |
@allowDeveloper |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
495 |
@denySidebar |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
496 |
def checkIsGroupActive(self, django_args, group_logic): |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
497 |
"""Raises an alternate HTTP response if Group status is not active. |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
498 |
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
499 |
Args: |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
500 |
django_args: a dictionary with django's arguments |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
501 |
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
502 |
Raises: |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
503 |
AccessViolationResponse: |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
504 |
* if no Group is found |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
505 |
* if the Group status is not active |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
506 |
""" |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
507 |
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
508 |
fields = {'link_id': django_args['link_id']}
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
509 |
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
510 |
if django_args.get('scope_path'):
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
511 |
fields['scope_path'] = django_args['scope_path'] |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
512 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
513 |
group_entity = group_logic.logic.getFromKeyFieldsOr404(fields) |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
514 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
515 |
if group_entity.status == 'active': |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
516 |
return |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
517 |
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
518 |
# TODO tell the user that this group is not active |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
519 |
self.deny(django_args) |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
520 |
|
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
521 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
522 |
def checkCanMakeRequestToGroup(self, django_args, group_logic): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
523 |
"""Raises an alternate HTTP response if the specified group is not in an |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
524 |
active status. |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
525 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
526 |
Note that status hasn't been implemented yet |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
527 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
528 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
529 |
group_logic: Logic module for the type of group which the request is for |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
530 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
531 |
|
|
979
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
532 |
group_entity = role_logic.getGroupEntityFromScopePath( |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
533 |
group_logic.logic, django_args['scope_path']) |
|
979
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
534 |
|
|
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
535 |
if not group_entity: |
|
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
536 |
raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404) |
|
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
537 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
538 |
if group_entity.status != 'active': |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
539 |
# TODO tell the user that this group is not active |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
540 |
self.deny(django_args) |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
541 |
|
|
979
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
542 |
return |
|
789e70941055
Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
974
diff
changeset
|
543 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
544 |
def checkCanCreateFromRequest(self, django_args, role_name): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
545 |
"""Raises an alternate HTTP response if the specified request does not exist |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
546 |
or if it's status is not group_accepted. Also when the group this request |
|
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
547 |
is from is in an inactive or invalid status access will be denied. |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
548 |
""" |
|
972
43018f61b481
Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents:
970
diff
changeset
|
549 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
550 |
self.checkIsUser(django_args) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
551 |
|
|
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
552 |
user_entity = user_logic.getForCurrentAccount() |
|
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
553 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
554 |
if user_entity.link_id != django_args['link_id']: |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
555 |
self.deny(django_args) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
556 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
557 |
fields = {'link_id': django_args['link_id'],
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
558 |
'scope_path': django_args['scope_path'], |
|
958
b4309e3cb899
Fix some missing dots in access and club_admin modules.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
950
diff
changeset
|
559 |
'role': role_name} |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
560 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
561 |
request_entity = request_logic.getFromKeyFieldsOr404(fields) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
562 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
563 |
if request_entity.status != 'group_accepted': |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
564 |
# TODO tell the user that this request has not been accepted yet |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
565 |
self.deny(django_args) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
566 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
567 |
if request_entity.scope.status in ['invalid', 'inactive']: |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
568 |
# TODO tell the user that it is not possible to create this role anymore |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
569 |
self.deny(django_args) |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
570 |
|
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
571 |
return |
|
972
43018f61b481
Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents:
970
diff
changeset
|
572 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
573 |
def checkCanProcessRequest(self, django_args, role_name): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
574 |
"""Raises an alternate HTTP response if the specified request does not exist |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
575 |
or if it's status is completed or denied. Also Raises an alternate HTTP response |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
576 |
whenever the group in the request is not active. |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
577 |
""" |
|
948
bd956f419ad9
Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
943
diff
changeset
|
578 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
579 |
fields = {'link_id': django_args['link_id'],
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
580 |
'scope_path': django_args['scope_path'], |
|
960
129efa976d6d
Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
958
diff
changeset
|
581 |
'role': role_name} |
|
129efa976d6d
Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
958
diff
changeset
|
582 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
583 |
request_entity = request_logic.getFromKeyFieldsOr404(fields) |
|
960
129efa976d6d
Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
958
diff
changeset
|
584 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
585 |
if request_entity.status in ['completed', 'denied']: |
|
960
129efa976d6d
Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
958
diff
changeset
|
586 |
# TODO tell the user that this request has been processed |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
587 |
self.deny(django_args) |
|
940
a40056afef83
Changed the access checks to comply with state in request.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
931
diff
changeset
|
588 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
589 |
if request_entity.scope.status != 'active': |
|
1061
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
590 |
# TODO tell the user that this group cannot process requests |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
591 |
self.deny(django_args) |
|
09c243461de8
Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1048
diff
changeset
|
592 |
|
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
593 |
return |
|
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
594 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
595 |
def checkIsMyGroupAcceptedRequest(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
596 |
"""Raises an alternate HTTP response if the specified request does not exist |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
597 |
or if it's status is not group_accepted. |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
598 |
""" |
|
709
e71b20847eb0
Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents:
699
diff
changeset
|
599 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
600 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
601 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
602 |
user_entity = user_logic.getForCurrentAccount() |
|
709
e71b20847eb0
Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents:
699
diff
changeset
|
603 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
604 |
if user_entity.link_id != django_args['link_id']: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
605 |
# not the current user's request |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
606 |
self.deny(django_args) |
|
709
e71b20847eb0
Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents:
699
diff
changeset
|
607 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
608 |
fields = {'link_id': django_args['link_id'],
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
609 |
'scope_path': django_args['scope_path'], |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
610 |
'role': django_args['role']} |
|
999
71f15c023847
Developers are hosts for every sponsor now.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
996
diff
changeset
|
611 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
612 |
request_entity = request_logic.getForFields(fields, unique=True) |
|
709
e71b20847eb0
Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents:
699
diff
changeset
|
613 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
614 |
if not request_entity: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
615 |
# TODO return 404 |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
616 |
self.deny(django_args) |
|
995
886c981fda2c
Added rights check to sponsor.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
992
diff
changeset
|
617 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
618 |
if request_entity.status != 'group_accepted': |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
619 |
self.deny(django_args) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
620 |
|
|
709
e71b20847eb0
Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents:
699
diff
changeset
|
621 |
return |
|
e71b20847eb0
Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents:
699
diff
changeset
|
622 |
|
|
1037
f706ac5beccf
Fix wrong order of decorators and some cleanup
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1023
diff
changeset
|
623 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
624 |
@denySidebar |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
625 |
def checkIsHost(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
626 |
"""Raises an alternate HTTP response if Google Account has no Host entity. |
|
814
25ffebd9fa8f
Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents:
802
diff
changeset
|
627 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
628 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
629 |
request: a Django HTTP request |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
630 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
631 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
632 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
633 |
* if User is not already a Host, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
634 |
* if User has not agreed to the site-wide ToS, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
635 |
* if no User exists for the logged-in Google Account, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
636 |
* if the user is not even logged in |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
637 |
""" |
|
814
25ffebd9fa8f
Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents:
802
diff
changeset
|
638 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
639 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
640 |
|
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
641 |
scope_path = None |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
642 |
|
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
643 |
if 'scope_path' in django_args: |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
644 |
scope_path = django_args['scope_path'] |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
645 |
if 'link_id' in django_args: |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
646 |
scope_path = django_args['link_id'] |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
647 |
|
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
648 |
fields = {'user': self.user,
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
649 |
'status': 'active'} |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
650 |
|
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
651 |
if scope_path: |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
652 |
fields['scope_path'] = scope_path |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
653 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
654 |
host = host_logic.getForFields(fields, unique=True) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
655 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
656 |
if host: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
657 |
return |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
658 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
659 |
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
660 |
'role': 'a Program Administrator '} |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
661 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
662 |
raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
663 |
|
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
664 |
def checkHasHostEntity(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
665 |
"""Checks whether the current user has a Host entity. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
666 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
667 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
668 |
self.checkIsHost({})
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
669 |
|
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
670 |
@denySidebar |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
671 |
@allowDeveloper |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
672 |
def checkIsHostForProgram(self, django_args): |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
673 |
"""Checks if the user is a host for the specified program. |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
674 |
""" |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
675 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
676 |
key_fields = program_logic.getKeyFieldsFromFields(django_args) |
|
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
677 |
program = program_logic.getFromKeyFields(key_fields) |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
678 |
|
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
679 |
if not program or program.status == 'invalid': |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
680 |
self.deny(django_args) |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
681 |
|
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
682 |
new_args = {'scope_path': program.scope_path }
|
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
683 |
self.checkIsHost(new_args) |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
684 |
|
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
685 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
686 |
def checkIsHostForSponsor(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
687 |
"""Raises an alternate HTTP response if Google Account has no Host entity |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
688 |
for the specified Sponsor. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
689 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
690 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
691 |
request: a Django HTTP request |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
692 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
693 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
694 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
695 |
* if User is not already a Host for the specified program, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
696 |
* if User has not agreed to the site-wide ToS, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
697 |
* if no User exists for the logged-in Google Account, or |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
698 |
* if the user is not even logged in |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
699 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
700 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
701 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
702 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
703 |
user = user_logic.getForCurrentAccount() |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
704 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
705 |
if django_args.get('scope_path'):
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
706 |
scope_path = django_args['scope_path'] |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
707 |
else: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
708 |
scope_path = django_args['link_id'] |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
709 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
710 |
fields = {'user': user,
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
711 |
'scope_path': scope_path, |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
712 |
'status': 'active'} |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
713 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
714 |
host = host_logic.getForFields(fields, unique=True) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
715 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
716 |
if host: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
717 |
return |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
718 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
719 |
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
720 |
'role': 'a Program Administrator '} |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
721 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
722 |
raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
723 |
|
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
724 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
725 |
def checkIsClubAdminForClub(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
726 |
"""Returns an alternate HTTP response if Google Account has no Club Admin |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
727 |
entity for the specified club. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
728 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
729 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
730 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
731 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
732 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
733 |
AccessViolationResponse: if the required authorization is not met |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
734 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
735 |
Returns: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
736 |
None if Club Admin exists for the specified club, or a subclass of |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
737 |
django.http.HttpResponse which contains the alternate response |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
738 |
should be returned by the calling view. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
739 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
740 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
741 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
742 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
743 |
user = user_logic.getForCurrentAccount() |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
744 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
745 |
if django_args.get('scope_path'):
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
746 |
scope_path = django_args['scope_path'] |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
747 |
else: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
748 |
scope_path = django_args['link_id'] |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
749 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
750 |
fields = {'user': user,
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
751 |
'scope_path': scope_path, |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
752 |
'status': 'active'} |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
753 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
754 |
club_admin_entity = club_admin_logic.getForFields(fields, unique=True) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
755 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
756 |
if club_admin_entity: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
757 |
return |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
758 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
759 |
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
760 |
'role': 'a Club Admin for this Club'} |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
761 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
762 |
raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
763 |
|
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
764 |
@allowDeveloper |
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
765 |
@allowIfCheckPasses('checkIsClubAdminForClub')
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
766 |
def checkIsClubMemberForClub(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
767 |
"""Returns an alternate HTTP response if Google Account has no Club Member |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
768 |
entity for the specified club. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
769 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
770 |
Args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
771 |
django_args: a dictionary with django's arguments |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
772 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
773 |
Raises: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
774 |
AccessViolationResponse: if the required authorization is not met |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
775 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
776 |
Returns: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
777 |
None if Club Member exists for the specified club, or a subclass of |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
778 |
django.http.HttpResponse which contains the alternate response |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
779 |
should be returned by the calling view. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
780 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
781 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
782 |
self.checkIsUser(django_args) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
783 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
784 |
if django_args.get('scope_path'):
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
785 |
scope_path = django_args['scope_path'] |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
786 |
else: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
787 |
scope_path = django_args['link_id'] |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
788 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
789 |
fields = {'user': self.user,
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
790 |
'scope_path': scope_path, |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
791 |
'status': 'active'} |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
792 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
793 |
club_member_entity = club_member_logic.getForFields(fields, unique=True) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
794 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
795 |
if club_member_entity: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
796 |
return |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
797 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
798 |
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
799 |
'role': 'a Club Member for this Club'} |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
800 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
801 |
raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
802 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
803 |
def checkIsClubAdminForScope(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
804 |
"""Checks whether the current user is a Club Mdmin. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
805 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
806 |
Args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
807 |
django_args: the keyword arguments from django, only scope_path is used |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
808 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
809 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
810 |
scope_path = django_args['scope_path'] |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
811 |
self.checkIsClubAdminForClub({'link_id': scope_path})
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
812 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
813 |
def checkIsClubMemberForScope(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
814 |
"""Checks whether the current user is a Club Mdmin. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
815 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
816 |
Args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
817 |
django_args: the keyword arguments from django, only scope_path is used |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
818 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
819 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
820 |
scope_path = django_args['scope_path'] |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
821 |
self.checkIsClubMemberForClub({'link_id': scope_path})
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
822 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
823 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
824 |
def checkIsApplicationAccepted(self, django_args, app_logic): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
825 |
"""Returns an alternate HTTP response if Google Account has no Club App |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
826 |
entity for the specified Club. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
827 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
828 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
829 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
830 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
831 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
832 |
AccessViolationResponse: if the required authorization is not met |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
833 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
834 |
Returns: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
835 |
None if Club App exists for the specified program, or a subclass |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
836 |
of django.http.HttpResponse which contains the alternate response |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
837 |
should be returned by the calling view. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
838 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
839 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
840 |
self.checkIsUser(django_args) |
|
814
25ffebd9fa8f
Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents:
802
diff
changeset
|
841 |
|
|
887
b8c1a6bc913e
Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents:
884
diff
changeset
|
842 |
user = user_logic.getForCurrentAccount() |
|
814
25ffebd9fa8f
Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents:
802
diff
changeset
|
843 |
|
|
884
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
844 |
properties = {
|
|
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
845 |
'applicant': user, |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
846 |
'status': 'accepted' |
|
884
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
847 |
} |
|
814
25ffebd9fa8f
Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents:
802
diff
changeset
|
848 |
|
|
884
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
849 |
application = app_logic.logic.getForFields(properties, unique=True) |
|
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
850 |
|
|
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
851 |
if application: |
|
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
852 |
return |
|
814
25ffebd9fa8f
Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents:
802
diff
changeset
|
853 |
|
|
884
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
854 |
# TODO(srabbelier) Make this give a proper error message |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
855 |
self.deny(django_args) |
| 726 | 856 |
|
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
857 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
858 |
def checkIsMyNotification(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
859 |
"""Returns an alternate HTTP response if this request is for |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
860 |
a Notification belonging to the current user. |
|
729
7fe218e3d359
Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents:
727
diff
changeset
|
861 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
862 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
863 |
django_args: a dictionary with django's arguments |
|
872
70e0b6d8ff73
Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents:
814
diff
changeset
|
864 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
865 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
866 |
AccessViolationResponse: if the required authorization is not met |
|
791
30da180c4bca
Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents:
746
diff
changeset
|
867 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
868 |
Returns: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
869 |
None if the current User is allowed to access this Notification. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
870 |
""" |
|
791
30da180c4bca
Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents:
746
diff
changeset
|
871 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
872 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
873 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
874 |
properties = dicts.filter(django_args, ['link_id', 'scope_path']) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
875 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
876 |
notification = notification_logic.getForFields(properties, unique=True) |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
877 |
user = user_logic.getForCurrentAccount() |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
878 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
879 |
# We need to check to see if the key's are equal since the User |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
880 |
# objects are different and the default __eq__ method does not check |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
881 |
# if the keys are equal (which is what we want). |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
882 |
if user.key() == notification.scope.key(): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
883 |
return None |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
884 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
885 |
# TODO(ljvderijk) Make this give a proper error message |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
886 |
self.deny(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
887 |
|
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
888 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
889 |
def checkIsMyApplication(self, django_args, app_logic): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
890 |
"""Returns an alternate HTTP response if this request is for |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
891 |
a Application belonging to the current user. |
|
791
30da180c4bca
Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents:
746
diff
changeset
|
892 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
893 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
894 |
request: a Django HTTP request |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
895 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
896 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
897 |
AccessViolationResponse: if the required authorization is not met |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
898 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
899 |
Returns: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
900 |
None if the current User is allowed to access this Application. |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
901 |
""" |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
902 |
|
|
1012
73f0b61f2d9d
Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1007
diff
changeset
|
903 |
self.checkIsUser(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
904 |
|
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
905 |
properties = dicts.filter(django_args, ['link_id']) |
|
882
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
906 |
|
|
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
907 |
application = app_logic.logic.getForFields(properties, unique=True) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
908 |
|
|
884
ded4850776c8
Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
882
diff
changeset
|
909 |
if not application: |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
910 |
self.deny(django_args) |
|
791
30da180c4bca
Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents:
746
diff
changeset
|
911 |
|
|
882
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
912 |
# We need to check to see if the key's are equal since the User |
|
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
913 |
# objects are different and the default __eq__ method does not check |
|
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
914 |
# if the keys are equal (which is what we want). |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
915 |
if self.user.key() == application.applicant.key(): |
|
882
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
916 |
return None |
|
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
917 |
|
|
267e31f1a0b6
Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
872
diff
changeset
|
918 |
# TODO(srabbelier) Make this give a proper error message |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
919 |
self.deny(django_args) |
|
791
30da180c4bca
Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents:
746
diff
changeset
|
920 |
|
|
1016
15a2f644725f
Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1012
diff
changeset
|
921 |
@allowDeveloper |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
922 |
def checkIsMyActiveRole(self, django_args, role_logic): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
923 |
"""Returns an alternate HTTP response if there is no active role found for |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
924 |
the current user using the given role_logic. |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
925 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
926 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
927 |
AccessViolationResponse: if the required authorization is not met |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
928 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
929 |
Returns: |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
930 |
None if the current User has an active role for the given role_logic. |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
931 |
""" |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
932 |
|
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
933 |
if not self.user or self.user.link_id != django_args['link_id']: |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
934 |
# not my role |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
935 |
self.deny(django_args) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
936 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
937 |
fields = {'link_id': django_args['link_id'],
|
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
938 |
'scope_path': django_args['scope_path'], |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
939 |
} |
|
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
940 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
941 |
role_entity = role_logic.logic.getFromKeyFieldsOr404(fields) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
942 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
943 |
if role_entity.status != 'active': |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
944 |
# role is not active |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
945 |
self.deny(django_args) |
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
946 |
|
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
947 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
948 |
@allowDeveloper |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
949 |
@denySidebar |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
950 |
def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic): |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
951 |
"""Returns an alternate HTTP response if the user is not allowed to manage |
|
1068
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
952 |
the role given in args. |
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
953 |
|
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
954 |
Args: |
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
955 |
role_logic: determines the logic for the role in args. |
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
956 |
manage_role_logic: determines the logic for the role which is allowed |
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
957 |
to manage this role. |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
958 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
959 |
Raises: |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
960 |
AccessViolationResponse: if the required authorization is not met |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
961 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
962 |
Returns: |
|
1068
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
963 |
None if the given role is active and belongs to the current user. |
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
964 |
None if the current User has an active role (from manage_role_logic) |
|
8a06ebff014e
Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1066
diff
changeset
|
965 |
that belongs to the same scope as the role that needs to be managed |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
966 |
""" |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
967 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
968 |
try: |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
969 |
# check if it is my role the user's own role |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
970 |
self.checkIsMyActiveRole(django_args, role_logic) |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
971 |
except out_of_band.Error: |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
972 |
pass |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
973 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
974 |
# apparently it's not the user's role so check if managing this role is allowed |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
975 |
fields = {'link_id': django_args['link_id'],
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
976 |
'scope_path': django_args['scope_path'], |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
977 |
} |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
978 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
979 |
role_entity = role_logic.logic.getFromKeyFieldsOr404(fields) |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
980 |
|
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
981 |
if role_entity.status != 'active': |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
982 |
# cannot manage this entity |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
983 |
self.deny(django_args) |
|
914
6ec8dd2a73b3
Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
895
diff
changeset
|
984 |
|
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
985 |
fields = {'link_id': self.user.link_id,
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
986 |
'scope_path': django_args['scope_path'], |
|
1085
0afbdd0905ef
Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1080
diff
changeset
|
987 |
'status' : 'active' |
|
1066
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
988 |
} |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
989 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
990 |
manage_entity = manage_role_logic.logic.getForFields(fields, unique=True) |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
991 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
992 |
if not manage_entity: |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
993 |
self.deny(django_args) |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
994 |
|
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
995 |
return |
|
b22750a2b04a
Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1061
diff
changeset
|
996 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
997 |
def checkHasPickGetArgs(self, django_args): |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
998 |
"""Raises an alternate HTTP response if the request misses get args. |
|
791
30da180c4bca
Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents:
746
diff
changeset
|
999 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1000 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1001 |
django_args: a dictionary with django's arguments |
|
931
1131884c3c56
Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents:
927
diff
changeset
|
1002 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1003 |
Raises: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1004 |
AccessViolationResponse: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1005 |
* if continue is not in request.GET |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1006 |
* if field is not in request.GET |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1007 |
""" |
|
931
1131884c3c56
Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents:
927
diff
changeset
|
1008 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1009 |
get_args = django_args.get('GET', {})
|
|
931
1131884c3c56
Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents:
927
diff
changeset
|
1010 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1011 |
if 'continue' in get_args and 'field' in get_args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1012 |
return |
|
931
1131884c3c56
Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents:
927
diff
changeset
|
1013 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1014 |
#TODO(SRabbelier) inform user that return_url and field are required |
|
1023
d849b47645f9
Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1017
diff
changeset
|
1015 |
self.deny(django_args) |
|
931
1131884c3c56
Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents:
927
diff
changeset
|
1016 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
1017 |
@denySidebar |
|
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
1018 |
@allowDeveloper |
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1019 |
def checkIsDocumentReadable(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1020 |
"""Checks whether a document is readable. |
|
699
4e8eefe95748
Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
639
diff
changeset
|
1021 |
|
|
1007
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1022 |
Args: |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1023 |
django_args: a dictionary with django's arguments |
|
3b66772d21a5
Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
999
diff
changeset
|
1024 |
""" |
|
699
4e8eefe95748
Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
639
diff
changeset
|
1025 |
|
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
1026 |
key_fields = document_logic.getKeyFieldsFromFields(django_args) |
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1027 |
document = document_logic.getFromKeyFields(key_fields) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1028 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1029 |
self.checkMembership('read', document.prefix,
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1030 |
document.read_access, django_args) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1031 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1032 |
@denySidebar |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1033 |
@allowDeveloper |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1034 |
def checkIsDocumentWritable(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1035 |
"""Checks whether a document is writable. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1036 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1037 |
Args: |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1038 |
django_args: a dictionary with django's arguments |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1039 |
""" |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1040 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1041 |
key_fields = document_logic.getKeyFieldsFromFields(django_args) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1042 |
document = document_logic.getFromKeyFields(key_fields) |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1043 |
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1044 |
self.checkMembership('write', document.prefix,
|
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1045 |
document.write_access, django_args) |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1046 |
|
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1047 |
@allowIfCheckPasses('checkIsHostForProgram')
|
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1048 |
def checkIsProgramVisible(self, django_args): |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1049 |
"""Checks whether a program is visible. |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1050 |
""" |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1051 |
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1052 |
if 'entity' in django_args: |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1053 |
program = django_args['entity'] |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1054 |
else: |
|
1115
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
1055 |
key_fields = program_logic.getKeyFieldsFromFields(django_args) |
|
0a723ff3d27c
Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1107
diff
changeset
|
1056 |
program = program_logic.getFromKeyFields(key_fields) |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1057 |
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1058 |
if not program: |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1059 |
self.deny(django_args) |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1060 |
|
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1061 |
if program.status == 'visible': |
|
1074
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1062 |
return |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1063 |
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1064 |
context = django_args.get('context', {})
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1065 |
context['title'] = 'Access denied' |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1066 |
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1067 |
message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1068 |
'role': ugettext('a Program Administrator')}
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1069 |
|
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1070 |
raise out_of_band.AccessViolation(DEF_DEV_LOGOUT_LOGIN_MSG_FMT, |
|
94bc2a9ae103
Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1073
diff
changeset
|
1071 |
context=context) |
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1072 |
|
|
1135
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1073 |
def checkCanEditTimeline(self, django_args): |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1074 |
"""Checks whether this program's timeline may be edited. |
|
24d695060863
Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents:
1122
diff
changeset
|
1075 |
""" |
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1076 |
|
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1077 |
time_line_keyname = django_args['scope_path'] |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1078 |
timeline_entity = timeline_logic.getFromKeyName(time_line_keyname) |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1079 |
|
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1080 |
if not timeline_entity: |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1081 |
# timeline does not exists so deny |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1082 |
self.deny(django_args) |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1083 |
|
|
1122
659984867a9a
Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1115
diff
changeset
|
1084 |
split_keyname = time_line_keyname.rsplit('/')
|
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1085 |
|
|
1122
659984867a9a
Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1115
diff
changeset
|
1086 |
fields = {'scope_path' : split_keyname[0],
|
|
659984867a9a
Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1115
diff
changeset
|
1087 |
'link_id' : split_keyname[1], |
|
1107
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1088 |
} |
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1089 |
|
|
a878188e225c
Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents:
1085
diff
changeset
|
1090 |
return self.checkIsHostForProgram(fields) |