app/soc/views/helper/access.py
author Lennard de Rijk <ljvderijk@gmail.com>
Thu, 05 Feb 2009 20:19:17 +0000
changeset 1218 569a3fe9cb88
parent 1203 38225f2ad3a6
child 1223 aca77e2cc8f7
permissions -rw-r--r--
Cleaned up getKeyNameFromFields in Logic base. You can now pass it a dictionary that can contain other fields next to the keyfields. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     1
#!/usr/bin/python2.5
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     2
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     3
# Copyright 2008 the Melange authors.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     4
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     5
# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     6
# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     7
# You may obtain a copy of the License at
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     8
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     9
#   http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    10
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    11
# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    12
# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    14
# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    15
# limitations under the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    16
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    17
"""Access control helper.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    18
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    19
The functions in this module can be used to check access control
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    20
related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    21
met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    22
either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    23
do not meet the required criteria.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    24
"""
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    25
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    26
__authors__ = [
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    27
  '"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    28
  '"Sverre Rabbelier" <sverre@rabbelier.nl>',
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
    29
  '"Lennard de Rijk" <ljvderijk@gmail.com>',
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    30
  '"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    31
  ]
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    32
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    33
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    34
from google.appengine.api import users
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
    35
from google.appengine.api import memcache
315
c4f1a07ee340 Add missing blank lines between imports in access.py module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 309
diff changeset
    36
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
    37
from django.core import urlresolvers
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    38
from django.utils.translation import ugettext
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    39
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
    40
from soc.logic import accounts
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
    41
from soc.logic import dicts
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    42
from soc.logic import rights as rights_logic
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
    43
from soc.logic.models.club_admin import logic as club_admin_logic
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    44
from soc.logic.models.club_member import logic as club_member_logic
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
    45
from soc.logic.models.document import logic as document_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    46
from soc.logic.models.host import logic as host_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    47
from soc.logic.models.mentor import logic as mentor_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    48
from soc.logic.models.notification import logic as notification_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    49
from soc.logic.models.org_admin import logic as org_admin_logic
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    50
from soc.logic.models.program import logic as program_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    51
from soc.logic.models.request import logic as request_logic
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
    52
from soc.logic.models.role import logic as role_logic
891
3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect().
Todd Larsen <tlarsen@google.com>
parents: 890
diff changeset
    53
from soc.logic.models.site import logic as site_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    54
#from soc.logic.models.student import logic as student_logic
1142
da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 1135
diff changeset
    55
from soc.logic.models.timeline import logic as timeline_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    56
from soc.logic.models.user import logic as user_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    57
from soc.views.helper import redirects
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    58
from soc.views import helper
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
    59
from soc.views import out_of_band
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    60
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    61
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    62
DEF_NO_USER_LOGIN_MSG= ugettext(
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    63
  'Please create <a href="/user/create_profile">User Profile</a>'
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    64
  ' in order to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    65
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    66
DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    67
  'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    68
  ' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    69
  ' in order to view this page.')
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    70
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    71
DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    72
  'Please <a href="%%(sign_out)s">sign out</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    73
  ' and <a href="%%(sign_in)s">sign in</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    74
  ' again as %(role)s to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    75
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    76
DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext(
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    77
  'You need to be in the %(status)s group to %(action)s'
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    78
  ' documents in the %(prefix)s prefix.')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    79
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    80
DEF_NEED_ROLE_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    81
  'You do not have the required role.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    82
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    83
DEF_NOT_YOUR_ENTITY_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    84
  'This entity does not belong to you.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    85
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    86
DEF_NO_ACTIVE_GROUP_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    87
  'There is no such active group.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    88
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    89
DEF_NO_REQUEST_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    90
  'There is no accepted request that would allow you to visit this page.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    91
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    92
DEF_NEED_PICK_ARGS_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    93
  'The "continue" and "field" args are not both present.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    94
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
    95
DEF_REVIEW_COMPLETED_MSG = ugettext(
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
    96
    'This Application can not be reviewed anymore (it has been completed or rejected)')
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
    97
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    98
DEF_REQUEST_COMPLETED_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    99
  'This request cannot be accepted (it is either completed or denied).')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   100
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   101
DEF_SCOPE_INACTIVE_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   102
  'The scope for this request is not active.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   103
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
   104
DEF_PAGE_DENIED_MSG = ugettext(
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   105
  'Access to this page has been restricted')
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   106
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
   107
DEF_LOGOUT_MSG_FMT = ugettext(
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   108
    'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   109
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   110
DEF_GROUP_NOT_FOUND_MSG = ugettext(
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   111
    'The requested Group can not be found')
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   112
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   113
DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   114
    'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   115
    ' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   116
    '<ul>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   117
    ' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   118
    ' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   119
    ' used to create another one</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   120
    ' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   121
    '</ul>')
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   122
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   123
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   124
def allowSidebar(fun):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   125
  """Decorator that allows access if the sidebar is calling.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   126
  """
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   127
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   128
  from functools import wraps
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   129
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   130
  @wraps(fun)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   131
  def wrapper(self, django_args, *args, **kwargs):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   132
    if django_args.get('SIDEBAR_CALLING'):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   133
      return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   134
    return fun(self, django_args, *args, **kwargs)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   135
  return wrapper
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   136
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   137
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   138
def denySidebar(fun):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   139
  """Decorator that denies access if the sidebar is calling.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   140
  """
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   141
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   142
  from functools import wraps
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   143
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   144
  @wraps(fun)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   145
  def wrapper(self, django_args, *args, **kwargs):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   146
    if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   147
      raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   148
    return fun(self, django_args, *args, **kwargs)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   149
  return wrapper
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   150
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   151
1073
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   152
def allowIfCheckPasses(checker_name):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   153
  """Returns a decorator that allows access if the specified checker passes.
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   154
  """
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   155
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   156
  from functools import wraps
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   157
1073
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   158
  def decorator(fun):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   159
    """Decorator that allows access if the current user is a Developer.
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   160
    """
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   161
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   162
    @wraps(fun)
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   163
    def wrapper(self, django_args, *args, **kwargs):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   164
      try:
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   165
        # if the check passes we allow access regardless
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   166
        return self.doCheck(checker_name, django_args, [])
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   167
      except out_of_band.Error:
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   168
        # otherwise we run the original check
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   169
        return fun(self, django_args, *args, **kwargs)
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   170
    return wrapper
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   171
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   172
  return decorator
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   173
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   174
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   175
allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   176
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   177
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   178
class Checker(object):
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   179
  """
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   180
  The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   181
  when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   182
  rather then modifying rights directly if so desired.
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   183
  """
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   184
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   185
  MEMBERSHIP = {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   186
    'anyone': 'allow',
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   187
    'club_admin': ('checkHasActiveRole', club_admin_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   188
    'club_member': ('checkHasActiveRole', club_member_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   189
    'host': ('checkHasActiveRole', host_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   190
    'org_admin': ('checkHasActiveRole', org_admin_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   191
    'org_mentor': ('checkHasActiveRole', mentor_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   192
    'org_student': 'deny', #('checkHasActiveRole', student_logic),
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   193
    'user': 'checkIsUser',
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   194
    'user_self': ('checkIsUserSelf', 'scope_path'),
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   195
    }
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   196
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   197
  def __init__(self, params):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   198
    """Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   199
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   200
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   201
    base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   202
    self.rights = base.rights if base else {}
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   203
    self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   204
    self.user = None
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   205
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   206
  def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   207
    """Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   208
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   209
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   210
    oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   211
    self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   212
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   213
  def __getitem__(self, key):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   214
    """Retrieves the right checkers and massages then into a default format.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   215
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   216
    The result is guaranteed to be a list of 2-tuples, the first element is a
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   217
    checker (iff there is an checker with the specified name), the second
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   218
    element is a list of arguments that should be passed to the checker when
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   219
    calling it in addition to the standard django_args.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   220
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   221
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   222
    result = []
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   223
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   224
    for i in self.rights.get(key, []):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   225
      # Be nice an repack so that it is always a list with tuples
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   226
      if isinstance(i, tuple):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   227
        name, arg = i
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   228
        tmp = (name, (arg if isinstance(arg, list) else [arg]))
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   229
        result.append(tmp)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   230
      else:
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   231
        tmp = (i, [])
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   232
        result.append(tmp)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   233
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   234
    return result
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   235
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   236
  def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   237
    """Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   238
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   239
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   240
    return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   241
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   242
  def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   243
    """Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   244
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   245
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   246
    retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   247
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   248
    memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   249
    memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   250
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   251
  def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   252
    """Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   253
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   254
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   255
    memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   256
    return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   257
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   258
  def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   259
    """Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   260
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   261
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   262
    checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   263
    checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   264
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   265
  def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   266
    """Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   267
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   268
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   269
    cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   270
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   271
    if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   272
      try:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   273
        self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   274
        self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   275
        return
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   276
      except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   277
        self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   278
        raise
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   279
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   280
    if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   281
      return
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   282
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   283
    # re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   284
    raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   285
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   286
  def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   287
    """Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   288
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   289
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   290
    if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   291
      self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   292
    else:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   293
      self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   294
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   295
  def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   296
    """Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   297
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   298
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   299
    self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   300
    self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   301
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   302
  def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   303
    """Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   304
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   305
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   306
      access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   307
      rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   308
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   309
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   310
    Rights usage:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   311
      The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   312
      to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   313
      are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   314
      request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   315
      are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   316
      the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   317
      type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   318
      value are called.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   319
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   320
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   321
    use_cache = django_args.get('SIDEBAR_CALLING')
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   322
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   323
    # Call each access checker
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   324
    for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   325
      self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   326
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   327
    if access_type not in self.rights:
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   328
      # No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   329
      for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   330
        self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   331
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   332
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   333
    for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   334
      self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   335
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   336
  def checkMembership(self, action, prefix, status, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   337
    """Checks whether the user has access to the specified status.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   338
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   339
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   340
      action: the action that was performed (e.g., 'read')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   341
      prefix: the prefix, determines what access set is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   342
      status: the access status (e.g., 'public')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   343
      django_args: the django args to pass on to the checkers
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   344
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   345
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   346
    checker = rights_logic.Checker(prefix)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   347
    roles = checker.getMembership(status)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   348
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   349
    message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   350
        'action': action,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   351
        'prefix': prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   352
        'status': status,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   353
        }
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   354
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   355
    # try to see if they belong to any of the roles, if not, raise an
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   356
    # access violation for the specified action, prefix and status.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   357
    for role in roles:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   358
      try:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   359
        checker_name = self.MEMBERSHIP[role]
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   360
        self.doCheck(checker_name, django_args, [])
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   361
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   362
        # the check passed, we can stop now
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   363
        break
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   364
      except out_of_band.Error:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   365
        continue
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   366
    else:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   367
      raise out_of_band.AccessViolation(message_fmt)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   368
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   369
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   370
  def allow(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   371
    """Never raises an alternate HTTP response.  (an access no-op, basically).
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   372
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   373
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   374
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   375
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   376
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   377
    return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   378
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   379
  def deny(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   380
    """Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   381
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   382
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   383
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   384
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   385
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   386
      always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   387
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   388
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   389
    context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   390
    context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   391
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   392
    raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   393
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   394
  def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   395
    """Raises an alternate HTTP response if Google Account is not logged in.
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   396
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   397
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   398
      django_args: a dictionary with django's arguments
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   399
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   400
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   401
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   402
      * if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   403
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   404
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   405
    if self.id:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   406
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   407
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   408
    raise out_of_band.LoginRequest()
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   409
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   410
  def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   411
    """Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   412
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   413
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   414
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   415
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   416
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   417
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   418
      * if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   419
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   420
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   421
    if not self.id:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   422
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   423
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   424
    raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   425
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   426
  def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   427
    """Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   428
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   429
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   430
      django_args: a dictionary with django's arguments
895
e70ffd079438 Even developers need to agree to the terms of service for Melange
Sverre Rabbelier <srabbelier@gmail.com>
parents: 892
diff changeset
   431
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   432
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   433
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   434
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   435
      * if no Google Account is logged in at all
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   436
      * if User has not agreed to the site-wide ToS, if one exists
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   437
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   438
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   439
    self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   440
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   441
    if not self.user:
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   442
      raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   443
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   444
    if user_logic.agreesToSiteToS(self.user):
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   445
      return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   446
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   447
    # Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   448
    # agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   449
    login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   450
        'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   451
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   452
    raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   453
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   454
  @allowDeveloper
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   455
  def checkIsUserSelf(self, django_args, field_name):
1142
da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 1135
diff changeset
   456
    """Checks whether the specified user is the logged in user.
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   457
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   458
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   459
      django_args: the keyword args from django, only scope_path is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   460
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   461
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   462
    self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   463
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   464
    if not field_name in django_args:
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   465
      self.deny(django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   466
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   467
    if self.user.link_id == django_args[field_name]:
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   468
      return
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   469
1177
53c802c2a2e2 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1176
diff changeset
   470
    raise out_of_band.AccessViolation(DEF_NOT_YOUR_ENTITY_MSG)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   471
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   472
  def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   473
    """Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   474
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   475
    Args:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   476
      django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   477
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   478
    Raises:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   479
      AccessViolationResponse:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   480
      * if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   481
      * if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   482
    """
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   483
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   484
    self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   485
1192
b53fa1e05dbd Adds the possibility to exclude the user from the website.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1189
diff changeset
   486
    user_entity = user_logic.getForFields({'account':self.id}, unique=True)
b53fa1e05dbd Adds the possibility to exclude the user from the website.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1189
diff changeset
   487
b53fa1e05dbd Adds the possibility to exclude the user from the website.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1189
diff changeset
   488
    if not user_entity and not user_logic.isFormerAccount(self.id):
1048
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   489
      # this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   490
      return
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   491
1048
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   492
    message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   493
        'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   494
    raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   495
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   496
  def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   497
    """Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   498
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   499
    Args:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   500
      django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   501
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   502
    Raises:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   503
      AccessViolationResponse:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   504
      * if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   505
      * if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   506
    """
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   507
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   508
    self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   509
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   510
    if not self.user:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   511
      raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   512
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   513
    return
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   514
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   515
  def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   516
    """Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   517
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   518
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   519
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   520
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   521
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   522
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   523
      * if User is not a Developer, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   524
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   525
      * if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   526
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   527
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   528
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   529
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   530
    if accounts.isDeveloper(account=self.id, user=self.user):
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   531
      return
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   532
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   533
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   534
        'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   535
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   536
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   537
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   538
  @allowDeveloper
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   539
  @denySidebar
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   540
  def checkIsActive(self, django_args, logic,
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   541
                    field_name='scope_path', filter_field='link_id'):
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   542
    """Raises an alternate HTTP response if Group status is not active.
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   543
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   544
    Args:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   545
      django_args: a dictionary with django's arguments
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   546
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   547
    Raises:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   548
      AccessViolationResponse:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   549
      * if no Group is found
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   550
      * if the Group status is not active
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   551
    """
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   552
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   553
    self.checkIsUser(django_args)
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   554
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   555
    if field_name and (field_name not in django_args):
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   556
      self.deny(django_args)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   557
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   558
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   559
        filter_field: django_args[filter_field],
1179
427d2ec42823 Rewrite getForFields to use GQL instead of the Query API
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1177
diff changeset
   560
        'status': 'active',
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   561
        }
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   562
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   563
    if field_name:
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   564
      fields['scope_path'] = django_args[field_name]
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   565
1179
427d2ec42823 Rewrite getForFields to use GQL instead of the Query API
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1177
diff changeset
   566
    entity = logic.getForFields(fields, unique=True)
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   567
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   568
    if entity:
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   569
      return
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   570
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   571
    raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   572
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   573
  def checkHasActiveRole(self, django_args, logic, field_name=None):
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   574
    """Checks that the user has the specified active role.
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   575
    """
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   576
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   577
    if not field_name:
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   578
      field_name = 'scope_path'
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   579
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   580
    django_args['user'] = self.user
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   581
    self.checkIsActive(django_args, logic, field_name, 'user')
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   582
1189
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   583
  def checkSeeded(self, django_args, checker_name, *args):
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   584
    """Wrapper to update the django_args with the contens of seed first.
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   585
    """
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   586
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   587
    django_args.update(django_args.get('seed', {}))
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   588
    self.doCheck(checker_name, django_args, args)
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   589
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   590
  def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   591
    """Raises an alternate HTTP response if the specified group is not in an
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   592
    active status.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   593
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   594
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   595
      group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   596
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   597
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   598
    self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   599
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   600
    group_entity = role_logic.getGroupEntityFromScopePath(
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   601
        group_logic.logic, django_args['scope_path'])
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   602
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   603
    if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   604
      raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   605
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   606
    if group_entity.status != 'active':
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   607
      # tell the user that this group is not active
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   608
      raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   609
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   610
    return
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   611
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   612
  def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   613
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   614
       or if it's status is not group_accepted. Also when the group this request
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   615
       is from is in an inactive or invalid status access will be denied.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   616
    """
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   617
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   618
    self.checkIsUserSelf(django_args, 'link_id')
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   619
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   620
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   621
        'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   622
        'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   623
        'role': role_name,
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   624
        'status': 'group_accepted',
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   625
        }
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   626
1176
c211191e7d81 Fixed access related bugs
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1163
diff changeset
   627
    entity = request_logic.getForFields(fields, unique=True)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   628
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   629
    if entity and (entity.scope.status not in ['invalid', 'inactive']):
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   630
      return
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   631
1177
53c802c2a2e2 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1176
diff changeset
   632
    raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   633
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   634
  def checkIsMyGroupAcceptedRequest(self, django_args):
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   635
    """Checks whether the user can accept the specified request.
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   636
    """
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   637
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   638
    self.checkCanCreateFromRequest(django_args, django_args['role'])
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   639
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   640
  def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   641
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   642
       or if it's status is completed or denied. Also Raises an alternate HTTP response
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   643
       whenever the group in the request is not active.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   644
    """
948
bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 943
diff changeset
   645
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   646
    self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   647
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   648
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   649
        'link_id': django_args['link_id'],
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   650
        'scope_path': django_args['scope_path'],
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   651
        'role': role_name,
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   652
        }
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   653
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   654
    request_entity = request_logic.getFromKeyFieldsOr404(fields)
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   655
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   656
    if request_entity.status in ['completed', 'denied']:
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   657
      raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   658
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   659
    if request_entity.scope.status == 'active':
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   660
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   661
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   662
    raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   663
1218
569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1203
diff changeset
   664
  @allowDeveloper
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   665
  @denySidebar
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   666
  def checkIsHostForProgram(self, django_args):
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   667
    """Checks if the user is a host for the specified program.
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   668
    """
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   669
1218
569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1203
diff changeset
   670
    program = program_logic.getFromKeyFields(django_args)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   671
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   672
    if not program or program.status == 'invalid':
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   673
      self.deny(django_args)
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   674
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   675
    new_args = {'scope_path': program.scope_path }
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   676
    self.checkHasActiveRole(new_args, host_logic)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   677
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   678
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   679
  @allowDeveloper
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   680
  def checkCanEditGroupApp(self, django_args, group_app_logic):
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   681
    """Checks if the group_app in args is valid to be edited by the current user.
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   682
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   683
    Args:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   684
      group_app_logic: A logic instance for the Group Application
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   685
    """
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   686
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   687
    self.checkIsUser(django_args)
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   688
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   689
    fields = {
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   690
        'link_id': django_args['link_id'],
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   691
        'applicant': self.user,
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   692
        'status' : ['needs review', 'rejected']
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   693
        }
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   694
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   695
    if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   696
      fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   697
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   698
    entity = group_app_logic.getForFields(fields)
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   699
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   700
    if entity:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   701
      return
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   702
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   703
    raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   704
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   705
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   706
  @allowSidebar
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   707
  def checkCanReviewGroupApp(self, django_args, group_app_logic):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   708
    """Checks if the group_app in args is valid to be reviewed.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   709
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   710
    Args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   711
      group_app_logic: A logic instance for the Group Application
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   712
    """
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   713
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   714
    if 'link_id' not in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   715
      # calling review overview, so we can't check a specified entity
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   716
      return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   717
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   718
    fields = {
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   719
        'link_id': django_args['link_id'],
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   720
        'status' : ['needs review', 'accepted', 'rejected', 'ignored']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   721
        }
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   722
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   723
    if 'scope_path' in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   724
      fields['scope_path'] = django_args['scope_path']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   725
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   726
    entity = group_app_logic.getForFields(fields)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   727
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   728
    if entity:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   729
      return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   730
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   731
    raise out_of_band.AccessViolation(message_fmt=DEF_REVIEW_COMPLETED_MSG)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   732
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   733
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   734
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   735
  def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   736
    """Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   737
       entity for the specified Club.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   738
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   739
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   740
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   741
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   742
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   743
       AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   744
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   745
    Returns:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   746
      None if Club App  exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   747
      of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   748
      should be returned by the calling view.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   749
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   750
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   751
    self.checkIsUser(django_args)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   752
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   753
    properties = {
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   754
        'applicant': self.user,
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   755
        'status': 'accepted'
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   756
        }
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   757
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   758
    application = app_logic.getForFields(properties, unique=True)
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   759
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   760
    if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   761
      return
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   762
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   763
    # TODO(srabbelier) Make this give a proper error message
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   764
    self.deny(django_args)
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   765
1180
6290c9e49848 Fixed club_app
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1179
diff changeset
   766
  def checkIsMyEntity(self, django_args, logic,
6290c9e49848 Fixed club_app
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1179
diff changeset
   767
                      field_name='user', user=False):
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   768
    """Checks whether the entity belongs to the user.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   769
    """
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   770
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   771
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   772
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   773
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   774
        'link_id': django_args['link_id'],
1180
6290c9e49848 Fixed club_app
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1179
diff changeset
   775
        field_name: self.user if user else self.user.key().name()
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   776
        }
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   777
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   778
    if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   779
      fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   780
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   781
    entity = logic.getForFields(fields)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   782
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   783
    if entity:
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   784
      return
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   785
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   786
    raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   787
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   788
  @allowDeveloper
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   789
  @denySidebar
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   790
  def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   791
    """Returns an alternate HTTP response if the user is not allowed to manage
1068
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   792
       the role given in args. 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   793
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   794
     Args:
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   795
       role_logic: determines the logic for the role in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   796
       manage_role_logic: determines the logic for the role which is allowed 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   797
           to manage this role.
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   798
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   799
     Raises:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   800
       AccessViolationResponse: if the required authorization is not met
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   801
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   802
    Returns:
1068
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   803
      None if the given role is active and belongs to the current user.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   804
      None if the current User has an active role (from manage_role_logic) 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   805
           that belongs to the same scope as the role that needs to be managed
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   806
    """
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   807
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   808
    try:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   809
      # check if it is my role the user's own role
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   810
      self.checkHasActiveRole(django_args, role_logic)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   811
    except out_of_band.Error:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   812
      pass
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   813
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   814
    # apparently it's not the user's role so check if managing this role is allowed
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   815
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   816
        'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   817
        'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   818
        'status': 'active',
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   819
        }
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   820
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   821
    role_entity = role_logic.getForFields(fields)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   822
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   823
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   824
        'link_id': self.user.link_id,
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   825
        'scope_path': django_args['scope_path'],
1142
da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 1135
diff changeset
   826
        'status': 'active'
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   827
        }
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   828
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   829
    manage_entity = manage_role_logic.getForFields(fields, unique=True)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   830
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   831
    if not manage_entity:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   832
      self.deny(django_args)
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   833
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   834
    return
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   835
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   836
  def checkHasPickGetArgs(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   837
    """Raises an alternate HTTP response if the request misses get args.
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   838
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   839
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   840
      django_args: a dictionary with django's arguments
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   841
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   842
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   843
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   844
      * if continue is not in request.GET
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   845
      * if field is not in request.GET
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   846
    """
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   847
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   848
    get_args = django_args.get('GET', {})
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   849
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   850
    if 'continue' in get_args and 'field' in get_args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   851
      return
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   852
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   853
    raise out_of_band.Error(message_fmt=DEF_NEED_PICK_ARGS_MSG)
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   854
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   855
  @denySidebar
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   856
  @allowDeveloper
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   857
  def checkIsDocumentReadable(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   858
    """Checks whether a document is readable.
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   859
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   860
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   861
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   862
    """
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   863
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   864
    key_fields = document_logic.getKeyFieldsFromFields(django_args)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   865
    document = document_logic.getFromKeyFields(key_fields)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   866
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   867
    self.checkMembership('read', document.prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   868
                         document.read_access, django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   869
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   870
  @denySidebar
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   871
  @allowDeveloper
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   872
  def checkIsDocumentWritable(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   873
    """Checks whether a document is writable.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   874
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   875
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   876
      django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   877
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   878
1218
569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1203
diff changeset
   879
    document = document_logic.getFromKeyFields(django_args)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   880
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   881
    self.checkMembership('write', document.prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   882
                         document.write_access, django_args)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   883
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   884
  def checkCanEditTimeline(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   885
    """Checks whether this program's timeline may be edited.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   886
    """
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   887
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   888
    time_line_keyname = django_args['scope_path']
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   889
    timeline_entity = timeline_logic.getFromKeyName(time_line_keyname)
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   890
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   891
    if not timeline_entity:
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   892
      # timeline does not exists so deny
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   893
      self.deny(django_args)
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   894
1122
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
   895
    split_keyname = time_line_keyname.rsplit('/')
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   896
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   897
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   898
        'scope_path' : split_keyname[0],
1122
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
   899
        'link_id' : split_keyname[1],
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   900
        }
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   901
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   902
    self.checkIsHostForProgram(fields)