app/soc/views/helper/access.py
author Lennard de Rijk <ljvderijk@gmail.com>
Thu, 05 Feb 2009 22:13:12 +0000
changeset 1223 aca77e2cc8f7
parent 1218 569a3fe9cb88
child 1226 a671f0d63562
permissions -rw-r--r--
Added new access checks to deal with timeline for programs. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     1
#!/usr/bin/python2.5
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     2
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     3
# Copyright 2008 the Melange authors.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     4
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     5
# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     6
# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     7
# You may obtain a copy of the License at
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     8
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     9
#   http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    10
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    11
# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    12
# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    14
# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    15
# limitations under the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    16
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    17
"""Access control helper.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    18
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    19
The functions in this module can be used to check access control
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    20
related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    21
met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    22
either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    23
do not meet the required criteria.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    24
"""
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    25
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    26
__authors__ = [
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    27
  '"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    28
  '"Sverre Rabbelier" <sverre@rabbelier.nl>',
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
    29
  '"Lennard de Rijk" <ljvderijk@gmail.com>',
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    30
  '"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    31
  ]
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    32
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    33
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    34
from google.appengine.api import users
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
    35
from google.appengine.api import memcache
315
c4f1a07ee340 Add missing blank lines between imports in access.py module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 309
diff changeset
    36
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
    37
from django.core import urlresolvers
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    38
from django.utils.translation import ugettext
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    39
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
    40
from soc.logic import accounts
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
    41
from soc.logic import dicts
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    42
from soc.logic import rights as rights_logic
1223
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
    43
from soc.logic.helper import timeline as timeline_helper
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
    44
from soc.logic.models.club_admin import logic as club_admin_logic
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    45
from soc.logic.models.club_member import logic as club_member_logic
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
    46
from soc.logic.models.document import logic as document_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    47
from soc.logic.models.host import logic as host_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    48
from soc.logic.models.mentor import logic as mentor_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    49
from soc.logic.models.notification import logic as notification_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    50
from soc.logic.models.org_admin import logic as org_admin_logic
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    51
from soc.logic.models.program import logic as program_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    52
from soc.logic.models.request import logic as request_logic
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
    53
from soc.logic.models.role import logic as role_logic
891
3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect().
Todd Larsen <tlarsen@google.com>
parents: 890
diff changeset
    54
from soc.logic.models.site import logic as site_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    55
#from soc.logic.models.student import logic as student_logic
1142
da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 1135
diff changeset
    56
from soc.logic.models.timeline import logic as timeline_logic
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    57
from soc.logic.models.user import logic as user_logic
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    58
from soc.views.helper import redirects
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    59
from soc.views import helper
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
    60
from soc.views import out_of_band
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    61
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    62
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    63
DEF_NO_USER_LOGIN_MSG= ugettext(
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    64
  'Please create <a href="/user/create_profile">User Profile</a>'
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    65
  ' in order to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    66
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    67
DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    68
  'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
    69
  ' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    70
  ' in order to view this page.')
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    71
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
    72
DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    73
  'Please <a href="%%(sign_out)s">sign out</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    74
  ' and <a href="%%(sign_in)s">sign in</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    75
  ' again as %(role)s to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    76
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    77
DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext(
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    78
  'You need to be in the %(status)s group to %(action)s'
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    79
  ' documents in the %(prefix)s prefix.')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
    80
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    81
DEF_NEED_ROLE_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    82
  'You do not have the required role.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    83
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    84
DEF_NOT_YOUR_ENTITY_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    85
  'This entity does not belong to you.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    86
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    87
DEF_NO_ACTIVE_GROUP_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    88
  'There is no such active group.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    89
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    90
DEF_NO_REQUEST_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    91
  'There is no accepted request that would allow you to visit this page.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    92
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    93
DEF_NEED_PICK_ARGS_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    94
  'The "continue" and "field" args are not both present.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    95
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
    96
DEF_REVIEW_COMPLETED_MSG = ugettext(
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
    97
    'This Application can not be reviewed anymore (it has been completed or rejected)')
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
    98
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
    99
DEF_REQUEST_COMPLETED_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   100
  'This request cannot be accepted (it is either completed or denied).')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   101
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   102
DEF_SCOPE_INACTIVE_MSG = ugettext(
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   103
  'The scope for this request is not active.')
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   104
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
   105
DEF_PAGE_DENIED_MSG = ugettext(
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   106
  'Access to this page has been restricted')
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   107
1223
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   108
DEF_PAGE_INACTIVE_MSG = ugettext(
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   109
    'This page is inactive at this time')
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   110
970
8b5611d5b053 Use ugettext instead of ugettext_lazy
Sverre Rabbelier <srabbelier@gmail.com>
parents: 965
diff changeset
   111
DEF_LOGOUT_MSG_FMT = ugettext(
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   112
    'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   113
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   114
DEF_GROUP_NOT_FOUND_MSG = ugettext(
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   115
    'The requested Group can not be found')
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   116
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   117
DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   118
    'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   119
    ' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   120
    '<ul>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   121
    ' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   122
    ' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   123
    ' used to create another one</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   124
    ' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   125
    '</ul>')
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   126
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   127
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   128
def allowSidebar(fun):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   129
  """Decorator that allows access if the sidebar is calling.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   130
  """
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   131
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   132
  from functools import wraps
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   133
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   134
  @wraps(fun)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   135
  def wrapper(self, django_args, *args, **kwargs):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   136
    if django_args.get('SIDEBAR_CALLING'):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   137
      return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   138
    return fun(self, django_args, *args, **kwargs)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   139
  return wrapper
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   140
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   141
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   142
def denySidebar(fun):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   143
  """Decorator that denies access if the sidebar is calling.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   144
  """
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   145
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   146
  from functools import wraps
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   147
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   148
  @wraps(fun)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   149
  def wrapper(self, django_args, *args, **kwargs):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   150
    if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   151
      raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   152
    return fun(self, django_args, *args, **kwargs)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   153
  return wrapper
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   154
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   155
1073
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   156
def allowIfCheckPasses(checker_name):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   157
  """Returns a decorator that allows access if the specified checker passes.
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   158
  """
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   159
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   160
  from functools import wraps
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   161
1073
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   162
  def decorator(fun):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   163
    """Decorator that allows access if the current user is a Developer.
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   164
    """
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   165
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   166
    @wraps(fun)
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   167
    def wrapper(self, django_args, *args, **kwargs):
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   168
      try:
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   169
        # if the check passes we allow access regardless
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   170
        return self.doCheck(checker_name, django_args, [])
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   171
      except out_of_band.Error:
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   172
        # otherwise we run the original check
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   173
        return fun(self, django_args, *args, **kwargs)
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   174
    return wrapper
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   175
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   176
  return decorator
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   177
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   178
feea88d0e1d8 Factor out the allowIfCheckPasses logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1068
diff changeset
   179
allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
1016
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   180
15a2f644725f Create a decorator for allowDeveloper
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1012
diff changeset
   181
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   182
class Checker(object):
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   183
  """
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   184
  The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   185
  when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   186
  rather then modifying rights directly if so desired.
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   187
  """
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   188
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   189
  MEMBERSHIP = {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   190
    'anyone': 'allow',
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   191
    'club_admin': ('checkHasActiveRole', club_admin_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   192
    'club_member': ('checkHasActiveRole', club_member_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   193
    'host': ('checkHasActiveRole', host_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   194
    'org_admin': ('checkHasActiveRole', org_admin_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   195
    'org_mentor': ('checkHasActiveRole', mentor_logic),
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   196
    'org_student': 'deny', #('checkHasActiveRole', student_logic),
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   197
    'user': 'checkIsUser',
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   198
    'user_self': ('checkIsUserSelf', 'scope_path'),
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   199
    }
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   200
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   201
  def __init__(self, params):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   202
    """Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   203
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   204
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   205
    base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   206
    self.rights = base.rights if base else {}
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   207
    self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   208
    self.user = None
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   209
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   210
  def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   211
    """Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   212
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   213
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   214
    oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   215
    self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   216
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   217
  def __getitem__(self, key):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   218
    """Retrieves the right checkers and massages then into a default format.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   219
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   220
    The result is guaranteed to be a list of 2-tuples, the first element is a
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   221
    checker (iff there is an checker with the specified name), the second
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   222
    element is a list of arguments that should be passed to the checker when
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   223
    calling it in addition to the standard django_args.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   224
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   225
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   226
    result = []
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   227
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   228
    for i in self.rights.get(key, []):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   229
      # Be nice an repack so that it is always a list with tuples
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   230
      if isinstance(i, tuple):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   231
        name, arg = i
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   232
        tmp = (name, (arg if isinstance(arg, list) else [arg]))
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   233
        result.append(tmp)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   234
      else:
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   235
        tmp = (i, [])
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   236
        result.append(tmp)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   237
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   238
    return result
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   239
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   240
  def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   241
    """Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   242
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   243
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   244
    return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   245
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   246
  def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   247
    """Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   248
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   249
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   250
    retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   251
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   252
    memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   253
    memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   254
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   255
  def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   256
    """Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   257
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   258
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   259
    memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   260
    return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   261
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   262
  def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   263
    """Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   264
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   265
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   266
    checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   267
    checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   268
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   269
  def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   270
    """Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   271
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   272
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   273
    cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   274
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   275
    if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   276
      try:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   277
        self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   278
        self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   279
        return
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   280
      except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   281
        self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   282
        raise
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   283
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   284
    if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   285
      return
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   286
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   287
    # re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   288
    raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   289
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   290
  def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   291
    """Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   292
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   293
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   294
    if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   295
      self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   296
    else:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   297
      self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   298
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   299
  def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   300
    """Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   301
    """
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   302
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   303
    self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   304
    self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   305
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   306
  def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   307
    """Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   308
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   309
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   310
      access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   311
      rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   312
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   313
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   314
    Rights usage:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   315
      The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   316
      to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   317
      are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   318
      request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   319
      are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   320
      the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   321
      type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   322
      value are called.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   323
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   324
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   325
    use_cache = django_args.get('SIDEBAR_CALLING')
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   326
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   327
    # Call each access checker
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   328
    for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   329
      self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   330
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   331
    if access_type not in self.rights:
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   332
      # No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   333
      for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   334
        self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   335
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   336
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   337
    for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   338
      self.check(use_cache, checker_name, django_args, args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   339
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   340
  def checkMembership(self, action, prefix, status, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   341
    """Checks whether the user has access to the specified status.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   342
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   343
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   344
      action: the action that was performed (e.g., 'read')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   345
      prefix: the prefix, determines what access set is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   346
      status: the access status (e.g., 'public')
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   347
      django_args: the django args to pass on to the checkers
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   348
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   349
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   350
    checker = rights_logic.Checker(prefix)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   351
    roles = checker.getMembership(status)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   352
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   353
    message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   354
        'action': action,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   355
        'prefix': prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   356
        'status': status,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   357
        }
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   358
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   359
    # try to see if they belong to any of the roles, if not, raise an
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   360
    # access violation for the specified action, prefix and status.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   361
    for role in roles:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   362
      try:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   363
        checker_name = self.MEMBERSHIP[role]
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   364
        self.doCheck(checker_name, django_args, [])
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   365
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   366
        # the check passed, we can stop now
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   367
        break
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   368
      except out_of_band.Error:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   369
        continue
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   370
    else:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   371
      raise out_of_band.AccessViolation(message_fmt)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   372
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   373
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   374
  def allow(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   375
    """Never raises an alternate HTTP response.  (an access no-op, basically).
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   376
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   377
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   378
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   379
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   380
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   381
    return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   382
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   383
  def deny(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   384
    """Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   385
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   386
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   387
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   388
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   389
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   390
      always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   391
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   392
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   393
    context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   394
    context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   395
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   396
    raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   397
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   398
  def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   399
    """Raises an alternate HTTP response if Google Account is not logged in.
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   400
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   401
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   402
      django_args: a dictionary with django's arguments
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   403
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   404
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   405
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   406
      * if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   407
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   408
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   409
    if self.id:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   410
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   411
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   412
    raise out_of_band.LoginRequest()
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   413
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   414
  def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   415
    """Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   416
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   417
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   418
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   419
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   420
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   421
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   422
      * if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   423
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   424
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   425
    if not self.id:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   426
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   427
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   428
    raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   429
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   430
  def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   431
    """Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   432
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   433
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   434
      django_args: a dictionary with django's arguments
895
e70ffd079438 Even developers need to agree to the terms of service for Melange
Sverre Rabbelier <srabbelier@gmail.com>
parents: 892
diff changeset
   435
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   436
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   437
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   438
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   439
      * if no Google Account is logged in at all
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   440
      * if User has not agreed to the site-wide ToS, if one exists
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   441
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   442
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   443
    self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   444
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   445
    if not self.user:
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   446
      raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   447
1017
6ad4fdb48840 Cache access checks and disable sidebar caching
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1016
diff changeset
   448
    if user_logic.agreesToSiteToS(self.user):
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   449
      return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   450
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   451
    # Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   452
    # agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   453
    login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   454
        'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   455
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   456
    raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   457
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   458
  @allowDeveloper
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   459
  def checkIsUserSelf(self, django_args, field_name):
1142
da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 1135
diff changeset
   460
    """Checks whether the specified user is the logged in user.
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   461
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   462
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   463
      django_args: the keyword args from django, only scope_path is used
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   464
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   465
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   466
    self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   467
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   468
    if not field_name in django_args:
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   469
      self.deny(django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   470
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   471
    if self.user.link_id == django_args[field_name]:
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   472
      return
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   473
1177
53c802c2a2e2 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1176
diff changeset
   474
    raise out_of_band.AccessViolation(DEF_NOT_YOUR_ENTITY_MSG)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   475
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   476
  def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   477
    """Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   478
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   479
    Args:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   480
      django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   481
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   482
    Raises:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   483
      AccessViolationResponse:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   484
      * if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   485
      * if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   486
    """
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   487
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   488
    self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   489
1192
b53fa1e05dbd Adds the possibility to exclude the user from the website.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1189
diff changeset
   490
    user_entity = user_logic.getForFields({'account':self.id}, unique=True)
b53fa1e05dbd Adds the possibility to exclude the user from the website.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1189
diff changeset
   491
b53fa1e05dbd Adds the possibility to exclude the user from the website.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1189
diff changeset
   492
    if not user_entity and not user_logic.isFormerAccount(self.id):
1048
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   493
      # this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   494
      return
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   495
1048
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   496
    message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   497
        'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   498
    raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1043
diff changeset
   499
1043
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   500
  def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   501
    """Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   502
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   503
    Args:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   504
      django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   505
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   506
    Raises:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   507
      AccessViolationResponse:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   508
      * if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   509
      * if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   510
    """
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   511
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   512
    self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   513
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   514
    if not self.user:
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   515
      raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   516
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   517
    return
5e15994b2033 Redone the user's profile page.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1037
diff changeset
   518
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   519
  def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   520
    """Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   521
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   522
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   523
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   524
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   525
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   526
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   527
      * if User is not a Developer, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   528
      * if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   529
      * if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   530
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   531
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   532
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   533
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   534
    if accounts.isDeveloper(account=self.id, user=self.user):
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   535
      return
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   536
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   537
    login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   538
        'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   539
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   540
    raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   541
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   542
  @allowDeveloper
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   543
  @denySidebar
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   544
  def checkIsActive(self, django_args, logic,
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   545
                    field_name='scope_path', filter_field='link_id'):
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   546
    """Raises an alternate HTTP response if Group status is not active.
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   547
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   548
    Args:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   549
      django_args: a dictionary with django's arguments
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   550
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   551
    Raises:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   552
      AccessViolationResponse:
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   553
      * if no Group is found
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   554
      * if the Group status is not active
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   555
    """
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   556
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   557
    self.checkIsUser(django_args)
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   558
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   559
    if field_name and (field_name not in django_args):
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   560
      self.deny(django_args)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   561
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   562
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   563
        filter_field: django_args[filter_field],
1179
427d2ec42823 Rewrite getForFields to use GQL instead of the Query API
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1177
diff changeset
   564
        'status': 'active',
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   565
        }
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   566
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   567
    if field_name:
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   568
      fields['scope_path'] = django_args[field_name]
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   569
1179
427d2ec42823 Rewrite getForFields to use GQL instead of the Query API
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1177
diff changeset
   570
    entity = logic.getForFields(fields, unique=True)
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   571
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   572
    if entity:
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   573
      return
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   574
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   575
    raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   576
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   577
  def checkHasActiveRole(self, django_args, logic, field_name=None):
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   578
    """Checks that the user has the specified active role.
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   579
    """
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   580
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   581
    if not field_name:
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   582
      field_name = 'scope_path'
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   583
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   584
    django_args['user'] = self.user
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   585
    self.checkIsActive(django_args, logic, field_name, 'user')
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   586
1189
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   587
  def checkSeeded(self, django_args, checker_name, *args):
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   588
    """Wrapper to update the django_args with the contens of seed first.
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   589
    """
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   590
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   591
    django_args.update(django_args.get('seed', {}))
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   592
    self.doCheck(checker_name, django_args, args)
14357ec13647 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1184
diff changeset
   593
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   594
  def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   595
    """Raises an alternate HTTP response if the specified group is not in an
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   596
    active status.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   597
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   598
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   599
      group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   600
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   601
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   602
    self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   603
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   604
    group_entity = role_logic.getGroupEntityFromScopePath(
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   605
        group_logic.logic, django_args['scope_path'])
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   606
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   607
    if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   608
      raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   609
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   610
    if group_entity.status != 'active':
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   611
      # tell the user that this group is not active
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   612
      raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   613
979
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   614
    return
789e70941055 Added checkCanMakeRequestToGroup to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 974
diff changeset
   615
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   616
  def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   617
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   618
       or if it's status is not group_accepted. Also when the group this request
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   619
       is from is in an inactive or invalid status access will be denied.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   620
    """
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   621
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   622
    self.checkIsUserSelf(django_args, 'link_id')
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   623
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   624
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   625
        'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   626
        'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   627
        'role': role_name,
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   628
        'status': 'group_accepted',
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   629
        }
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   630
1176
c211191e7d81 Fixed access related bugs
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1163
diff changeset
   631
    entity = request_logic.getForFields(fields, unique=True)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   632
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   633
    if entity and (entity.scope.status not in ['invalid', 'inactive']):
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   634
      return
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   635
1177
53c802c2a2e2 More access related fixes
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1176
diff changeset
   636
    raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   637
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   638
  def checkIsMyGroupAcceptedRequest(self, django_args):
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   639
    """Checks whether the user can accept the specified request.
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   640
    """
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   641
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   642
    self.checkCanCreateFromRequest(django_args, django_args['role'])
972
43018f61b481 Remove the request and arg parameter from the checkAccess call
Sverre Rabbelier <srabbelier@gmail.com>
parents: 970
diff changeset
   643
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   644
  def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   645
    """Raises an alternate HTTP response if the specified request does not exist
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   646
       or if it's status is completed or denied. Also Raises an alternate HTTP response
1061
09c243461de8 Redone access checks concerning groups to deal with the state property.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1048
diff changeset
   647
       whenever the group in the request is not active.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   648
    """
948
bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 943
diff changeset
   649
1198
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   650
    self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1192
diff changeset
   651
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   652
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   653
        'link_id': django_args['link_id'],
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   654
        'scope_path': django_args['scope_path'],
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   655
        'role': role_name,
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   656
        }
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   657
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   658
    request_entity = request_logic.getFromKeyFieldsOr404(fields)
960
129efa976d6d Added checkCanProcessRequest in access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 958
diff changeset
   659
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   660
    if request_entity.status in ['completed', 'denied']:
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   661
      raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   662
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   663
    if request_entity.scope.status == 'active':
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   664
      return
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   665
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   666
    raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   667
1218
569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1203
diff changeset
   668
  @allowDeveloper
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   669
  @denySidebar
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   670
  def checkIsHostForProgram(self, django_args):
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   671
    """Checks if the user is a host for the specified program.
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   672
    """
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   673
1218
569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1203
diff changeset
   674
    program = program_logic.getFromKeyFields(django_args)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   675
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   676
    if not program or program.status == 'invalid':
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   677
      self.deny(django_args)
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   678
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   679
    new_args = {'scope_path': program.scope_path }
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   680
    self.checkHasActiveRole(new_args, host_logic)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   681
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   682
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   683
  @allowDeveloper
1223
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   684
  @denySidebar
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   685
  def checkIsActivePeriod(self, django_args, period_name, key_name_arg):
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   686
    """Checks if the given period is active for the given program.
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   687
    
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   688
    Args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   689
      django_args: a dictionary with django's arguments.
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   690
      period_name: the name of the period which is checked.
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   691
      key_name_arg: the entry in django_args that specifies the given program
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   692
        keyname. If none is given the key_name is constructed from django_args
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   693
        itself.
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   694
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   695
    Raises:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   696
      AccessViolationResponse:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   697
      * if no active Program is found
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   698
      * if the period is not active
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   699
    """
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   700
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   701
    if key_name_arg and key_name_arg in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   702
      key_name = django_args[key_name_arg]
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   703
    else:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   704
      key_name = program_logic.getKeyNameFromFields(fields)
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   705
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   706
    program_entity = program_logic.getFromKeyName(key_name)
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   707
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   708
    if not program_entity or (
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   709
        program_entity.status in ['inactive', 'invalid']):
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   710
      raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   711
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   712
    if timeline_helper.isActivePeriod(program_entity.timeline, period_name):
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   713
      return
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   714
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   715
    raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   716
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   717
  def checkCanCreateOrgApp(self, django_args, period_name):
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   718
    if 'seed' in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   719
      return self.checkIsActivePeriod(django_args['seed'], 
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   720
          period_name, 'scope_path')
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   721
    else:
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   722
      return
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   723
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   724
aca77e2cc8f7 Added new access checks to deal with timeline for programs.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1218
diff changeset
   725
  @allowDeveloper
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   726
  def checkCanEditGroupApp(self, django_args, group_app_logic):
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   727
    """Checks if the group_app in args is valid to be edited by the current user.
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   728
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   729
    Args:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   730
      group_app_logic: A logic instance for the Group Application
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   731
    """
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   732
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   733
    self.checkIsUser(django_args)
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   734
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   735
    fields = {
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   736
        'link_id': django_args['link_id'],
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   737
        'applicant': self.user,
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   738
        'status' : ['needs review', 'rejected']
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   739
        }
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   740
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   741
    if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   742
      fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   743
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   744
    entity = group_app_logic.getForFields(fields)
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   745
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   746
    if entity:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   747
      return
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   748
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   749
    raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   750
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   751
1201
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   752
  @allowSidebar
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   753
  def checkCanReviewGroupApp(self, django_args, group_app_logic):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   754
    """Checks if the group_app in args is valid to be reviewed.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   755
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   756
    Args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   757
      group_app_logic: A logic instance for the Group Application
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   758
    """
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   759
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   760
    if 'link_id' not in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   761
      # calling review overview, so we can't check a specified entity
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   762
      return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   763
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   764
    fields = {
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   765
        'link_id': django_args['link_id'],
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   766
        'status' : ['needs review', 'accepted', 'rejected', 'ignored']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   767
        }
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   768
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   769
    if 'scope_path' in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   770
      fields['scope_path'] = django_args['scope_path']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   771
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   772
    entity = group_app_logic.getForFields(fields)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   773
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   774
    if entity:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   775
      return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   776
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   777
    raise out_of_band.AccessViolation(message_fmt=DEF_REVIEW_COMPLETED_MSG)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   778
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1200
diff changeset
   779
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   780
  @allowDeveloper
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   781
  def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   782
    """Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   783
       entity for the specified Club.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   784
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   785
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   786
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   787
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   788
     Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   789
       AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   790
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   791
    Returns:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   792
      None if Club App  exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   793
      of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   794
      should be returned by the calling view.
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   795
    """
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   796
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   797
    self.checkIsUser(django_args)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   798
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   799
    properties = {
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   800
        'applicant': self.user,
1085
0afbdd0905ef Renamed state to status where appropriate.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1080
diff changeset
   801
        'status': 'accepted'
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   802
        }
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   803
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   804
    application = app_logic.getForFields(properties, unique=True)
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   805
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   806
    if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   807
      return
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   808
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   809
    # TODO(srabbelier) Make this give a proper error message
1023
d849b47645f9 Bugfixes after recent refactoring
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1017
diff changeset
   810
    self.deny(django_args)
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   811
1180
6290c9e49848 Fixed club_app
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1179
diff changeset
   812
  def checkIsMyEntity(self, django_args, logic,
6290c9e49848 Fixed club_app
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1179
diff changeset
   813
                      field_name='user', user=False):
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   814
    """Checks whether the entity belongs to the user.
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   815
    """
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   816
1012
73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1007
diff changeset
   817
    self.checkIsUser(django_args)
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   818
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   819
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   820
        'link_id': django_args['link_id'],
1180
6290c9e49848 Fixed club_app
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1179
diff changeset
   821
        field_name: self.user if user else self.user.key().name()
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   822
        }
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   823
1200
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   824
    if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   825
      fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1198
diff changeset
   826
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   827
    entity = logic.getForFields(fields)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   828
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   829
    if entity:
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   830
      return
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   831
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   832
    raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   833
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   834
  @allowDeveloper
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   835
  @denySidebar
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   836
  def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   837
    """Returns an alternate HTTP response if the user is not allowed to manage
1068
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   838
       the role given in args. 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   839
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   840
     Args:
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   841
       role_logic: determines the logic for the role in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   842
       manage_role_logic: determines the logic for the role which is allowed 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   843
           to manage this role.
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   844
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   845
     Raises:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   846
       AccessViolationResponse: if the required authorization is not met
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   847
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   848
    Returns:
1068
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   849
      None if the given role is active and belongs to the current user.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   850
      None if the current User has an active role (from manage_role_logic) 
8a06ebff014e Changed docstring for checkIsAllowedToManageRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1066
diff changeset
   851
           that belongs to the same scope as the role that needs to be managed
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   852
    """
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   853
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   854
    try:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   855
      # check if it is my role the user's own role
1203
38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1201
diff changeset
   856
      self.checkHasActiveRole(django_args, role_logic)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   857
    except out_of_band.Error:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   858
      pass
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   859
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   860
    # apparently it's not the user's role so check if managing this role is allowed
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   861
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   862
        'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   863
        'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   864
        'status': 'active',
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   865
        }
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   866
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   867
    role_entity = role_logic.getForFields(fields)
914
6ec8dd2a73b3 Added various access methods in preperation for the new request system.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 895
diff changeset
   868
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   869
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   870
        'link_id': self.user.link_id,
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   871
        'scope_path': django_args['scope_path'],
1142
da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 1135
diff changeset
   872
        'status': 'active'
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   873
        }
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   874
1184
bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1180
diff changeset
   875
    manage_entity = manage_role_logic.getForFields(fields, unique=True)
1066
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   876
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   877
    if not manage_entity:
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   878
      self.deny(django_args)
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   879
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   880
    return
b22750a2b04a Added checkIsAllowedToManageRole to access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1061
diff changeset
   881
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   882
  def checkHasPickGetArgs(self, django_args):
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   883
    """Raises an alternate HTTP response if the request misses get args.
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   884
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   885
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   886
      django_args: a dictionary with django's arguments
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   887
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   888
    Raises:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   889
      AccessViolationResponse:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   890
      * if continue is not in request.GET
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   891
      * if field is not in request.GET
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   892
    """
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   893
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   894
    get_args = django_args.get('GET', {})
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   895
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   896
    if 'continue' in get_args and 'field' in get_args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   897
      return
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   898
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   899
    raise out_of_band.Error(message_fmt=DEF_NEED_PICK_ARGS_MSG)
931
1131884c3c56 Add a simple access check for a picker
Sverre Rabbelier <srabbelier@gmail.com>
parents: 927
diff changeset
   900
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   901
  @denySidebar
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   902
  @allowDeveloper
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   903
  def checkIsDocumentReadable(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   904
    """Checks whether a document is readable.
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   905
1007
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   906
    Args:
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   907
      django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module
Sverre Rabbelier <srabbelier@gmail.com>
parents: 999
diff changeset
   908
    """
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   909
1115
0a723ff3d27c Cleanups in base.Logic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1107
diff changeset
   910
    key_fields = document_logic.getKeyFieldsFromFields(django_args)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   911
    document = document_logic.getFromKeyFields(key_fields)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   912
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   913
    self.checkMembership('read', document.prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   914
                         document.read_access, django_args)
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   915
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   916
  @denySidebar
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   917
  @allowDeveloper
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   918
  def checkIsDocumentWritable(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   919
    """Checks whether a document is writable.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   920
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   921
    Args:
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   922
      django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   923
    """
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   924
1218
569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1203
diff changeset
   925
    document = document_logic.getFromKeyFields(django_args)
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   926
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   927
    self.checkMembership('write', document.prefix,
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   928
                         document.write_access, django_args)
1074
94bc2a9ae103 Properly check if a program is active
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1073
diff changeset
   929
1135
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   930
  def checkCanEditTimeline(self, django_args):
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   931
    """Checks whether this program's timeline may be edited.
24d695060863 Hook up the ACL system for documents.
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1122
diff changeset
   932
    """
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   933
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   934
    time_line_keyname = django_args['scope_path']
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   935
    timeline_entity = timeline_logic.getFromKeyName(time_line_keyname)
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   936
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   937
    if not timeline_entity:
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   938
      # timeline does not exists so deny
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   939
      self.deny(django_args)
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   940
1122
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
   941
    split_keyname = time_line_keyname.rsplit('/')
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   942
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   943
    fields = {
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   944
        'scope_path' : split_keyname[0],
1122
659984867a9a Removed workflow type as keyfield from program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1115
diff changeset
   945
        'link_id' : split_keyname[1],
1107
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   946
        }
a878188e225c Added status to program.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 1085
diff changeset
   947
1163
d8c50be19232 Cleaned up access.py
Sverre Rabbelier <srabbelier@gmail.com>
parents: 1142
diff changeset
   948
    self.checkIsHostForProgram(fields)