app/soc/views/helper/access.py
author Todd Larsen <tlarsen@google.com>
Wed, 21 Jan 2009 21:41:36 +0000
changeset 890 b3bf833c4580
parent 889 5f3136a5eb4c
child 891 3d40190f35b6
permissions -rw-r--r--
Tighten more checkIsUser() access to checkAgreesToSiteToS() instead. Update the checkIsHost() comment. Patch by: Todd Larsen Review by: to-be-reviewed
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     1
#!/usr/bin/python2.5
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     2
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     3
# Copyright 2008 the Melange authors.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     4
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     5
# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     6
# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     7
# You may obtain a copy of the License at
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     8
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     9
#   http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    10
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    11
# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    12
# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    14
# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    15
# limitations under the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    16
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    17
"""Access control helper.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    18
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    19
The functions in this module can be used to check access control
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    20
related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    21
met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    22
either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    23
do not meet the required criteria.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    24
"""
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    25
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    26
__authors__ = [
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    27
  '"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    28
  '"Sverre Rabbelier" <sverre@rabbelier.nl>',
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
    29
  '"Lennard de Rijk" <ljvderijk@gmail.com>',
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    30
  '"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    31
  ]
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    32
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    33
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    34
from google.appengine.api import users
315
c4f1a07ee340 Add missing blank lines between imports in access.py module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 309
diff changeset
    35
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
    36
from django.core import urlresolvers
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    37
from django.utils.translation import ugettext_lazy
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    38
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
    39
from soc.logic import accounts
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
    40
from soc.logic import dicts
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    41
from soc.logic.models.host import logic as host_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    42
from soc.logic.models.notification import logic as notification_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    43
from soc.logic.models.request import logic as request_logic
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
    44
from soc.logic.models.user import logic as user_logic
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    45
from soc.views import helper
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
    46
from soc.views import out_of_band
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    47
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    48
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    49
DEF_NO_USER_LOGIN_MSG_FMT = ugettext_lazy(
446
0b479d573a4c Refactoring of {site/home}_settings to make them use base.View
Sverre Rabbelier <srabbelier@gmail.com>
parents: 389
diff changeset
    50
  'Please create <a href="/user/edit">User Profile</a>'
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    51
  ' in order to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    52
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    53
DEF_AGREE_TO_TOS_MSG_FMT = ugettext_lazy(
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    54
  'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    55
  ' Service</a> in your <a href="/user/edit">User Profile</a>'
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    56
  ' in order to view this page.')
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
    57
320
a0a86306e7f6 Some indentations fixes and ugettext_lazy() wrap up for DEF_DEV_LOGOUT_LOGIN_MSG_FMT in access.py.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 315
diff changeset
    58
DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext_lazy(
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    59
  'Please <a href="%%(sign_out)s">sign out</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    60
  ' and <a href="%%(sign_in)s">sign in</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    61
  ' again as %(role)s to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    62
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    63
DEF_PAGE_DENIED_MSG = ugettext_lazy(
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    64
  'Access to this page has been restricted')
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    65
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    66
DEF_LOGOUT_MSG_FMT = ugettext_lazy(
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    67
    'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    68
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    69
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
    70
def checkAccess(access_type, request, rights, args=None, kwargs=None):
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    71
  """Runs all the defined checks for the specified type.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    72
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    73
  Args:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    74
    access_type: the type of request (such as 'list' or 'edit')
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    75
    request: the Django request object
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    76
    rights: a dictionary containing access check functions
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    77
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    78
  Rights usage: 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    79
    The rights dictionary is used to check if the current user is allowed 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    80
    to view the page specified. The functions defined in this dictionary 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    81
    are always called with the django request object as argument. On any 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    82
    request, regardless of what type, the functions in the 'any_access' value 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    83
    are called. If the specified type is not in the rights dictionary, all 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    84
    the functions in the 'unspecified' value are called. When the specified 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    85
    type _is_ in the rights dictionary, all the functions in that access_type's 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    86
    value are called.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    87
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    88
  Returns:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    89
    True: If all the required access checks have been made successfully
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    90
    False: If a check failed, in this case self._response will contain
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    91
      the response provided by the failed access check.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    92
  """
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    93
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    94
  # Call each access checker
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    95
  for check in rights['any_access']:
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
    96
    check(request, args, kwargs)
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    97
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    98
  if access_type not in rights:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    99
    for check in rights['unspecified']:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   100
      # No checks defined, so do the 'generic' checks and bail out
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   101
      check(request, args, kwargs)
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   102
    return
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   103
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   104
  for check in rights[access_type]:
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   105
    check(request, args, kwargs)
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   106
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
   107
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   108
def allow(request, args, kwargs):
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   109
  """Never raises an alternate HTTP response.  (an access no-op, basically)
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   110
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   111
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   112
    request: a Django HTTP request
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   113
  """
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   114
  return
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   115
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   116
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   117
def deny(request, args, kwargs):
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   118
  """Always raises an alternate HTTP response.
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   119
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   120
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   121
    request: a Django HTTP request
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   122
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   123
  Raises:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   124
    always raises AccessViolationResponse if called
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   125
  """
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   126
  context = {}
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   127
  context['title'] = 'Access denied'
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   128
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   129
  raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   130
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   131
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   132
def checkIsLoggedIn(request, args, kwargs):
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   133
  """Raises an alternate HTTP response if Google Account is not logged in.
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   134
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   135
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   136
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   137
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   138
  Raises:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   139
    AccessViolationResponse:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   140
    * if no Google Account is even logged in
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   141
  """
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   142
  if users.get_current_user():
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   143
    return
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   144
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   145
  raise out_of_band.LoginRequest()
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   146
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   147
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   148
def checkNotLoggedIn(request, args, kwargs):
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   149
  """Raises an alternate HTTP response if Google Account is logged in.
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   150
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   151
  Args:
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   152
    request: a Django HTTP request
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   153
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   154
  Raises:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   155
    AccessViolationResponse:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   156
    * if a Google Account is currently logged in
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   157
  """
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   158
  if not users.get_current_user():
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   159
    return
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   160
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   161
  raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   162
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   163
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   164
def checkIsUser(request, args, kwargs):
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   165
  """Raises an alternate HTTP response if Google Account has no User entity.
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   166
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   167
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   168
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   169
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   170
  Raises:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   171
    AccessViolationResponse:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   172
    * if no User exists for the logged-in Google Account, or
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   173
    * if no Google Account is logged in at all
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   174
  """
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   175
  checkIsLoggedIn(request, args, kwargs)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   176
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   177
  user = user_logic.getForFields({'account': users.get_current_user()},
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   178
                                 unique=True)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   179
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   180
  if user:
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   181
    return
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   182
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   183
  raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG_FMT)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   184
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   185
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   186
def checkAgreesToSiteToS(request, args, kwargs):
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   187
  """Raises an alternate HTTP response if User has not agreed to site-wide ToS.
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   188
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   189
  Args:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   190
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   191
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   192
  Raises:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   193
    AccessViolationResponse:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   194
    * if User has not agreed to the site-wide ToS, or
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   195
    * if no User exists for the logged-in Google Account, or
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   196
    * if no Google Account is logged in at all
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   197
  """
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   198
  checkIsUser(request, args, kwargs)
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   199
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   200
  user = user_logic.getForFields({'account': users.get_current_user()},
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   201
                                 unique=True)
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   202
  
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   203
  if user_logic.agreesToSiteToS(user):
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   204
    return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   205
888
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   206
  # Would not reach this point of site-wide ToS did not exist, since
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   207
  # agreesToSiteToS() call above always returns True if no ToS is in effect.
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   208
  login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   209
      'tos_link': 'TODO(tlarsen): fix circular import first to make this work'}
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   210
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   211
  raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   212
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   213
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   214
def checkIsDeveloper(request, args, kwargs):
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   215
  """Raises an alternate HTTP response if Google Account is not a Developer.
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   216
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   217
  Args:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   218
    request: a Django HTTP request
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   219
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   220
  Raises:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   221
    AccessViolationResponse:
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   222
    * if User is not a Developer, or
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   223
    * if no User exists for the logged-in Google Account, or
a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed).
Todd Larsen <tlarsen@google.com>
parents: 887
diff changeset
   224
    * if no Google Account is logged in at all
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   225
  """
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   226
  # Developers need to bypass the ToS check to avoid "chicken-and-egg" problem
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   227
  checkIsUser(request, args, kwargs)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   228
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
   229
  if accounts.isDeveloper(account=users.get_current_user()):
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   230
    return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   231
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   232
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
   233
      'role': 'a Site Developer '}
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   234
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   235
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   236
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   237
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   238
def checkIsHost(request, args, kwargs):
890
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   239
  """Raises an alternate HTTP response if Google Account has no Host entity
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   240
     for the specified program.
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   241
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   242
  Args:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   243
    request: a Django HTTP request
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   244
890
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   245
  Raises:
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   246
    AccessViolationResponse:
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   247
    * if User has not been invited to be a Host, or
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   248
    * if User is not already a Host, or
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   249
    * if User has not agreed to the site-wide ToS, or
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   250
    * if no User exists for the logged-in Google Account, or
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   251
    * if the user is not even logged in
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   252
  """
890
b3bf833c4580 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Todd Larsen <tlarsen@google.com>
parents: 889
diff changeset
   253
  checkAgreesToSiteToS(request, args, kwargs)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   254
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   255
  try:
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   256
    # if the current user is invited to create a host profile we allow access
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   257
    checkIsInvited(request, args, kwargs)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   258
    return
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   259
  except out_of_band.Error:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   260
    pass
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   261
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   262
  user = user_logic.getForFields({'account': users.get_current_user()},
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   263
                                 unique=True)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   264
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   265
  host = host_logic.getForFields({'user': user}, unique=True)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   266
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   267
  if host:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   268
    return
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   269
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   270
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
   271
      'role': 'a Program Administrator '}
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   272
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   273
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   274
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   275
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   276
def checkIsClubAdminForClub(request, args, kwargs):
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   277
  """Returns an alternate HTTP response if Google Account has no Club Admin
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   278
     entity for the specified club.
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   279
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   280
  Args:
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   281
    request: a Django HTTP request
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   282
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   283
   Raises:
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   284
     AccessViolationResponse: if the required authorization is not met
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   285
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   286
  Returns:
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   287
    None if Club Admin exists for the specified club, or a subclass of
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   288
    django.http.HttpResponse which contains the alternate response
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   289
    should be returned by the calling view.
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   290
  """
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   291
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   292
  try:
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   293
    # if the current user is invited to create a host profile we allow access
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   294
    checkIsDeveloper(request, args, kwargs)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   295
    return
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   296
  except out_of_band.Error:
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   297
    pass
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   298
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   299
  checkAgreesToSiteToS(request, args, kwargs)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   300
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   301
  # TODO(srabbelier) implement this
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   302
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   303
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   304
      'role': 'a Club Admin for this Club'}
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   305
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   306
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   307
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   308
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   309
def checkIsInvited(request, args, kwargs):
389
9b873166d7d5 Fix identions, too long lines, unused imports and some other mistakes.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 361
diff changeset
   310
  """Returns an alternate HTTP response if Google Account has no Host entity
9b873166d7d5 Fix identions, too long lines, unused imports and some other mistakes.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 361
diff changeset
   311
     for the specified program.
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   312
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   313
  Args:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   314
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   315
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   316
   Raises:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   317
     AccessViolationResponse: if the required authorization is not met
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   318
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   319
  Returns:
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   320
    None if Host exists for the specified program, or a subclass of
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   321
    django.http.HttpResponse which contains the alternate response
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   322
    should be returned by the calling view.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   323
  """
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   324
633
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   325
  try:
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   326
    # if the current user is a developer we allow access
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   327
    checkIsDeveloper(request, args, kwargs)
633
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   328
    return
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   329
  except out_of_band.Error:
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   330
    pass
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   331
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   332
  checkAgreesToSiteToS(request, args, kwargs)
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   333
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   334
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
   335
      'role': 'a Program Administrator for this Program'}
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   336
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   337
  splitpath = request.path.split('/')
713
bcd480745f44 Thinkofix in access.checkIsInvited
Sverre Rabbelier <srabbelier@gmail.com>
parents: 709
diff changeset
   338
  splitpath = splitpath[1:] # cut off leading ''
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   339
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   340
  if len(splitpath) < 4:
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   341
    # TODO: perhaps this needs a better explanation?
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   342
    deny(request, args, kwargs)
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   343
713
bcd480745f44 Thinkofix in access.checkIsInvited
Sverre Rabbelier <srabbelier@gmail.com>
parents: 709
diff changeset
   344
  role = splitpath[0]
bcd480745f44 Thinkofix in access.checkIsInvited
Sverre Rabbelier <srabbelier@gmail.com>
parents: 709
diff changeset
   345
  group_id = splitpath[2]
bcd480745f44 Thinkofix in access.checkIsInvited
Sverre Rabbelier <srabbelier@gmail.com>
parents: 709
diff changeset
   346
  user_id = splitpath[3]
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   347
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   348
  user = user_logic.getForFields({'account': users.get_current_user()},
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   349
                                 unique=True)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   350
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   351
  if user_id != user.link_id:
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   352
    # TODO: perhaps this needs a better explanation?
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   353
    deny(request, args, kwargs)
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   354
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   355
  properties = {
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   356
      'link_id': user_id,
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   357
      'role': role,
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   358
      'scope_path': group_id,
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   359
      'group_accepted': True,
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   360
      }
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   361
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   362
  request = request_logic.getForFields(properties, unique=True)
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   363
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   364
  if request:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   365
    return
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   366
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   367
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   368
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   369
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   370
def checkIsApplicationAccepted(app_logic):
802
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   371
  """Returns an alternate HTTP response if Google Account has no Club App
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   372
     entity for the specified Club.
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   373
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   374
  Args:
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   375
    request: a Django HTTP request
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   376
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   377
   Raises:
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   378
     AccessViolationResponse: if the required authorization is not met
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   379
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   380
  Returns:
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   381
    None if Club App  exists for the specified program, or a subclass
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   382
    of django.http.HttpResponse which contains the alternate response
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   383
    should be returned by the calling view.
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   384
  """
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   385
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   386
  def wrapper(request, args, kwargs):
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   387
    try:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   388
      # if the current user is a developer we allow access
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   389
      checkIsDeveloper(request, args, kwargs)
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   390
      return
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   391
    except out_of_band.Error:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   392
      pass
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   393
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   394
    checkAgreesToSiteToS(request, args, kwargs)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   395
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   396
    user = user_logic.getForCurrentAccount()
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   397
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   398
    properties = {
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   399
        'applicant': user,
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   400
        'reviewed': True,
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   401
        'accepted': True,
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   402
        'application_completed': False,
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   403
        }
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   404
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   405
    application = app_logic.logic.getForFields(properties, unique=True)
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   406
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   407
    if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   408
      return
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   409
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   410
    # TODO(srabbelier) Make this give a proper error message
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   411
    deny(request, args, kwargs)
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   412
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   413
  return wrapper
814
25ffebd9fa8f Implement the checkIsClubAppAccepted function
Sverre Rabbelier <srabbelier@gmail.com>
parents: 802
diff changeset
   414
802
95c534d02e39 Added Club Admin model, logic, and view
Sverre Rabbelier <srabbelier@gmail.com>
parents: 796
diff changeset
   415
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   416
def checkIsMyNotification(request, args, kwargs):
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   417
  """Returns an alternate HTTP response if this request is for a Notification belonging
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   418
     to the current user.
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   419
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   420
  Args:
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   421
    request: a Django HTTP request
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   422
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   423
   Raises:
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   424
     AccessViolationResponse: if the required authorization is not met
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   425
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   426
  Returns:
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   427
    None if the current User is allowed to access this Notification.
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   428
  """
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   429
  
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   430
  try:
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   431
    # if the current user is a developer we allow access
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   432
    checkIsDeveloper(request, args, kwargs)
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   433
    return
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   434
  except out_of_band.Error:
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   435
    pass
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   436
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   437
  checkAgreesToSiteToS(request, args, kwargs)
729
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   438
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   439
  # Mine the url for params
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   440
  try:
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   441
    callback, args, kwargs = urlresolvers.resolve(request.path)
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   442
  except Exception:
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   443
    deny(request, args, kwargs)
729
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   444
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   445
  properties = dicts.filter(kwargs, ['link_id', 'scope_path'])
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   446
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   447
  notification = notification_logic.getForFields(properties, unique=True)
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   448
  user = user_logic.getForCurrentAccount()
729
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   449
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   450
  # We need to check to see if the key's are equal since the User
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   451
  # objects are different and the default __eq__ method does not check
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   452
  # if the keys are equal (which is what we want).
726
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   453
  if user.key() == notification.scope.key():
ba3d399ec9be Added Notifications.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 720
diff changeset
   454
    return None
729
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   455
7fe218e3d359 Make checkIsMyInvitation use Django to parse the URL
Sverre Rabbelier <srabbelier@gmail.com>
parents: 727
diff changeset
   456
  # TODO(ljvderijk) Make this give a proper error message
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   457
  deny(request, args, kwargs)
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   458
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   459
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   460
def checkIsMyApplication(app_logic):
796
126a1ef235ec Fixed a typo in the comment in helper/access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 791
diff changeset
   461
  """Returns an alternate HTTP response if this request is for a Application belonging
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   462
     to the current user.
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   463
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   464
  Args:
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   465
    request: a Django HTTP request
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   466
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   467
   Raises:
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   468
     AccessViolationResponse: if the required authorization is not met
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   469
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   470
  Returns:
796
126a1ef235ec Fixed a typo in the comment in helper/access.py.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 791
diff changeset
   471
    None if the current User is allowed to access this Application.
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   472
  """
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   473
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   474
  def wrapper(request, args, kwargs):
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   475
    try:
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   476
      # if the current user is a developer we allow access
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   477
      checkIsDeveloper(request, args, kwargs)
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   478
      return
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   479
    except out_of_band.Error:
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   480
      pass
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   481
889
5f3136a5eb4c Make checkAgreesToSiteToS() the default access check for many other checks.
Todd Larsen <tlarsen@google.com>
parents: 888
diff changeset
   482
    checkAgreesToSiteToS(request, args, kwargs)
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   483
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   484
    properties = dicts.filter(kwargs, ['link_id'])
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   485
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   486
    application = app_logic.logic.getForFields(properties, unique=True)
884
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   487
    
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   488
    if not application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   489
      deny(request, args, kwargs)
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 882
diff changeset
   490
    
887
b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide.
Todd Larsen <tlarsen@google.com>
parents: 884
diff changeset
   491
    user = user_logic.getForCurrentAccount()
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   492
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   493
    # We need to check to see if the key's are equal since the User
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   494
    # objects are different and the default __eq__ method does not check
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   495
    # if the keys are equal (which is what we want).
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   496
    if user.key() == application.applicant.key():
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   497
      return None
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   498
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   499
    # TODO(srabbelier) Make this give a proper error message
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   500
    deny(request, args, kwargs)
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   501
882
267e31f1a0b6 Added club_app model and logic.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 872
diff changeset
   502
  return wrapper
791
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   503
30da180c4bca Added the club_app view, logic and model
Sverre Rabbelier <srabbelier@gmail.com>
parents: 746
diff changeset
   504
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   505
def checkCanInvite(request, args, kwargs):
746
018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 729
diff changeset
   506
  """Checks to see if the current user can create an invite.
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   507
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   508
  Note that if the current url is not in the default 'request' form
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   509
  this method either deny()s or performs the wrong access check.
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   510
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   511
  Args:
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   512
    request: a Django HTTP request
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   513
  """
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   514
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   515
  try:
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   516
    # if the current user is a developer we allow access
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   517
    checkIsDeveloper(request, args, kwargs)
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   518
    return
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   519
  except out_of_band.Error:
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   520
    pass
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   521
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   522
  # Mine the url for params
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   523
  try:
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   524
    callback, args, kwargs = urlresolvers.resolve(request.path)
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   525
  except Exception:
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   526
    deny(request, args, kwargs)
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   527
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   528
  # Construct a new url by reshufling the kwargs
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   529
  order = ['role', 'access_type', 'scope_path', 'link_id']
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   530
  url_params = dicts.unzip(kwargs, order)
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   531
  url = '/'.join([''] + list(url_params))
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   532
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   533
  # Mine the reshufled url
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   534
  try:
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   535
    callback, args, kwargs = urlresolvers.resolve(url)
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   536
  except Exception:
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   537
    deny(request, args, kwargs)
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   538
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   539
  # Get the everything we need for the access check
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   540
  params = callback.im_self.getParams()
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   541
  access_type = kwargs['access_type']
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   542
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   543
  # Perform the access check
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   544
  checkAccess(access_type, request, rights=params['rights'])
720
9eb2522dfa83 Make it possible to invite another Host as Host
Sverre Rabbelier <srabbelier@gmail.com>
parents: 714
diff changeset
   545
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   546
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   547
def checkIsDocumentPublic(request, args, kwargs):
714
3e2ce3d8057a Add missing dots in docstrings, proper sorting of imports and small docstring typo fixes.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 713
diff changeset
   548
  """Checks whether a document is public.
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   549
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   550
  Args:
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   551
    request: a Django HTTP request
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   552
  """
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   553
714
3e2ce3d8057a Add missing dots in docstrings, proper sorting of imports and small docstring typo fixes.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 713
diff changeset
   554
  # TODO(srabbelier): A proper check needs to be done to see if the document
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   555
  # is public or not, probably involving analysing it's scope or such.
872
70e0b6d8ff73 Prepare access to receive args and kwargs as argument
Sverre Rabbelier <srabbelier@gmail.com>
parents: 814
diff changeset
   556
  allow(request, args, kwargs)