py_tasks_melange: app/soc/views/helper/access.py@c417a4188e73 (annotated)

293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	1	#!/usr/bin/python2.5
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	2	#
1308 35b75ffcbb37 Partially reverted "Update the copyright notice for 2009." Sverre Rabbelier <srabbelier@gmail.com> parents: 1307 diff changeset	3	# Copyright 2008 the Melange authors.
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	4	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	6	# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	7	# You may obtain a copy of the License at
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	8	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	10	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	14	# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	15	# limitations under the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	16
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	17	"""Access control helper.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	18
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	19	The functions in this module can be used to check access control
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	20	related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	21	met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	22	either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	23	do not meet the required criteria.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	24	"""
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	25
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	26	__authors__ = [
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	27	'"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	28	'"Sverre Rabbelier" <sverre@rabbelier.nl>',
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	29	'"Lennard de Rijk" <ljvderijk@gmail.com>',
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	30	'"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	31	]
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	32
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	33
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	34	from google.appengine.api import users
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	35	from google.appengine.api import memcache
315 c4f1a07ee340 Add missing blank lines between imports in access.py module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 309 diff changeset	36
746 018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 729 diff changeset	37	from django.core import urlresolvers
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	38	from django.utils.translation import ugettext
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	39
481 94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be Todd Larsen <tlarsen@google.com> parents: 448 diff changeset	40	from soc.logic import accounts
720 9eb2522dfa83 Make it possible to invite another Host as Host Sverre Rabbelier <srabbelier@gmail.com> parents: 714 diff changeset	41	from soc.logic import dicts
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	42	from soc.logic import rights as rights_logic
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	43	from soc.logic.helper import timeline as timeline_helper
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	44	from soc.logic.models.club_admin import logic as club_admin_logic
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	45	from soc.logic.models.club_member import logic as club_member_logic
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	46	from soc.logic.models.document import logic as document_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	47	from soc.logic.models.host import logic as host_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	48	from soc.logic.models.mentor import logic as mentor_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	49	from soc.logic.models.notification import logic as notification_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	50	from soc.logic.models.org_admin import logic as org_admin_logic
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	51	from soc.logic.models.organization import logic as org_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	52	from soc.logic.models.program import logic as program_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	53	from soc.logic.models.request import logic as request_logic
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	54	from soc.logic.models.role import logic as role_logic
891 3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect(). Todd Larsen <tlarsen@google.com> parents: 890 diff changeset	55	from soc.logic.models.site import logic as site_logic
1445 c2e09f7d62d9 Forgotten import Sverre Rabbelier <srabbelier@gmail.com> parents: 1444 diff changeset	56	from soc.logic.models.sponsor import logic as sponsor_logic
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	57	from soc.logic.models.student import logic as student_logic
1466 bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	58	from soc.logic.models.student_proposal import logic as student_proposal_logic
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	59	from soc.logic.models.timeline import logic as timeline_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	60	from soc.logic.models.user import logic as user_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	61	from soc.views.helper import redirects
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	62	from soc.views import helper
543 280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge Todd Larsen <tlarsen@google.com> parents: 525 diff changeset	63	from soc.views import out_of_band
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	64
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	65
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	66	DEF_NO_USER_LOGIN_MSG= ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	67	'Please create <a href="/user/create_profile">User Profile</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	68	' in order to view this page.')
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	69
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	70	DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	71	'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	72	' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	73	' in order to view this page.')
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	74
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	75	DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	76	'Please <a href="%%(sign_out)s">sign out</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	77	' and <a href="%%(sign_in)s">sign in</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	78	' again as %(role)s to view this page.')
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	79
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	80	DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	81	'You need to be in the %(status)s group to %(action)s'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	82	' documents in the %(prefix)s prefix.')
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	83
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	84	DEF_NEED_ROLE_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	85	'You do not have the required role.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	86
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	87	DEF_NOT_YOUR_ENTITY_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	88	'This entity does not belong to you.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	89
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	90	DEF_NO_ACTIVE_ENTITY_MSG = ugettext(
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	91	'There is no such active entity.')
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	92
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	93	DEF_NO_ACTIVE_GROUP_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	94	'There is no such active group.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	95
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	96	DEF_NO_ACTIVE_ROLE_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	97	'There is no such active role.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	98
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	99	DEF_ALREADY_PARTICIPATING_MSG = ugettext(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	100	'You cannot become a student because you are already participating '
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	101	'in this program.')
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	102
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	103	DEF_ALREADY_STUDENT_ROLE_MSG = ugettext(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	104	'You cannot become a Mentor or Organization Admin because you already are '
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	105	'a student in this program.')
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	106
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	107	DEF_NO_ACTIVE_PROGRAM_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	108	'There is no such active program.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	109
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	110	DEF_NO_REQUEST_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	111	'There is no accepted request that would allow you to visit this page.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	112
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	113	DEF_NO_APPLICATION_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	114	'There is no application that would allow you to visit this page.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	115
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	116	DEF_NEED_PICK_ARGS_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	117	'The "continue" and "field" args are not both present.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	118
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	119	DEF_REVIEW_COMPLETED_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	120	'This Application can not be reviewed anymore (it has been completed or rejected).')
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	121
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	122	DEF_REQUEST_COMPLETED_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	123	'This request cannot be accepted (it is either completed or denied).')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	124
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	125	DEF_SCOPE_INACTIVE_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	126	'The scope for this request is not active.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	127
1466 bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	128	DEF_SIGN_UP_AS_STUDENT_MSG = ugettext(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	129	'You need to sign up as a Student first.')
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	130
1318 3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	131	DEF_NO_LIST_ACCESS_MSG = ugettext(
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	132	'You do not have the required rights to list documents for this scope and prefix.')
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	133
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	134	DEF_PAGE_DENIED_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	135	'Access to this page has been restricted.')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	136
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	137	DEF_PREFIX_NOT_IN_ARGS_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	138	'A required GET url argument ("prefix") was not specified.')
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	139
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	140	DEF_PAGE_INACTIVE_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	141	'This page is inactive at this time.')
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	142
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	143	DEF_LOGOUT_MSG_FMT = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	144	'Please <a href="%(sign_out)s">sign out</a> in order to view this page.')
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	145
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	146	DEF_GROUP_NOT_FOUND_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	147	'The requested Group can not be found.')
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	148
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	149	DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	150	'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	151	' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	152	'<ul>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	153	' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	154	' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	155	' used to create another one</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	156	' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	157	'</ul>')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	158
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	159
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	160	def allowSidebar(fun):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	161	"""Decorator that allows access if the sidebar is calling.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	162	"""
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	163
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	164	from functools import wraps
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	165
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	166	@wraps(fun)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	167	def wrapper(self, django_args, args, *kwargs):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	168	if django_args.get('SIDEBAR_CALLING'):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	169	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	170	return fun(self, django_args, args, *kwargs)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	171	return wrapper
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	172
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	173
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	174	def denySidebar(fun):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	175	"""Decorator that denies access if the sidebar is calling.
612 3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	176	"""
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	177
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	178	from functools import wraps
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	179
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	180	@wraps(fun)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	181	def wrapper(self, django_args, args, *kwargs):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	182	if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	183	raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	184	return fun(self, django_args, args, *kwargs)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	185	return wrapper
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	186
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	187
1073 feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	188	def allowIfCheckPasses(checker_name):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	189	"""Returns a decorator that allows access if the specified checker passes.
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	190	"""
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	191
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	192	from functools import wraps
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	193
1073 feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	194	def decorator(fun):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	195	"""Decorator that allows access if the current user is a Developer.
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	196	"""
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	197
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	198	@wraps(fun)
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	199	def wrapper(self, django_args, args, *kwargs):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	200	try:
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	201	# if the check passes we allow access regardless
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	202	return self.doCheck(checker_name, django_args, [])
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	203	except out_of_band.Error:
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	204	# otherwise we run the original check
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	205	return fun(self, django_args, args, *kwargs)
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	206	return wrapper
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	207
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	208	return decorator
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	209
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	210
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	211	allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	212
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	213
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	214	class Checker(object):
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	215	"""
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	216	The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	217	when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	218	rather then modifying rights directly if so desired.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	219	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	220
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	221	MEMBERSHIP = {
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	222	'anyone': 'allow',
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	223	'club_admin': ('checkHasActiveRoleForScope', club_admin_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	224	'club_member': ('checkHasActiveRoleForScope', club_member_logic),
1444 b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	225	'host': ('checkHasDocumentAccess', [host_logic, 'sponsor']),
b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	226	'org_admin': ('checkHasDocumentAccess', [org_admin_logic, 'org']),
b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	227	'org_mentor': ('checkHasDocumentAccess', [mentor_logic, 'org']),
b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	228	'org_student': ('checkHasDocumentAccess', [student_logic, 'org']),
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	229	'user': 'checkIsUser',
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	230	'user_self': ('checkIsUserSelf', 'scope_path'),
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	231	}
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	232
1442 8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	233	#: the depths of various scopes to other scopes
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	234	# the 0 entries are not used, and are for clarity purposes only
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	235	SCOPE_DEPTH = {
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	236	'sponsor': (sponsor_logic, {'sponsor': 0}),
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	237	'program': (program_logic, {'sponsor': 1, 'program': 0}),
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	238	'org': (org_logic, {'sponsor': 2, 'program': 1, 'org': 0}),
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	239	}
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	240
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	241	def __init__(self, params):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	242	"""Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	243	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	244
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	245	base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	246	self.rights = base.rights if base else {}
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	247	self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	248	self.user = None
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	249
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	250	def normalizeChecker(self, checker):
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	251	"""Normalizes the checker to a pre-defined format.
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	252
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	253	The result is guaranteed to be a list of 2-tuples, the first element is a
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	254	checker (iff there is an checker with the specified name), the second
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	255	element is a list of arguments that should be passed to the checker when
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	256	calling it in addition to the standard django_args.
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	257	"""
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	258
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	259	# Be nice an repack so that it is always a list with tuples
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	260	if isinstance(checker, tuple):
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	261	name, arg = checker
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	262	return (name, (arg if isinstance(arg, list) else [arg]))
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	263	else:
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	264	return (checker, [])
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	265
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	266	def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	267	"""Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	268	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	269
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	270	oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	271	self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	272
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	273	def __getitem__(self, key):
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	274	"""Retrieves and normalizes the right checkers.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	275	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	276
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	277	return [self.normalizeChecker(i) for i in self.rights.get(key, [])]
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	278
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	279	def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	280	"""Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	281	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	282
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	283	return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	284
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	285	def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	286	"""Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	287	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	288
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	289	retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	290
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	291	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	292	memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	293
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	294	def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	295	"""Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	296	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	297
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	298	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	299	return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	300
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	301	def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	302	"""Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	303	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	304
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	305	checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	306	checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	307
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	308	def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	309	"""Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	310	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	311
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	312	cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	313
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	314	if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	315	try:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	316	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	317	self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	318	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	319	except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	320	self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	321	raise
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	322
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	323	if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	324	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	325
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	326	# re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	327	raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	328
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	329	def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	330	"""Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	331	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	332
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	333	if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	334	self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	335	else:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	336	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	337
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	338	def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	339	"""Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	340	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	341
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	342	self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	343	self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	344
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	345	def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	346	"""Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	347
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	348	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	349	access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	350	rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	351	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	352
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	353	Rights usage:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	354	The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	355	to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	356	are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	357	request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	358	are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	359	the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	360	type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	361	value are called.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	362	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	363
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	364	use_cache = django_args.get('SIDEBAR_CALLING')
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	365
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	366	# Call each access checker
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	367	for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	368	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	369
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	370	if access_type not in self.rights:
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	371	# No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	372	for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	373	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	374	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	375
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	376	for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	377	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	378
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	379	def hasMembership(self, roles, django_args):
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	380	"""Checks whether the user has access to any of the specified roles.
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	381
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	382	Args:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	383	roles: a list of roles to check
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	384	"""
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	385
1315 7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	386	try:
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	387	# we need to check manually, as we must return True!
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	388	self.checkIsDeveloper(django_args)
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	389	return True
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	390	except out_of_band.Error:
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	391	pass
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	392
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	393	for role in roles:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	394	try:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	395	checker_name, args = self.normalizeChecker(self.MEMBERSHIP[role])
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	396	self.doCheck(checker_name, django_args, args)
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	397	# the check passed, we can stop now
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	398	return True
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	399	except out_of_band.Error:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	400	continue
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	401
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	402	return False
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	403
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	404	@allowDeveloper
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	405	def checkMembership(self, action, prefix, status, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	406	"""Checks whether the user has access to the specified status.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	407
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	408	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	409	action: the action that was performed (e.g., 'read')
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	410	prefix: the prefix, determines what access set is used
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	411	status: the access status (e.g., 'public')
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	412	django_args: the django args to pass on to the checkers
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	413	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	414
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	415	checker = rights_logic.Checker(prefix)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	416	roles = checker.getMembership(status)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	417
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	418	message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	419	'action': action,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	420	'prefix': prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	421	'status': status,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	422	}
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	423
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	424	# try to see if they belong to any of the roles, if not, raise an
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	425	# access violation for the specified action, prefix and status.
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	426	if not self.hasMembership(roles, django_args):
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	427	raise out_of_band.AccessViolation(message_fmt)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	428
1486 c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	429	def checkHasAny(self, django_args, checks):
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	430	"""Checks if any of the checks passes.
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	431
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	432	If none of the specified checks passes, the exception that the first of the
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	433	checks raised is reraised.
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	434	"""
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	435
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	436	first = None
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	437
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	438	for checker_name, args in checks:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	439	try:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	440	self.doCheck(checker_name, django_args, args)
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	441	break
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	442	except out_of_band.Error, e:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	443	# store the first esception
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	444	first = first if first else e
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	445	else:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	446	# one check passed, all is well
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	447	return
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	448
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	449	# none passed, re-raise the first exception
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	450	raise first
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	451
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	452	def allow(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	453	"""Never raises an alternate HTTP response. (an access no-op, basically).
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	454
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	455	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	456	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	457	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	458
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	459	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	460
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	461	def deny(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	462	"""Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	463
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	464	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	465	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	466
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	467	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	468	always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	469	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	470
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	471	context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	472	context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	473
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	474	raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	475
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	476	def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	477	"""Raises an alternate HTTP response if Google Account is not logged in.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	478
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	479	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	480	django_args: a dictionary with django's arguments
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	481
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	482	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	483	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	484	* if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	485	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	486
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	487	if self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	488	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	489
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	490	raise out_of_band.LoginRequest()
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	491
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	492	def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	493	"""Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	494
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	495	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	496	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	497
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	498	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	499	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	500	* if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	501	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	502
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	503	if not self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	504	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	505
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	506	raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	507
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	508	def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	509	"""Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	510
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	511	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	512	django_args: a dictionary with django's arguments
895 e70ffd079438 Even developers need to agree to the terms of service for Melange Sverre Rabbelier <srabbelier@gmail.com> parents: 892 diff changeset	513
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	514	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	515	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	516	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	517	* if no Google Account is logged in at all
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	518	* if User has not agreed to the site-wide ToS, if one exists
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	519	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	520
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	521	self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	522
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	523	if not self.user:
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	524	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	525
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	526	if user_logic.agreesToSiteToS(self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	527	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	528
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	529	# Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	530	# agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	531	login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	532	'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	533
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	534	raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	535
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	536	@allowDeveloper
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	537	def checkIsUserSelf(self, django_args, field_name):
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	538	"""Checks whether the specified user is the logged in user.
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	539
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	540	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	541	django_args: the keyword args from django, only scope_path is used
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	542	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	543
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	544	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	545
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	546	if not field_name in django_args:
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	547	self.deny(django_args)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	548
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	549	if self.user.link_id == django_args[field_name]:
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	550	return
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	551
1177 53c802c2a2e2 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1176 diff changeset	552	raise out_of_band.AccessViolation(DEF_NOT_YOUR_ENTITY_MSG)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	553
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	554	def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	555	"""Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	556
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	557	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	558	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	559
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	560	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	561	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	562	* if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	563	* if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	564	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	565
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	566	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	567
1192 b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	568	user_entity = user_logic.getForFields({'account':self.id}, unique=True)
b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	569
b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	570	if not user_entity and not user_logic.isFormerAccount(self.id):
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	571	# this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	572	return
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	573
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	574	message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	575	'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	576	raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	577
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	578	def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	579	"""Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	580
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	581	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	582	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	583
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	584	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	585	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	586	* if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	587	* if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	588	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	589
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	590	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	591
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	592	if not self.user:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	593	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	594
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	595	return
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	596
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	597	def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	598	"""Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	599
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	600	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	601	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	602
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	603	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	604	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	605	* if User is not a Developer, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	606	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	607	* if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	608	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	609
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	610	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	611
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	612	if accounts.isDeveloper(account=self.id, user=self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	613	return
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	614
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	615	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	616	'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	617
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	618	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	619
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	620	@allowDeveloper
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	621	@denySidebar
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	622	def checkIsActive(self, django_args, logic,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	623	field_name='scope_path', filter_field='link_id'):
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	624	"""Raises an alternate HTTP response if the entity is not active.
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	625
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	626	Args:
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	627	django_args: a dictionary with django's arguments
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	628	logic: the logic that should be used to look up the entity
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	629	field_name: the name of the field that should be copied verbatim
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	630	If a format string is specified it will be formatted with
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	631	the specified django_args.
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	632	filter_field: the name of the field to which scope_path should be set
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	633
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	634	Raises:
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	635	AccessViolationResponse:
1438 e484f9acf999 Updated comments in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1435 diff changeset	636	* if no entity is found
e484f9acf999 Updated comments in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1435 diff changeset	637	* if the entity status is not active
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	638	"""
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	639
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	640	self.checkIsUser(django_args)
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	641
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	642	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	643	filter_field: django_args[filter_field],
1179 427d2ec42823 Rewrite getForFields to use GQL instead of the Query API Sverre Rabbelier <srabbelier@gmail.com> parents: 1177 diff changeset	644	'status': 'active',
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	645	}
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	646
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	647	if field_name:
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	648	# convert to a format string if desired
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	649	if field_name.find('%') == -1:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	650	field_name = ''.join(['%(', field_name, ')s'])
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	651
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	652	try:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	653	fields['scope_path'] = field_name % django_args
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	654	except KeyError, e:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	655	self.deny(django_args)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	656
1179 427d2ec42823 Rewrite getForFields to use GQL instead of the Query API Sverre Rabbelier <srabbelier@gmail.com> parents: 1177 diff changeset	657	entity = logic.getForFields(fields, unique=True)
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	658
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	659	if entity:
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	660	return
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	661
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	662	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	663
1441 e633906ed88d Make use of default value Sverre Rabbelier <srabbelier@gmail.com> parents: 1438 diff changeset	664	def checkHasActiveRoleForScope(self, django_args, logic,
e633906ed88d Make use of default value Sverre Rabbelier <srabbelier@gmail.com> parents: 1438 diff changeset	665	field_name='scope_path'):
1203 38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1201 diff changeset	666	"""Checks that the user has the specified active role.
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	667	"""
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	668
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	669	django_args['user'] = self.user
1184 bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller Sverre Rabbelier <srabbelier@gmail.com> parents: 1180 diff changeset	670	self.checkIsActive(django_args, logic, field_name, 'user')
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	671
1443 8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	672	def checkHasDocumentAccess(self, django_args, logic, target_scope):
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	673	"""Checks that the user has access to the specified document scope.
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	674	"""
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	675
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	676	prefix = django_args['prefix']
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	677	scope_logic, depths = self.SCOPE_DEPTH.get(prefix, (None, {}))
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	678	depth = depths.get(target_scope, 0)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	679
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	680	# nothing to do
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	681	if not (scope_logic and depth):
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	682	return self.checkHasActiveRoleForScope(django_args, logic)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	683
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	684	# we don't want to modify the original django args
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	685	django_args = django_args.copy()
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	686
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	687	entity = scope_logic.getFromKeyName(django_args['scope_path'])
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	688
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	689	# cannot have access to the specified scope if it is invalid
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	690	if not entity:
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	691	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	692
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	693	# walk up the scope to where we need to be
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	694	for _ in range(depth):
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	695	entity = entity.scope
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	696
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	697	django_args['scope_path'] = entity.key().name()
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	698
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	699	self.checkHasActiveRoleForScope(django_args, logic)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	700
1189 14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	701	def checkSeeded(self, django_args, checker_name, *args):
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	702	"""Wrapper to update the django_args with the contens of seed first.
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	703	"""
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	704
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	705	django_args.update(django_args.get('seed', {}))
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	706	self.doCheck(checker_name, django_args, args)
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	707
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	708	def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	709	"""Raises an alternate HTTP response if the specified group is not in an
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	710	active status.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	711
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	712	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	713	group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	714	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	715
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	716	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	717
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	718	group_entity = role_logic.getGroupEntityFromScopePath(
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	719	group_logic.logic, django_args['scope_path'])
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	720
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	721	if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	722	raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	723
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	724	if group_entity.status != 'active':
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	725	# tell the user that this group is not active
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	726	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	727
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	728	return
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	729
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	730	def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	731	"""Raises an alternate HTTP response if the specified request does not exist
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	732	or if it's status is not group_accepted. Also when the group this request
0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	733	is from is in an inactive or invalid status access will be denied.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	734	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	735
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	736	self.checkIsUserSelf(django_args, 'link_id')
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	737
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	738	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	739	'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	740	'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	741	'role': role_name,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	742	'status': 'group_accepted',
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	743	}
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	744
1176 c211191e7d81 Fixed access related bugs Sverre Rabbelier <srabbelier@gmail.com> parents: 1163 diff changeset	745	entity = request_logic.getForFields(fields, unique=True)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	746
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	747	if entity and (entity.scope.status not in ['invalid', 'inactive']):
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	748	return
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	749
1177 53c802c2a2e2 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1176 diff changeset	750	raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	751
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	752	def checkIsMyGroupAcceptedRequest(self, django_args):
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	753	"""Checks whether the user can accept the specified request.
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	754	"""
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	755
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	756	self.checkCanCreateFromRequest(django_args, django_args['role'])
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	757
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	758	def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	759	"""Raises an alternate HTTP response if the specified request does not exist
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	760	or if it's status is completed or denied. Also Raises an alternate HTTP response
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	761	whenever the group in the request is not active.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	762	"""
948 bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 943 diff changeset	763
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	764	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	765
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	766	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	767	'link_id': django_args['link_id'],
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	768	'scope_path': django_args['scope_path'],
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	769	'role': role_name,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	770	}
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	771
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	772	request_entity = request_logic.getFromKeyFieldsOr404(fields)
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	773
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	774	if request_entity.status in ['completed', 'denied']:
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	775	raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	776
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	777	if request_entity.scope.status == 'active':
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	778	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	779
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	780	raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	781
1218 569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base. Lennard de Rijk <ljvderijk@gmail.com> parents: 1203 diff changeset	782	@allowDeveloper
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	783	@denySidebar
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	784	def checkIsHostForProgram(self, django_args):
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	785	"""Checks if the user is a host for the specified program.
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	786	"""
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	787
1218 569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base. Lennard de Rijk <ljvderijk@gmail.com> parents: 1203 diff changeset	788	program = program_logic.getFromKeyFields(django_args)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	789
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	790	if not program or program.status == 'invalid':
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	791	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_PROGRAM_MSG)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	792
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	793	new_args = {'scope_path': program.scope_path }
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	794	self.checkHasActiveRoleForScope(new_args, host_logic)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	795
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	796	@allowDeveloper
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	797	@denySidebar
1250 b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	798	def checkIsHostForProgramInScope(self, django_args):
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	799	"""Checks if the user is a host for the specified program.
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	800	"""
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	801
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	802	program = program_logic.getFromKeyName(django_args['scope_path'])
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	803
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	804	if not program or program.status == 'invalid':
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	805	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_PROGRAM_MSG)
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	806
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	807	django_args = {'scope_path': program.scope_path}
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	808	self.checkHasActiveRoleForScope(django_args, host_logic)
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	809
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	810	@allowDeveloper
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	811	@denySidebar
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	812	def checkIsActivePeriod(self, django_args, period_name, key_name_arg):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	813	"""Checks if the given period is active for the given program.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	814
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	815	Args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	816	django_args: a dictionary with django's arguments.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	817	period_name: the name of the period which is checked.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	818	key_name_arg: the entry in django_args that specifies the given program
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	819	keyname. If none is given the key_name is constructed from django_args
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	820	itself.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	821
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	822	Raises:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	823	AccessViolationResponse:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	824	* if no active Program is found
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	825	* if the period is not active
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	826	"""
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	827
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	828	if key_name_arg and key_name_arg in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	829	key_name = django_args[key_name_arg]
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	830	else:
1334 5009b63c247a Fixed a bug in access.py where a non-existing variable would have been called. Lennard de Rijk <ljvderijk@gmail.com> parents: 1318 diff changeset	831	key_name = program_logic.getKeyNameFromFields(django_args)
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	832
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	833	program_entity = program_logic.getFromKeyName(key_name)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	834
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	835	if not program_entity or (
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	836	program_entity.status in ['inactive', 'invalid']):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	837	raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	838
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	839	if timeline_helper.isActivePeriod(program_entity.timeline, period_name):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	840	return
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	841
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	842	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	843
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	844	def checkCanCreateOrgApp(self, django_args, period_name):
1237 b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	845	"""Checks to see if the program in the scope_path is accepting org apps
b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	846	"""
b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	847
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	848	if 'seed' in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	849	return self.checkIsActivePeriod(django_args['seed'],
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	850	period_name, 'scope_path')
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	851	else:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	852	return
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	853
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	854	@allowDeveloper
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	855	def checkCanEditGroupApp(self, django_args, group_app_logic):
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	856	"""Checks if the group_app in args is valid to be edited by the current user.
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	857
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	858	Args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	859	group_app_logic: A logic instance for the Group Application
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	860	"""
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	861
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	862	self.checkIsUser(django_args)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	863
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	864	fields = {
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	865	'link_id': django_args['link_id'],
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	866	'applicant': self.user,
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	867	'status' : ['needs review', 'rejected']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	868	}
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	869
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	870	if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	871	fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	872
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	873	entity = group_app_logic.getForFields(fields)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	874
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	875	if entity:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	876	return
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	877
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	878	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	879
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	880	@allowSidebar
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	881	def checkCanReviewGroupApp(self, django_args, group_app_logic):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	882	"""Checks if the group_app in args is valid to be reviewed.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	883
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	884	Args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	885	group_app_logic: A logic instance for the Group Application
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	886	"""
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	887
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	888	if 'link_id' not in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	889	# calling review overview, so we can't check a specified entity
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	890	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	891
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	892	fields = {
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	893	'link_id': django_args['link_id'],
1366 ed246513e7cb Remove extra space from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1350 diff changeset	894	'status': ['needs review', 'accepted', 'rejected', 'ignored',
1232 3bce6205e24e Added pre-accpeted status to group_app. Lennard de Rijk <ljvderijk@gmail.com> parents: 1227 diff changeset	895	'pre-accepted']
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	896	}
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	897
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	898	if 'scope_path' in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	899	fields['scope_path'] = django_args['scope_path']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	900
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	901	entity = group_app_logic.getForFields(fields)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	902
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	903	if entity:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	904	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	905
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	906	raise out_of_band.AccessViolation(message_fmt=DEF_REVIEW_COMPLETED_MSG)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	907
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	908	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	909	def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	910	"""Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	911	entity for the specified Club.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	912
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	913	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	914	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	915
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	916	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	917	AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	918
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	919	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	920	None if Club App exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	921	of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	922	should be returned by the calling view.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	923	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	924
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	925	self.checkIsUser(django_args)
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	926
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	927	properties = {
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	928	'applicant': self.user,
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	929	'status': 'accepted'
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	930	}
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	931
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	932	application = app_logic.getForFields(properties, unique=True)
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	933
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	934	if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	935	return
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	936
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	937	raise out_of_band.AccessViolation(message_fmt=DEF_NO_APPLICATION_MSG)
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	938
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	939	def checkIsNotParticipatingInProgramInScope(self, django_args):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	940	"""Checks if the current user has no roles for the given program in django_args.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	941
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	942	Args:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	943	django_args: a dictionary with django's arguments
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	944
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	945	Raises:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	946	AccessViolationResponse: if the current user has a student, mentor or
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	947	org admin role for the given program.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	948	"""
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	949
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	950	if not django_args.get('scope_path'):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	951	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	952
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	953	program_entity = program_logic.getFromKeyName(django_args['scope_path'])
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	954	user_entity = user_logic.getForCurrentAccount()
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	955
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	956	filter = {'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	957	'scope': program_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	958	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	959
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	960	# check if the current user is already a student for this program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	961	student_role = student_logic.getForFields(filter, unique=True)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	962
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	963	if student_role:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	964	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	965	message_fmt=DEF_ALREADY_PARTICIPATING_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	966
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	967	# fill the role_list with all the mentor and org admin roles for this user
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	968	role_list = []
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	969
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	970	filter = {'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	971	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	972
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	973	mentor_roles = mentor_logic.getForFields(filter)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	974	if mentor_roles:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	975	role_list += mentor_roles
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	976
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	977	org_admin_roles = org_admin_logic.getForFields(filter)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	978	if org_admin_roles:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	979	role_list += org_admin_roles
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	980
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	981	# check if the user has a role for the retrieved program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	982	for role in role_list:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	983
1388 237f4cf6936d Use the new program property in mentor and role for an access check. Lennard de Rijk <ljvderijk@gmail.com> parents: 1375 diff changeset	984	if role.program.key() == program_entity.key():
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	985	# the current user has a role for the given program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	986	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	987	message_fmt=DEF_ALREADY_PARTICIPATING_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	988
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	989	# no roles found, access granted
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	990	return
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	991
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	992	def checkIsNotStudentForProgramOfOrg(self, django_args):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	993	"""Checks if the current user has no active Student role for the program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	994	that the organization in the scope_path is participating in.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	995
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	996	Args:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	997	django_args: a dictionary with django's arguments
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	998
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	999	Raises:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1000	AccessViolationResponse: if the current user is a student for the
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1001	program the organization is in.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1002	"""
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1003
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1004	if not django_args.get('scope_path'):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1005	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1006
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1007	org_entity = org_logic.getFromKeyName(django_args['scope_path'])
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1008	user_entity = user_logic.getForCurrentAccount()
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1009
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1010	filter = {'scope': org_entity.scope,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1011	'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1012	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1013
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1014	student_role = student_logic.getForFields(filter=filter, unique=True)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1015
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1016	if student_role:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1017	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1018	message_fmt=DEF_ALREADY_STUDENT_ROLE_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1019
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1020	return
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1021
1466 bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1022	@allowDeveloper
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1023	def checkRoleAndStatusForStudentProposal(self, django_args, allowed_roles,
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1024	role_status, proposal_status):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1025	"""Checks if the current user has access to the given proposal.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1026
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1027	Args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1028	django_args: a dictionary with django's arguments
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1029	allowed_roles: list with names for the roles allowed to pass access check
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1030	role_status: list with states allowed for the role
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1031	proposal_status: a list with states allowed for the proposal
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1032
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1033	Raises:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1034	AccessViolationResponse:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1035	- If there is no proposal found
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1036	- If the proposal is not in one of the required states.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1037	- If the user does not have any ofe the required roles
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1038	"""
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1039
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1040	self.checkIsUser(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1041
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1042	# bail out with 404 if no proposal is found
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1043	proposal_entity = student_proposal_logic.getFromKeyFieldsOr404(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1044
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1045	if not proposal_entity.status in proposal_status:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1046	# this proposal can not be accessed at the moment
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1047	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1048	message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1049
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1050	user_entity = self.user
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1051
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1052	if 'proposer' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1053	# check if this proposal belongs to the current user
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1054	student_entity = proposal_entity.scope
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1055	if (user_entity.key() == student_entity.user.key()) and (
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1056	student_entity.status in role_status):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1057	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1058
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1059	filter = {'user': user_entity,
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1060	'status': role_status}
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1061
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1062	if 'host' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1063	# check if the current user is a host for this proposal's program
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1064	filter['scope'] = proposal_entity.program
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1065
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1066	if host_logic.getForFields(filter, unique=True):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1067	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1068
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1069	if 'org_admin' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1070	# check if the current user is an admin for this proposal's org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1071	filter['scope'] = proposal_entity.org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1072
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1073	if org_admin_logic.getForFields(filter, unique=True):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1074	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1075
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1076	if 'mentor' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1077	# check if the current user is a mentor for this proposal's org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1078	filter['scope'] = proposal_entity.org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1079
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1080	if mentor_logic.getForFields(filter, unique=True):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1081	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1082
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1083	# no roles found, access denied
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1084	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1085	message_fmt=DEF_NEED_ROLE_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1086
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1087	@allowDeveloper
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1088	def checkCanStudentPropose(self, django_args, key_location):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1089	"""Checks if the program for this student accepts proposals.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1090
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1091	Args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1092	django_args: a dictionary with django's arguments
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1093	key_location: the key for django_args in which the key_name
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1094	from the student is stored
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1095	"""
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1096
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1097	self.checkIsUser(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1098
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1099	if 'seed' in django_args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1100	key_name = django_args['seed'][key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1101	else:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1102	key_name = django_args[key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1103
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1104	student_entity = student_logic.getFromKeyName(key_name)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1105
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1106	if not student_entity or student_entity.status == 'invalid':
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1107	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1108	message_fmt=DEF_SIGN_UP_AS_STUDENT_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1109
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1110	program_entity = student_entity.scope
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1111
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1112	if not timeline_helper.isActivePeriod(program_entity.timeline,
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1113	'student_signup'):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1114	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1115
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1116	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1117
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1118	@allowDeveloper
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1119	def checkIsStudent(self, django_args, key_location, status):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1120	"""Checks if the current user is the given student.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1121
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1122	Args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1123	django_args: a dictionary with django's arguments
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1124	key_location: the key for django_args in which the key_name
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1125	from the student is stored
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1126	status: the allowed status for the student
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1127	"""
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1128
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1129	self.checkIsUser(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1130
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1131	if 'seed' in django_args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1132	key_name = django_args['seed'][key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1133	else:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1134	key_name = django_args[key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1135
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1136	student_entity = student_logic.getFromKeyName(key_name)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1137
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1138	if not student_entity or student_entity.status not in status:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1139	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1140	message_fmt=DEF_SIGN_UP_AS_STUDENT_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1141
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1142	if student_entity.user.key() != self.user.key():
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1143	# this is not the page for the current user
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1144	self.deny(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1145
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1146	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1147
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1148	@allowDeveloper
1180 6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	1149	def checkIsMyEntity(self, django_args, logic,
6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	1150	field_name='user', user=False):
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1151	"""Checks whether the entity belongs to the user.
1481 0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1152
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1153	Args:
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1154	logic: the logic that should be used to fetch the entity
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1155	field_name: the name of the field the entity uses to store it's owner
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1156	user: whether the entity stores the user's key name, or a reference
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1157	"""
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	1158
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	1159	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1160
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1161	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1162	'link_id': django_args['link_id'],
1180 6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	1163	field_name: self.user if user else self.user.key().name()
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1164	}
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1165
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	1166	if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	1167	fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	1168
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1169	entity = logic.getForFields(fields)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1170
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1171	if entity:
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1172	return
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1173
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1174	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1175
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1176	@allowDeveloper
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1177	@denySidebar
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1178	def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1179	"""Returns an alternate HTTP response if the user is not allowed to manage
1068 8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1180	the role given in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1181
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1182	Args:
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1183	role_logic: determines the logic for the role in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1184	manage_role_logic: determines the logic for the role which is allowed
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1185	to manage this role.
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1186
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1187	Raises:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1188	AccessViolationResponse: if the required authorization is not met
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1189
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1190	Returns:
1068 8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1191	None if the given role is active and belongs to the current user.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1192	None if the current User has an active role (from manage_role_logic)
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1193	that belongs to the same scope as the role that needs to be managed
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1194	"""
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1195
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1196	try:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1197	# check if it is my role the user's own role
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	1198	self.checkHasActiveRoleForScope(django_args, role_logic)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1199	except out_of_band.Error:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1200	pass
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1201
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1202	# apparently it's not the user's role so check if managing this role is allowed
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1203	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1204	'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1205	'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1206	}
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1207
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1208	role_entity = role_logic.getFromKeyFieldsOr404(fields)
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1209	if role_entity.status != 'active':
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1210	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ROLE_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1211
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1212	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1213	'link_id': self.user.link_id,
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1214	'scope_path': django_args['scope_path'],
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	1215	'status': 'active'
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1216	}
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1217
1184 bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller Sverre Rabbelier <srabbelier@gmail.com> parents: 1180 diff changeset	1218	manage_entity = manage_role_logic.getForFields(fields, unique=True)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1219
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1220	if not manage_entity:
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1221	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1222
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1223	return
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1224
1265 cecb2b35f805 Added allowsidebar to checkIsDocumentReadable. Lennard de Rijk <ljvderijk@gmail.com> parents: 1263 diff changeset	1225	@allowSidebar
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	1226	@allowDeveloper
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1227	def checkIsDocumentReadable(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1228	"""Checks whether a document is readable.
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	1229
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1230	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1231	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1232	"""
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	1233
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1234	document = document_logic.getFromKeyFieldsOr404(django_args)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1235
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1236	self.checkMembership('read', document.prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1237	document.read_access, django_args)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1238
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1239	@denySidebar
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1240	@allowDeveloper
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1241	def checkIsDocumentWritable(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1242	"""Checks whether a document is writable.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1243
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1244	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1245	django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1246	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1247
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1248	document = document_logic.getFromKeyFieldsOr404(django_args)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1249
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1250	self.checkMembership('write', document.prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1251	document.write_access, django_args)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	1252
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1253	@allowDeveloper
1318 3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1254	def checkDocumentList(self, django_args):
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1255	"""Checks whether the user is allowed to list documents.
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1256	"""
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1257
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1258	filter = django_args['filter']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1259
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1260	prefix = filter['prefix']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1261	scope_path = filter['scope_path']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1262
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1263	checker = rights_logic.Checker(prefix)
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1264	roles = checker.getMembership('list')
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1265
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1266	if not self.hasMembership(roles, filter):
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1267	raise out_of_band.AccessViolation(message_fmt=DEF_NO_LIST_ACCESS_MSG)
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1268
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1269	@allowDeveloper
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1270	def checkDocumentPick(self, django_args):
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1271	"""Checks whether the user has access to the specified pick url.
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1272
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1273	Will update the 'read_access' field of django_args['GET'].
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1274	"""
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1275
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1276	get_args = django_args['GET']
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1277
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1278	# make mutable in order to inject the proper read_access filter
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1279	mutable = get_args._mutable
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1280	get_args._mutable = True
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1281
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1282	if 'prefix' not in get_args:
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1283	raise out_of_band.AccessViolation(message_fmt=DEF_PREFIX_NOT_IN_ARGS_MSG)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1284
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1285	prefix = get_args['prefix']
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1286
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1287	checker = rights_logic.Checker(prefix)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1288	memberships = checker.getMemberships()
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1289
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1290	roles = []
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1291	for key, value in memberships.iteritems():
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1292	if self.hasMembership(value, django_args):
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1293	roles.append(key)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1294
1309 ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1295	if not roles:
ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1296	roles = ['deny']
ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1297
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1298	get_args.setlist('read_access', roles)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1299	get_args._mutable = mutable
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1300
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1301	def checkCanEditTimeline(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1302	"""Checks whether this program's timeline may be edited.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1303	"""
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1304
1475 22b63ab59b27 Make timeline a Linkable Sverre Rabbelier <srabbelier@gmail.com> parents: 1466 diff changeset	1305	time_line_keyname = timeline_logic.getKeyFieldsFromFields(django_args)
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1306	timeline_entity = timeline_logic.getFromKeyName(time_line_keyname)
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1307
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1308	if not timeline_entity:
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1309	# timeline does not exists so deny
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1310	self.deny(django_args)
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1311
1475 22b63ab59b27 Make timeline a Linkable Sverre Rabbelier <srabbelier@gmail.com> parents: 1466 diff changeset	1312	fields = program_logic.getKeyFieldsFromFields(django_args)
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1313	self.checkIsHostForProgram(fields)

author	Sverre Rabbelier <srabbelier@gmail.com>
	Tue, 24 Feb 2009 19:51:40 +0000
changeset 1486	c417a4188e73
parent 1481	0ccf92d073e8
child 1488	4b7cec48e26c
permissions	-rw-r--r--