py_tasks_melange: app/soc/views/helper/access.py@da531df1d92e (annotated)

293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	1	#!/usr/bin/python2.5
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	2	#
1308 35b75ffcbb37 Partially reverted "Update the copyright notice for 2009." Sverre Rabbelier <srabbelier@gmail.com> parents: 1307 diff changeset	3	# Copyright 2008 the Melange authors.
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	4	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	6	# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	7	# You may obtain a copy of the License at
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	8	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	10	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	14	# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	15	# limitations under the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	16
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	17	"""Access control helper.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	18
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	19	The functions in this module can be used to check access control
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	20	related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	21	met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	22	either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	23	do not meet the required criteria.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	24	"""
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	25
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	26	__authors__ = [
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	27	'"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	28	'"Sverre Rabbelier" <sverre@rabbelier.nl>',
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	29	'"Lennard de Rijk" <ljvderijk@gmail.com>',
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	30	'"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	31	]
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	32
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	33
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	34	from google.appengine.api import users
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	35	from google.appengine.api import memcache
315 c4f1a07ee340 Add missing blank lines between imports in access.py module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 309 diff changeset	36
746 018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 729 diff changeset	37	from django.core import urlresolvers
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	38	from django.utils.translation import ugettext
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	39
481 94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be Todd Larsen <tlarsen@google.com> parents: 448 diff changeset	40	from soc.logic import accounts
720 9eb2522dfa83 Make it possible to invite another Host as Host Sverre Rabbelier <srabbelier@gmail.com> parents: 714 diff changeset	41	from soc.logic import dicts
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	42	from soc.logic import rights as rights_logic
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	43	from soc.logic.helper import timeline as timeline_helper
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	44	from soc.logic.models.club_admin import logic as club_admin_logic
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	45	from soc.logic.models.club_member import logic as club_member_logic
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	46	from soc.logic.models.document import logic as document_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	47	from soc.logic.models.host import logic as host_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	48	from soc.logic.models.mentor import logic as mentor_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	49	from soc.logic.models.notification import logic as notification_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	50	from soc.logic.models.org_admin import logic as org_admin_logic
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	51	from soc.logic.models.organization import logic as org_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	52	from soc.logic.models.program import logic as program_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	53	from soc.logic.models.request import logic as request_logic
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	54	from soc.logic.models.role import logic as role_logic
891 3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect(). Todd Larsen <tlarsen@google.com> parents: 890 diff changeset	55	from soc.logic.models.site import logic as site_logic
1445 c2e09f7d62d9 Forgotten import Sverre Rabbelier <srabbelier@gmail.com> parents: 1444 diff changeset	56	from soc.logic.models.sponsor import logic as sponsor_logic
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	57	from soc.logic.models.student import logic as student_logic
1466 bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	58	from soc.logic.models.student_proposal import logic as student_proposal_logic
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	59	from soc.logic.models.timeline import logic as timeline_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	60	from soc.logic.models.user import logic as user_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	61	from soc.views.helper import redirects
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	62	from soc.views import helper
543 280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge Todd Larsen <tlarsen@google.com> parents: 525 diff changeset	63	from soc.views import out_of_band
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	64
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	65
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	66	DEF_NO_USER_LOGIN_MSG= ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	67	'Please create <a href="/user/create_profile">User Profile</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	68	' in order to view this page.')
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	69
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	70	DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	71	'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	72	' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	73	' in order to view this page.')
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	74
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	75	DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	76	'Please <a href="%%(sign_out)s">sign out</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	77	' and <a href="%%(sign_in)s">sign in</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	78	' again as %(role)s to view this page.')
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	79
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	80	DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	81	'You need to be in the %(status)s group to %(action)s'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	82	' documents in the %(prefix)s prefix.')
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	83
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	84	DEF_NEED_ROLE_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	85	'You do not have the required role.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	86
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	87	DEF_NOT_YOUR_ENTITY_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	88	'This entity does not belong to you.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	89
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	90	DEF_NO_ACTIVE_ENTITY_MSG = ugettext(
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	91	'There is no such active entity.')
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	92
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	93	DEF_NO_ACTIVE_GROUP_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	94	'There is no such active group.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	95
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	96	DEF_NO_ACTIVE_ROLE_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	97	'There is no such active role.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	98
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	99	DEF_ALREADY_PARTICIPATING_MSG = ugettext(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	100	'You cannot become a student because you are already participating '
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	101	'in this program.')
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	102
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	103	DEF_ALREADY_STUDENT_ROLE_MSG = ugettext(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	104	'You cannot become a Mentor or Organization Admin because you already are '
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	105	'a student in this program.')
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	106
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	107	DEF_NO_ACTIVE_PROGRAM_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	108	'There is no such active program.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	109
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	110	DEF_NO_REQUEST_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	111	'There is no accepted request that would allow you to visit this page.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	112
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	113	DEF_NO_APPLICATION_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	114	'There is no application that would allow you to visit this page.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	115
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	116	DEF_NEED_PICK_ARGS_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	117	'The "continue" and "field" args are not both present.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	118
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	119	DEF_REVIEW_COMPLETED_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	120	'This Application can not be reviewed anymore (it has been completed or rejected).')
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	121
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	122	DEF_REQUEST_COMPLETED_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	123	'This request cannot be accepted (it is either completed or denied).')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	124
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	125	DEF_SCOPE_INACTIVE_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	126	'The scope for this request is not active.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	127
1466 bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	128	DEF_SIGN_UP_AS_STUDENT_MSG = ugettext(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	129	'You need to sign up as a Student first.')
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	130
1318 3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	131	DEF_NO_LIST_ACCESS_MSG = ugettext(
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	132	'You do not have the required rights to list documents for this scope and prefix.')
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	133
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	134	DEF_PAGE_DENIED_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	135	'Access to this page has been restricted.')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	136
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	137	DEF_PREFIX_NOT_IN_ARGS_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	138	'A required GET url argument ("prefix") was not specified.')
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	139
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	140	DEF_PAGE_INACTIVE_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	141	'This page is inactive at this time.')
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	142
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	143	DEF_LOGOUT_MSG_FMT = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	144	'Please <a href="%(sign_out)s">sign out</a> in order to view this page.')
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	145
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	146	DEF_GROUP_NOT_FOUND_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	147	'The requested Group can not be found.')
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	148
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	149	DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	150	'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	151	' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	152	'<ul>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	153	' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	154	' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	155	' used to create another one</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	156	' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	157	'</ul>')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	158
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	159
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	160	def allowSidebar(fun):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	161	"""Decorator that allows access if the sidebar is calling.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	162	"""
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	163
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	164	from functools import wraps
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	165
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	166	@wraps(fun)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	167	def wrapper(self, django_args, args, *kwargs):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	168	if django_args.get('SIDEBAR_CALLING'):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	169	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	170	return fun(self, django_args, args, *kwargs)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	171	return wrapper
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	172
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	173
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	174	def denySidebar(fun):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	175	"""Decorator that denies access if the sidebar is calling.
612 3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	176	"""
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	177
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	178	from functools import wraps
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	179
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	180	@wraps(fun)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	181	def wrapper(self, django_args, args, *kwargs):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	182	if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	183	raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	184	return fun(self, django_args, args, *kwargs)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	185	return wrapper
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	186
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	187
1073 feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	188	def allowIfCheckPasses(checker_name):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	189	"""Returns a decorator that allows access if the specified checker passes.
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	190	"""
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	191
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	192	from functools import wraps
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	193
1073 feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	194	def decorator(fun):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	195	"""Decorator that allows access if the current user is a Developer.
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	196	"""
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	197
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	198	@wraps(fun)
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	199	def wrapper(self, django_args, args, *kwargs):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	200	try:
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	201	# if the check passes we allow access regardless
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	202	return self.doCheck(checker_name, django_args, [])
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	203	except out_of_band.Error:
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	204	# otherwise we run the original check
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	205	return fun(self, django_args, args, *kwargs)
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	206	return wrapper
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	207
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	208	return decorator
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	209
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	210
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	211	allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	212
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	213
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	214	class Checker(object):
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	215	"""
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	216	The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	217	when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	218	rather then modifying rights directly if so desired.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	219	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	220
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	221	MEMBERSHIP = {
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	222	'anyone': 'allow',
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	223	'club_admin': ('checkHasActiveRoleForScope', club_admin_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	224	'club_member': ('checkHasActiveRoleForScope', club_member_logic),
1444 b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	225	'host': ('checkHasDocumentAccess', [host_logic, 'sponsor']),
b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	226	'org_admin': ('checkHasDocumentAccess', [org_admin_logic, 'org']),
b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	227	'org_mentor': ('checkHasDocumentAccess', [mentor_logic, 'org']),
b97cfeb423f4 Make use of the new checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1443 diff changeset	228	'org_student': ('checkHasDocumentAccess', [student_logic, 'org']),
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	229	'user': 'checkIsUser',
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	230	'user_self': ('checkIsUserSelf', 'scope_path'),
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	231	}
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	232
1442 8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	233	#: the depths of various scopes to other scopes
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	234	# the 0 entries are not used, and are for clarity purposes only
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	235	SCOPE_DEPTH = {
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	236	'sponsor': (sponsor_logic, {'sponsor': 0}),
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	237	'program': (program_logic, {'sponsor': 1, 'program': 0}),
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	238	'org': (org_logic, {'sponsor': 2, 'program': 1, 'org': 0}),
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	239	}
8eec34007e80 Specify how to walk the scope up to another scope Sverre Rabbelier <srabbelier@gmail.com> parents: 1441 diff changeset	240
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	241	def __init__(self, params):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	242	"""Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	243	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	244
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	245	base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	246	self.rights = base.rights if base else {}
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	247	self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	248	self.user = None
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	249
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	250	def normalizeChecker(self, checker):
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	251	"""Normalizes the checker to a pre-defined format.
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	252
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	253	The result is guaranteed to be a list of 2-tuples, the first element is a
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	254	checker (iff there is an checker with the specified name), the second
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	255	element is a list of arguments that should be passed to the checker when
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	256	calling it in addition to the standard django_args.
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	257	"""
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	258
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	259	# Be nice an repack so that it is always a list with tuples
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	260	if isinstance(checker, tuple):
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	261	name, arg = checker
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	262	return (name, (arg if isinstance(arg, list) else [arg]))
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	263	else:
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	264	return (checker, [])
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	265
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	266	def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	267	"""Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	268	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	269
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	270	oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	271	self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	272
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	273	def __getitem__(self, key):
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	274	"""Retrieves and normalizes the right checkers.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	275	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	276
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	277	return [self.normalizeChecker(i) for i in self.rights.get(key, [])]
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	278
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	279	def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	280	"""Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	281	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	282
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	283	return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	284
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	285	def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	286	"""Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	287	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	288
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	289	retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	290
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	291	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	292	memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	293
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	294	def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	295	"""Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	296	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	297
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	298	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	299	return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	300
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	301	def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	302	"""Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	303	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	304
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	305	checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	306	checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	307
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	308	def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	309	"""Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	310	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	311
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	312	cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	313
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	314	if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	315	try:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	316	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	317	self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	318	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	319	except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	320	self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	321	raise
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	322
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	323	if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	324	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	325
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	326	# re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	327	raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	328
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	329	def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	330	"""Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	331	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	332
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	333	if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	334	self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	335	else:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	336	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	337
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	338	def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	339	"""Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	340	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	341
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	342	self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	343	self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	344
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	345	def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	346	"""Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	347
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	348	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	349	access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	350	rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	351	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	352
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	353	Rights usage:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	354	The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	355	to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	356	are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	357	request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	358	are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	359	the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	360	type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	361	value are called.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	362	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	363
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	364	use_cache = django_args.get('SIDEBAR_CALLING')
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	365
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	366	# Call each access checker
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	367	for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	368	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	369
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	370	if access_type not in self.rights:
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	371	# No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	372	for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	373	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	374	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	375
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	376	for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	377	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	378
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	379	def hasMembership(self, roles, django_args):
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	380	"""Checks whether the user has access to any of the specified roles.
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	381
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	382	Args:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	383	roles: a list of roles to check
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	384	"""
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	385
1315 7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	386	try:
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	387	# we need to check manually, as we must return True!
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	388	self.checkIsDeveloper(django_args)
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	389	return True
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	390	except out_of_band.Error:
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	391	pass
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	392
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	393	for role in roles:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	394	try:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	395	checker_name, args = self.normalizeChecker(self.MEMBERSHIP[role])
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	396	self.doCheck(checker_name, django_args, args)
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	397	# the check passed, we can stop now
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	398	return True
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	399	except out_of_band.Error:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	400	continue
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	401
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	402	return False
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	403
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	404	@allowDeveloper
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	405	def checkMembership(self, action, prefix, status, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	406	"""Checks whether the user has access to the specified status.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	407
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	408	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	409	action: the action that was performed (e.g., 'read')
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	410	prefix: the prefix, determines what access set is used
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	411	status: the access status (e.g., 'public')
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	412	django_args: the django args to pass on to the checkers
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	413	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	414
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	415	checker = rights_logic.Checker(prefix)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	416	roles = checker.getMembership(status)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	417
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	418	message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	419	'action': action,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	420	'prefix': prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	421	'status': status,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	422	}
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	423
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	424	# try to see if they belong to any of the roles, if not, raise an
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	425	# access violation for the specified action, prefix and status.
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	426	if not self.hasMembership(roles, django_args):
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	427	raise out_of_band.AccessViolation(message_fmt)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	428
1486 c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	429	def checkHasAny(self, django_args, checks):
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	430	"""Checks if any of the checks passes.
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	431
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	432	If none of the specified checks passes, the exception that the first of the
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	433	checks raised is reraised.
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	434	"""
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	435
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	436	first = None
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	437
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	438	for checker_name, args in checks:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	439	try:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	440	self.doCheck(checker_name, django_args, args)
1488 4b7cec48e26c Brown paper bag fix Sverre Rabbelier <srabbelier@gmail.com> parents: 1486 diff changeset	441	# one check passed, all is well
4b7cec48e26c Brown paper bag fix Sverre Rabbelier <srabbelier@gmail.com> parents: 1486 diff changeset	442	return
1486 c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	443	except out_of_band.Error, e:
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	444	# store the first esception
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	445	first = first if first else e
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	446
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	447	# none passed, re-raise the first exception
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	448	raise first
c417a4188e73 Added a checkHasAny method Sverre Rabbelier <srabbelier@gmail.com> parents: 1481 diff changeset	449
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	450	def allow(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	451	"""Never raises an alternate HTTP response. (an access no-op, basically).
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	452
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	453	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	454	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	455	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	456
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	457	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	458
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	459	def deny(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	460	"""Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	461
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	462	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	463	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	464
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	465	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	466	always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	467	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	468
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	469	context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	470	context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	471
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	472	raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	473
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	474	def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	475	"""Raises an alternate HTTP response if Google Account is not logged in.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	476
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	477	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	478	django_args: a dictionary with django's arguments
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	479
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	480	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	481	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	482	* if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	483	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	484
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	485	if self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	486	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	487
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	488	raise out_of_band.LoginRequest()
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	489
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	490	def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	491	"""Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	492
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	493	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	494	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	495
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	496	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	497	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	498	* if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	499	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	500
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	501	if not self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	502	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	503
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	504	raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	505
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	506	def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	507	"""Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	508
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	509	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	510	django_args: a dictionary with django's arguments
895 e70ffd079438 Even developers need to agree to the terms of service for Melange Sverre Rabbelier <srabbelier@gmail.com> parents: 892 diff changeset	511
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	512	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	513	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	514	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	515	* if no Google Account is logged in at all
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	516	* if User has not agreed to the site-wide ToS, if one exists
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	517	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	518
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	519	self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	520
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	521	if not self.user:
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	522	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	523
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	524	if user_logic.agreesToSiteToS(self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	525	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	526
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	527	# Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	528	# agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	529	login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	530	'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	531
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	532	raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	533
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	534	@allowDeveloper
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	535	def checkIsUserSelf(self, django_args, field_name):
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	536	"""Checks whether the specified user is the logged in user.
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	537
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	538	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	539	django_args: the keyword args from django, only scope_path is used
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	540	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	541
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	542	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	543
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	544	if not field_name in django_args:
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	545	self.deny(django_args)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	546
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	547	if self.user.link_id == django_args[field_name]:
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	548	return
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	549
1177 53c802c2a2e2 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1176 diff changeset	550	raise out_of_band.AccessViolation(DEF_NOT_YOUR_ENTITY_MSG)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	551
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	552	def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	553	"""Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	554
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	555	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	556	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	557
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	558	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	559	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	560	* if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	561	* if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	562	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	563
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	564	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	565
1192 b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	566	user_entity = user_logic.getForFields({'account':self.id}, unique=True)
b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	567
b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	568	if not user_entity and not user_logic.isFormerAccount(self.id):
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	569	# this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	570	return
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	571
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	572	message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	573	'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	574	raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	575
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	576	def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	577	"""Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	578
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	579	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	580	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	581
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	582	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	583	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	584	* if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	585	* if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	586	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	587
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	588	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	589
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	590	if not self.user:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	591	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	592
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	593	return
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	594
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	595	def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	596	"""Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	597
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	598	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	599	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	600
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	601	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	602	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	603	* if User is not a Developer, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	604	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	605	* if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	606	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	607
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	608	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	609
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	610	if accounts.isDeveloper(account=self.id, user=self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	611	return
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	612
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	613	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	614	'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	615
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	616	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	617
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	618	@allowDeveloper
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	619	@denySidebar
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	620	def checkIsActive(self, django_args, logic,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	621	field_name='scope_path', filter_field='link_id'):
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	622	"""Raises an alternate HTTP response if the entity is not active.
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	623
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	624	Args:
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	625	django_args: a dictionary with django's arguments
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	626	logic: the logic that should be used to look up the entity
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	627	field_name: the name of the field that should be copied verbatim
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	628	If a format string is specified it will be formatted with
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	629	the specified django_args.
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	630	filter_field: the name of the field to which scope_path should be set
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	631
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	632	Raises:
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	633	AccessViolationResponse:
1438 e484f9acf999 Updated comments in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1435 diff changeset	634	* if no entity is found
e484f9acf999 Updated comments in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1435 diff changeset	635	* if the entity status is not active
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	636	"""
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	637
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	638	self.checkIsUser(django_args)
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	639
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	640	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	641	filter_field: django_args[filter_field],
1179 427d2ec42823 Rewrite getForFields to use GQL instead of the Query API Sverre Rabbelier <srabbelier@gmail.com> parents: 1177 diff changeset	642	'status': 'active',
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	643	}
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	644
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	645	if field_name:
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	646	# convert to a format string if desired
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	647	if field_name.find('%') == -1:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	648	field_name = ''.join(['%(', field_name, ')s'])
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	649
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	650	try:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	651	fields['scope_path'] = field_name % django_args
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	652	except KeyError, e:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	653	self.deny(django_args)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	654
1179 427d2ec42823 Rewrite getForFields to use GQL instead of the Query API Sverre Rabbelier <srabbelier@gmail.com> parents: 1177 diff changeset	655	entity = logic.getForFields(fields, unique=True)
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	656
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	657	if entity:
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	658	return
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	659
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	660	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	661
1441 e633906ed88d Make use of default value Sverre Rabbelier <srabbelier@gmail.com> parents: 1438 diff changeset	662	def checkHasActiveRoleForScope(self, django_args, logic,
e633906ed88d Make use of default value Sverre Rabbelier <srabbelier@gmail.com> parents: 1438 diff changeset	663	field_name='scope_path'):
1203 38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1201 diff changeset	664	"""Checks that the user has the specified active role.
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	665	"""
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	666
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	667	django_args['user'] = self.user
1184 bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller Sverre Rabbelier <srabbelier@gmail.com> parents: 1180 diff changeset	668	self.checkIsActive(django_args, logic, field_name, 'user')
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	669
1443 8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	670	def checkHasDocumentAccess(self, django_args, logic, target_scope):
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	671	"""Checks that the user has access to the specified document scope.
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	672	"""
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	673
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	674	prefix = django_args['prefix']
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	675	scope_logic, depths = self.SCOPE_DEPTH.get(prefix, (None, {}))
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	676	depth = depths.get(target_scope, 0)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	677
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	678	# nothing to do
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	679	if not (scope_logic and depth):
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	680	return self.checkHasActiveRoleForScope(django_args, logic)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	681
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	682	# we don't want to modify the original django args
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	683	django_args = django_args.copy()
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	684
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	685	entity = scope_logic.getFromKeyName(django_args['scope_path'])
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	686
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	687	# cannot have access to the specified scope if it is invalid
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	688	if not entity:
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	689	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	690
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	691	# walk up the scope to where we need to be
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	692	for _ in range(depth):
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	693	entity = entity.scope
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	694
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	695	django_args['scope_path'] = entity.key().name()
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	696
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	697	self.checkHasActiveRoleForScope(django_args, logic)
8ce8314d1c8f Added a checkHasDocumentAccess method Sverre Rabbelier <srabbelier@gmail.com> parents: 1442 diff changeset	698
1189 14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	699	def checkSeeded(self, django_args, checker_name, *args):
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	700	"""Wrapper to update the django_args with the contens of seed first.
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	701	"""
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	702
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	703	django_args.update(django_args.get('seed', {}))
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	704	self.doCheck(checker_name, django_args, args)
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	705
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	706	def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	707	"""Raises an alternate HTTP response if the specified group is not in an
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	708	active status.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	709
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	710	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	711	group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	712	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	713
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	714	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	715
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	716	group_entity = role_logic.getGroupEntityFromScopePath(
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	717	group_logic.logic, django_args['scope_path'])
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	718
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	719	if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	720	raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	721
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	722	if group_entity.status != 'active':
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	723	# tell the user that this group is not active
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	724	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	725
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	726	return
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	727
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	728	def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	729	"""Raises an alternate HTTP response if the specified request does not exist
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	730	or if it's status is not group_accepted. Also when the group this request
0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	731	is from is in an inactive or invalid status access will be denied.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	732	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	733
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	734	self.checkIsUserSelf(django_args, 'link_id')
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	735
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	736	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	737	'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	738	'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	739	'role': role_name,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	740	'status': 'group_accepted',
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	741	}
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	742
1176 c211191e7d81 Fixed access related bugs Sverre Rabbelier <srabbelier@gmail.com> parents: 1163 diff changeset	743	entity = request_logic.getForFields(fields, unique=True)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	744
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	745	if entity and (entity.scope.status not in ['invalid', 'inactive']):
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	746	return
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	747
1177 53c802c2a2e2 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1176 diff changeset	748	raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	749
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	750	def checkIsMyGroupAcceptedRequest(self, django_args):
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	751	"""Checks whether the user can accept the specified request.
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	752	"""
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	753
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	754	self.checkCanCreateFromRequest(django_args, django_args['role'])
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	755
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	756	def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	757	"""Raises an alternate HTTP response if the specified request does not exist
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	758	or if it's status is completed or denied. Also Raises an alternate HTTP response
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	759	whenever the group in the request is not active.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	760	"""
948 bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 943 diff changeset	761
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	762	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	763
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	764	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	765	'link_id': django_args['link_id'],
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	766	'scope_path': django_args['scope_path'],
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	767	'role': role_name,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	768	}
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	769
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	770	request_entity = request_logic.getFromKeyFieldsOr404(fields)
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	771
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	772	if request_entity.status in ['completed', 'denied']:
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	773	raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	774
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	775	if request_entity.scope.status == 'active':
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	776	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	777
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	778	raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	779
1218 569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base. Lennard de Rijk <ljvderijk@gmail.com> parents: 1203 diff changeset	780	@allowDeveloper
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	781	@denySidebar
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	782	def checkIsHostForProgram(self, django_args):
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	783	"""Checks if the user is a host for the specified program.
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	784	"""
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	785
1218 569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base. Lennard de Rijk <ljvderijk@gmail.com> parents: 1203 diff changeset	786	program = program_logic.getFromKeyFields(django_args)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	787
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	788	if not program or program.status == 'invalid':
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	789	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_PROGRAM_MSG)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	790
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	791	new_args = {'scope_path': program.scope_path }
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	792	self.checkHasActiveRoleForScope(new_args, host_logic)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	793
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	794	@allowDeveloper
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	795	@denySidebar
1250 b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	796	def checkIsHostForProgramInScope(self, django_args):
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	797	"""Checks if the user is a host for the specified program.
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	798	"""
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	799
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	800	program = program_logic.getFromKeyName(django_args['scope_path'])
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	801
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	802	if not program or program.status == 'invalid':
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	803	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_PROGRAM_MSG)
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	804
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	805	django_args = {'scope_path': program.scope_path}
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	806	self.checkHasActiveRoleForScope(django_args, host_logic)
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	807
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	808	@allowDeveloper
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	809	@denySidebar
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	810	def checkIsActivePeriod(self, django_args, period_name, key_name_arg):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	811	"""Checks if the given period is active for the given program.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	812
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	813	Args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	814	django_args: a dictionary with django's arguments.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	815	period_name: the name of the period which is checked.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	816	key_name_arg: the entry in django_args that specifies the given program
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	817	keyname. If none is given the key_name is constructed from django_args
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	818	itself.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	819
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	820	Raises:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	821	AccessViolationResponse:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	822	* if no active Program is found
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	823	* if the period is not active
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	824	"""
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	825
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	826	if key_name_arg and key_name_arg in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	827	key_name = django_args[key_name_arg]
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	828	else:
1334 5009b63c247a Fixed a bug in access.py where a non-existing variable would have been called. Lennard de Rijk <ljvderijk@gmail.com> parents: 1318 diff changeset	829	key_name = program_logic.getKeyNameFromFields(django_args)
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	830
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	831	program_entity = program_logic.getFromKeyName(key_name)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	832
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	833	if not program_entity or (
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	834	program_entity.status in ['inactive', 'invalid']):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	835	raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	836
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	837	if timeline_helper.isActivePeriod(program_entity.timeline, period_name):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	838	return
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	839
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	840	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	841
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	842	def checkCanCreateOrgApp(self, django_args, period_name):
1237 b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	843	"""Checks to see if the program in the scope_path is accepting org apps
b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	844	"""
b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	845
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	846	if 'seed' in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	847	return self.checkIsActivePeriod(django_args['seed'],
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	848	period_name, 'scope_path')
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	849	else:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	850	return
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	851
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	852	@allowDeveloper
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	853	def checkCanEditGroupApp(self, django_args, group_app_logic):
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	854	"""Checks if the group_app in args is valid to be edited by the current user.
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	855
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	856	Args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	857	group_app_logic: A logic instance for the Group Application
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	858	"""
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	859
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	860	self.checkIsUser(django_args)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	861
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	862	fields = {
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	863	'link_id': django_args['link_id'],
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	864	'applicant': self.user,
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	865	'status' : ['needs review', 'rejected']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	866	}
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	867
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	868	if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	869	fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	870
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	871	entity = group_app_logic.getForFields(fields)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	872
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	873	if entity:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	874	return
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	875
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	876	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	877
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	878	@allowSidebar
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	879	def checkCanReviewGroupApp(self, django_args, group_app_logic):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	880	"""Checks if the group_app in args is valid to be reviewed.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	881
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	882	Args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	883	group_app_logic: A logic instance for the Group Application
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	884	"""
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	885
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	886	if 'link_id' not in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	887	# calling review overview, so we can't check a specified entity
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	888	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	889
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	890	fields = {
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	891	'link_id': django_args['link_id'],
1366 ed246513e7cb Remove extra space from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1350 diff changeset	892	'status': ['needs review', 'accepted', 'rejected', 'ignored',
1232 3bce6205e24e Added pre-accpeted status to group_app. Lennard de Rijk <ljvderijk@gmail.com> parents: 1227 diff changeset	893	'pre-accepted']
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	894	}
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	895
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	896	if 'scope_path' in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	897	fields['scope_path'] = django_args['scope_path']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	898
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	899	entity = group_app_logic.getForFields(fields)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	900
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	901	if entity:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	902	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	903
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	904	raise out_of_band.AccessViolation(message_fmt=DEF_REVIEW_COMPLETED_MSG)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	905
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	906	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	907	def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	908	"""Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	909	entity for the specified Club.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	910
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	911	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	912	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	913
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	914	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	915	AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	916
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	917	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	918	None if Club App exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	919	of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	920	should be returned by the calling view.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	921	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	922
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	923	self.checkIsUser(django_args)
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	924
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	925	properties = {
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	926	'applicant': self.user,
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	927	'status': 'accepted'
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	928	}
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	929
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	930	application = app_logic.getForFields(properties, unique=True)
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	931
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	932	if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	933	return
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	934
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	935	raise out_of_band.AccessViolation(message_fmt=DEF_NO_APPLICATION_MSG)
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	936
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	937	def checkIsNotParticipatingInProgramInScope(self, django_args):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	938	"""Checks if the current user has no roles for the given program in django_args.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	939
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	940	Args:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	941	django_args: a dictionary with django's arguments
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	942
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	943	Raises:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	944	AccessViolationResponse: if the current user has a student, mentor or
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	945	org admin role for the given program.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	946	"""
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	947
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	948	if not django_args.get('scope_path'):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	949	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	950
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	951	program_entity = program_logic.getFromKeyName(django_args['scope_path'])
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	952	user_entity = user_logic.getForCurrentAccount()
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	953
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	954	filter = {'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	955	'scope': program_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	956	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	957
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	958	# check if the current user is already a student for this program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	959	student_role = student_logic.getForFields(filter, unique=True)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	960
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	961	if student_role:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	962	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	963	message_fmt=DEF_ALREADY_PARTICIPATING_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	964
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	965	# fill the role_list with all the mentor and org admin roles for this user
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	966	role_list = []
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	967
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	968	filter = {'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	969	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	970
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	971	mentor_roles = mentor_logic.getForFields(filter)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	972	if mentor_roles:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	973	role_list += mentor_roles
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	974
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	975	org_admin_roles = org_admin_logic.getForFields(filter)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	976	if org_admin_roles:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	977	role_list += org_admin_roles
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	978
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	979	# check if the user has a role for the retrieved program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	980	for role in role_list:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	981
1388 237f4cf6936d Use the new program property in mentor and role for an access check. Lennard de Rijk <ljvderijk@gmail.com> parents: 1375 diff changeset	982	if role.program.key() == program_entity.key():
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	983	# the current user has a role for the given program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	984	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	985	message_fmt=DEF_ALREADY_PARTICIPATING_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	986
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	987	# no roles found, access granted
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	988	return
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	989
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	990	def checkIsNotStudentForProgramOfOrg(self, django_args):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	991	"""Checks if the current user has no active Student role for the program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	992	that the organization in the scope_path is participating in.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	993
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	994	Args:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	995	django_args: a dictionary with django's arguments
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	996
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	997	Raises:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	998	AccessViolationResponse: if the current user is a student for the
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	999	program the organization is in.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1000	"""
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1001
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1002	if not django_args.get('scope_path'):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1003	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1004
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1005	org_entity = org_logic.getFromKeyName(django_args['scope_path'])
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1006	user_entity = user_logic.getForCurrentAccount()
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1007
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1008	filter = {'scope': org_entity.scope,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1009	'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1010	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1011
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1012	student_role = student_logic.getForFields(filter=filter, unique=True)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1013
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1014	if student_role:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1015	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1016	message_fmt=DEF_ALREADY_STUDENT_ROLE_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1017
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1018	return
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	1019
1466 bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1020	@allowDeveloper
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1021	def checkRoleAndStatusForStudentProposal(self, django_args, allowed_roles,
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1022	role_status, proposal_status):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1023	"""Checks if the current user has access to the given proposal.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1024
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1025	Args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1026	django_args: a dictionary with django's arguments
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1027	allowed_roles: list with names for the roles allowed to pass access check
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1028	role_status: list with states allowed for the role
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1029	proposal_status: a list with states allowed for the proposal
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1030
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1031	Raises:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1032	AccessViolationResponse:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1033	- If there is no proposal found
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1034	- If the proposal is not in one of the required states.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1035	- If the user does not have any ofe the required roles
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1036	"""
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1037
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1038	self.checkIsUser(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1039
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1040	# bail out with 404 if no proposal is found
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1041	proposal_entity = student_proposal_logic.getFromKeyFieldsOr404(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1042
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1043	if not proposal_entity.status in proposal_status:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1044	# this proposal can not be accessed at the moment
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1045	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1046	message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1047
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1048	user_entity = self.user
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1049
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1050	if 'proposer' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1051	# check if this proposal belongs to the current user
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1052	student_entity = proposal_entity.scope
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1053	if (user_entity.key() == student_entity.user.key()) and (
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1054	student_entity.status in role_status):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1055	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1056
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1057	filter = {'user': user_entity,
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1058	'status': role_status}
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1059
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1060	if 'host' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1061	# check if the current user is a host for this proposal's program
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1062	filter['scope'] = proposal_entity.program
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1063
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1064	if host_logic.getForFields(filter, unique=True):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1065	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1066
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1067	if 'org_admin' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1068	# check if the current user is an admin for this proposal's org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1069	filter['scope'] = proposal_entity.org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1070
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1071	if org_admin_logic.getForFields(filter, unique=True):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1072	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1073
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1074	if 'mentor' in allowed_roles:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1075	# check if the current user is a mentor for this proposal's org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1076	filter['scope'] = proposal_entity.org
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1077
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1078	if mentor_logic.getForFields(filter, unique=True):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1079	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1080
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1081	# no roles found, access denied
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1082	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1083	message_fmt=DEF_NEED_ROLE_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1084
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1085	@allowDeveloper
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1086	def checkCanStudentPropose(self, django_args, key_location):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1087	"""Checks if the program for this student accepts proposals.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1088
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1089	Args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1090	django_args: a dictionary with django's arguments
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1091	key_location: the key for django_args in which the key_name
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1092	from the student is stored
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1093	"""
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1094
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1095	self.checkIsUser(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1096
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1097	if 'seed' in django_args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1098	key_name = django_args['seed'][key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1099	else:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1100	key_name = django_args[key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1101
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1102	student_entity = student_logic.getFromKeyName(key_name)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1103
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1104	if not student_entity or student_entity.status == 'invalid':
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1105	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1106	message_fmt=DEF_SIGN_UP_AS_STUDENT_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1107
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1108	program_entity = student_entity.scope
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1109
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1110	if not timeline_helper.isActivePeriod(program_entity.timeline,
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1111	'student_signup'):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1112	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1113
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1114	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1115
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1116	@allowDeveloper
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1117	def checkIsStudent(self, django_args, key_location, status):
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1118	"""Checks if the current user is the given student.
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1119
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1120	Args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1121	django_args: a dictionary with django's arguments
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1122	key_location: the key for django_args in which the key_name
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1123	from the student is stored
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1124	status: the allowed status for the student
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1125	"""
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1126
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1127	self.checkIsUser(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1128
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1129	if 'seed' in django_args:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1130	key_name = django_args['seed'][key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1131	else:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1132	key_name = django_args[key_location]
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1133
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1134	student_entity = student_logic.getFromKeyName(key_name)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1135
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1136	if not student_entity or student_entity.status not in status:
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1137	raise out_of_band.AccessViolation(
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1138	message_fmt=DEF_SIGN_UP_AS_STUDENT_MSG)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1139
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1140	if student_entity.user.key() != self.user.key():
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1141	# this is not the page for the current user
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1142	self.deny(django_args)
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1143
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1144	return
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1145
bfcec687b362 Added several access checks for student proposals. Lennard de Rijk <ljvderijk@gmail.com> parents: 1445 diff changeset	1146	@allowDeveloper
1180 6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	1147	def checkIsMyEntity(self, django_args, logic,
6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	1148	field_name='user', user=False):
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1149	"""Checks whether the entity belongs to the user.
1481 0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1150
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1151	Args:
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1152	logic: the logic that should be used to fetch the entity
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1153	field_name: the name of the field the entity uses to store it's owner
0ccf92d073e8 Add missing comment to checkIsMyEntity Sverre Rabbelier <srabbelier@gmail.com> parents: 1475 diff changeset	1154	user: whether the entity stores the user's key name, or a reference
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1155	"""
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	1156
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	1157	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1158
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1159	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1160	'link_id': django_args['link_id'],
1180 6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	1161	field_name: self.user if user else self.user.key().name()
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1162	}
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1163
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	1164	if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	1165	fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	1166
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1167	entity = logic.getForFields(fields)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1168
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1169	if entity:
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1170	return
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1171
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1172	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1173
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1174	@allowDeveloper
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1175	@denySidebar
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1176	def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1177	"""Returns an alternate HTTP response if the user is not allowed to manage
1068 8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1178	the role given in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1179
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1180	Args:
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1181	role_logic: determines the logic for the role in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1182	manage_role_logic: determines the logic for the role which is allowed
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1183	to manage this role.
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1184
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1185	Raises:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1186	AccessViolationResponse: if the required authorization is not met
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1187
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1188	Returns:
1068 8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1189	None if the given role is active and belongs to the current user.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1190	None if the current User has an active role (from manage_role_logic)
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	1191	that belongs to the same scope as the role that needs to be managed
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1192	"""
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1193
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1194	try:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1195	# check if it is my role the user's own role
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	1196	self.checkHasActiveRoleForScope(django_args, role_logic)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1197	except out_of_band.Error:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1198	pass
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1199
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1200	# apparently it's not the user's role so check if managing this role is allowed
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1201	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1202	'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1203	'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1204	}
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1205
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1206	role_entity = role_logic.getFromKeyFieldsOr404(fields)
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1207	if role_entity.status != 'active':
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1208	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ROLE_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1209
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1210	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1211	'link_id': self.user.link_id,
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1212	'scope_path': django_args['scope_path'],
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	1213	'status': 'active'
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1214	}
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1215
1184 bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller Sverre Rabbelier <srabbelier@gmail.com> parents: 1180 diff changeset	1216	manage_entity = manage_role_logic.getForFields(fields, unique=True)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1217
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1218	if not manage_entity:
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1219	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1220
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1221	return
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1222
1265 cecb2b35f805 Added allowsidebar to checkIsDocumentReadable. Lennard de Rijk <ljvderijk@gmail.com> parents: 1263 diff changeset	1223	@allowSidebar
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	1224	@allowDeveloper
1496 da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1225	def checkIsDocumentReadable(self, django_args, key_name_field=None):
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1226	"""Checks whether a document is readable.
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	1227
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1228	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1229	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1230	"""
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	1231
1496 da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1232	if key_name_field:
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1233	key_name = django_args[key_name_field]
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1234	document = document_logic.getFromKeyName(key_name)
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1235	else:
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1236	document = document_logic.getFromKeyFieldsOr404(django_args)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1237
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1238	self.checkMembership('read', document.prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1239	document.read_access, django_args)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1240
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1241	@denySidebar
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1242	@allowDeveloper
1496 da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1243	def checkIsDocumentWritable(self, django_args, key_name_field=None):
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1244	"""Checks whether a document is writable.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1245
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1246	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1247	django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1248	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1249
1496 da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1250	if key_name_field:
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1251	key_name = django_args[key_name_field]
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1252	document = document_logic.getFromKeyName(key_name)
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1253	else:
da531df1d92e Allow the document lookup to be done by key name Sverre Rabbelier <srabbelier@gmail.com> parents: 1488 diff changeset	1254	document = document_logic.getFromKeyFieldsOr404(django_args)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1255
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1256	self.checkMembership('write', document.prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1257	document.write_access, django_args)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	1258
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1259	@allowDeveloper
1318 3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1260	def checkDocumentList(self, django_args):
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1261	"""Checks whether the user is allowed to list documents.
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1262	"""
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1263
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1264	filter = django_args['filter']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1265
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1266	prefix = filter['prefix']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1267	scope_path = filter['scope_path']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1268
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1269	checker = rights_logic.Checker(prefix)
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1270	roles = checker.getMembership('list')
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1271
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1272	if not self.hasMembership(roles, filter):
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1273	raise out_of_band.AccessViolation(message_fmt=DEF_NO_LIST_ACCESS_MSG)
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1274
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1275	@allowDeveloper
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1276	def checkDocumentPick(self, django_args):
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1277	"""Checks whether the user has access to the specified pick url.
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1278
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1279	Will update the 'read_access' field of django_args['GET'].
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1280	"""
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1281
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1282	get_args = django_args['GET']
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1283
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1284	# make mutable in order to inject the proper read_access filter
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1285	mutable = get_args._mutable
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1286	get_args._mutable = True
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1287
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1288	if 'prefix' not in get_args:
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1289	raise out_of_band.AccessViolation(message_fmt=DEF_PREFIX_NOT_IN_ARGS_MSG)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1290
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1291	prefix = get_args['prefix']
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1292
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1293	checker = rights_logic.Checker(prefix)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1294	memberships = checker.getMemberships()
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1295
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1296	roles = []
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1297	for key, value in memberships.iteritems():
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1298	if self.hasMembership(value, django_args):
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1299	roles.append(key)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1300
1309 ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1301	if not roles:
ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1302	roles = ['deny']
ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1303
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1304	get_args.setlist('read_access', roles)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1305	get_args._mutable = mutable
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1306
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1307	def checkCanEditTimeline(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1308	"""Checks whether this program's timeline may be edited.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1309	"""
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1310
1475 22b63ab59b27 Make timeline a Linkable Sverre Rabbelier <srabbelier@gmail.com> parents: 1466 diff changeset	1311	time_line_keyname = timeline_logic.getKeyFieldsFromFields(django_args)
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1312	timeline_entity = timeline_logic.getFromKeyName(time_line_keyname)
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1313
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1314	if not timeline_entity:
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1315	# timeline does not exists so deny
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1316	self.deny(django_args)
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1317
1475 22b63ab59b27 Make timeline a Linkable Sverre Rabbelier <srabbelier@gmail.com> parents: 1466 diff changeset	1318	fields = program_logic.getKeyFieldsFromFields(django_args)
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1319	self.checkIsHostForProgram(fields)

author	Sverre Rabbelier <srabbelier@gmail.com>
	Tue, 24 Feb 2009 23:10:50 +0000
changeset 1496	da531df1d92e
parent 1488	4b7cec48e26c
child 1505	fd6dcb852688
permissions	-rw-r--r--