py_tasks_melange: app/soc/views/helper/access.py@e633906ed88d (annotated)

293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	1	#!/usr/bin/python2.5
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	2	#
1308 35b75ffcbb37 Partially reverted "Update the copyright notice for 2009." Sverre Rabbelier <srabbelier@gmail.com> parents: 1307 diff changeset	3	# Copyright 2008 the Melange authors.
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	4	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	6	# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	7	# You may obtain a copy of the License at
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	8	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	10	#
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	14	# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	15	# limitations under the License.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	16
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	17	"""Access control helper.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	18
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	19	The functions in this module can be used to check access control
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	20	related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	21	met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	22	either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	23	do not meet the required criteria.
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	24	"""
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	25
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	26	__authors__ = [
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	27	'"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	28	'"Sverre Rabbelier" <sverre@rabbelier.nl>',
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	29	'"Lennard de Rijk" <ljvderijk@gmail.com>',
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	30	'"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	31	]
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	32
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	33
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	34	from google.appengine.api import users
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	35	from google.appengine.api import memcache
315 c4f1a07ee340 Add missing blank lines between imports in access.py module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 309 diff changeset	36
746 018efb9863dc Fix import sorting in soc.views.helper.access module and rename 'host' to 'Program Administrator'. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 729 diff changeset	37	from django.core import urlresolvers
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	38	from django.utils.translation import ugettext
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	39
481 94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be Todd Larsen <tlarsen@google.com> parents: 448 diff changeset	40	from soc.logic import accounts
720 9eb2522dfa83 Make it possible to invite another Host as Host Sverre Rabbelier <srabbelier@gmail.com> parents: 714 diff changeset	41	from soc.logic import dicts
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	42	from soc.logic import rights as rights_logic
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	43	from soc.logic.helper import timeline as timeline_helper
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	44	from soc.logic.models.club_admin import logic as club_admin_logic
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	45	from soc.logic.models.club_member import logic as club_member_logic
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	46	from soc.logic.models.document import logic as document_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	47	from soc.logic.models.host import logic as host_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	48	from soc.logic.models.mentor import logic as mentor_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	49	from soc.logic.models.notification import logic as notification_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	50	from soc.logic.models.org_admin import logic as org_admin_logic
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	51	from soc.logic.models.organization import logic as org_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	52	from soc.logic.models.program import logic as program_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	53	from soc.logic.models.request import logic as request_logic
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	54	from soc.logic.models.role import logic as role_logic
891 3d40190f35b6 Move getToSLink() to soc.views.helper.redirects.getToSRedirect(). Todd Larsen <tlarsen@google.com> parents: 890 diff changeset	55	from soc.logic.models.site import logic as site_logic
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	56	from soc.logic.models.student import logic as student_logic
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	57	from soc.logic.models.timeline import logic as timeline_logic
887 b8c1a6bc913e Take advantage of new "from ... import ... as ..." rules in the style guide. Todd Larsen <tlarsen@google.com> parents: 884 diff changeset	58	from soc.logic.models.user import logic as user_logic
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	59	from soc.views.helper import redirects
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	60	from soc.views import helper
543 280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge Todd Larsen <tlarsen@google.com> parents: 525 diff changeset	61	from soc.views import out_of_band
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	62
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	63
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	64	DEF_NO_USER_LOGIN_MSG= ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	65	'Please create <a href="/user/create_profile">User Profile</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	66	' in order to view this page.')
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	67
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	68	DEF_AGREE_TO_TOS_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	69	'You must agree to the <a href="%(tos_link)s">site-wide Terms of'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	70	' Service</a> in your <a href="/user/edit_profile">User Profile</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	71	' in order to view this page.')
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	72
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	73	DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	74	'Please <a href="%%(sign_out)s">sign out</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	75	' and <a href="%%(sign_in)s">sign in</a>'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	76	' again as %(role)s to view this page.')
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	77
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	78	DEF_NEED_MEMBERSHIP_MSG_FMT = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	79	'You need to be in the %(status)s group to %(action)s'
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	80	' documents in the %(prefix)s prefix.')
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	81
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	82	DEF_NEED_ROLE_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	83	'You do not have the required role.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	84
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	85	DEF_NOT_YOUR_ENTITY_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	86	'This entity does not belong to you.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	87
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	88	DEF_NO_ACTIVE_ENTITY_MSG = ugettext(
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	89	'There is no such active entity.')
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	90
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	91	DEF_NO_ACTIVE_GROUP_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	92	'There is no such active group.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	93
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	94	DEF_NO_ACTIVE_ROLE_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	95	'There is no such active role.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	96
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	97	DEF_ALREADY_PARTICIPATING_MSG = ugettext(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	98	'You cannot become a student because you are already participating '
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	99	'in this program.')
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	100
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	101	DEF_ALREADY_STUDENT_ROLE_MSG = ugettext(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	102	'You cannot become a Mentor or Organization Admin because you already are '
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	103	'a student in this program.')
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	104
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	105	DEF_NO_ACTIVE_PROGRAM_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	106	'There is no such active program.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	107
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	108	DEF_NO_REQUEST_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	109	'There is no accepted request that would allow you to visit this page.')
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	110
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	111	DEF_NO_APPLICATION_MSG = ugettext(
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	112	'There is no application that would allow you to visit this page.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	113
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	114	DEF_NEED_PICK_ARGS_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	115	'The "continue" and "field" args are not both present.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	116
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	117	DEF_REVIEW_COMPLETED_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	118	'This Application can not be reviewed anymore (it has been completed or rejected).')
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	119
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	120	DEF_REQUEST_COMPLETED_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	121	'This request cannot be accepted (it is either completed or denied).')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	122
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	123	DEF_SCOPE_INACTIVE_MSG = ugettext(
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	124	'The scope for this request is not active.')
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	125
1318 3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	126	DEF_NO_LIST_ACCESS_MSG = ugettext(
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	127	'You do not have the required rights to list documents for this scope and prefix.')
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	128
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	129	DEF_PAGE_DENIED_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	130	'Access to this page has been restricted.')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	131
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	132	DEF_PREFIX_NOT_IN_ARGS_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	133	'A required GET url argument ("prefix") was not specified.')
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	134
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	135	DEF_PAGE_INACTIVE_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	136	'This page is inactive at this time.')
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	137
970 8b5611d5b053 Use ugettext instead of ugettext_lazy Sverre Rabbelier <srabbelier@gmail.com> parents: 965 diff changeset	138	DEF_LOGOUT_MSG_FMT = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	139	'Please <a href="%(sign_out)s">sign out</a> in order to view this page.')
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	140
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	141	DEF_GROUP_NOT_FOUND_MSG = ugettext(
1350 c822368a60b1 Add missing dots in messages in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1334 diff changeset	142	'The requested Group can not be found.')
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	143
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	144	DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	145	'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	146	' one or more of the following reasons:'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	147	'<ul>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	148	' <li>the account is invalid</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	149	' <li>the account is already attached to a User profile and cannot be'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	150	' used to create another one</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	151	' <li>the account is a former account that cannot be used again</li>'
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	152	'</ul>')
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	153
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	154
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	155	def allowSidebar(fun):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	156	"""Decorator that allows access if the sidebar is calling.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	157	"""
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	158
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	159	from functools import wraps
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	160
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	161	@wraps(fun)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	162	def wrapper(self, django_args, args, *kwargs):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	163	if django_args.get('SIDEBAR_CALLING'):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	164	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	165	return fun(self, django_args, args, *kwargs)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	166	return wrapper
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	167
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	168
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	169	def denySidebar(fun):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	170	"""Decorator that denies access if the sidebar is calling.
612 3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	171	"""
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms Sverre Rabbelier <srabbelier@gmail.com> parents: 590 diff changeset	172
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	173	from functools import wraps
508 2b90baceac88 Add a access.deny and access.allow method Sverre Rabbelier <srabbelier@gmail.com> parents: 481 diff changeset	174
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	175	@wraps(fun)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	176	def wrapper(self, django_args, args, *kwargs):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	177	if django_args.get('SIDEBAR_CALLING'):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	178	raise out_of_band.Error("Sidebar Calling")
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	179	return fun(self, django_args, args, *kwargs)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	180	return wrapper
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	181
1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	182
1073 feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	183	def allowIfCheckPasses(checker_name):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	184	"""Returns a decorator that allows access if the specified checker passes.
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	185	"""
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	186
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	187	from functools import wraps
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	188
1073 feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	189	def decorator(fun):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	190	"""Decorator that allows access if the current user is a Developer.
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	191	"""
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	192
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	193	@wraps(fun)
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	194	def wrapper(self, django_args, args, *kwargs):
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	195	try:
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	196	# if the check passes we allow access regardless
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	197	return self.doCheck(checker_name, django_args, [])
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	198	except out_of_band.Error:
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	199	# otherwise we run the original check
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	200	return fun(self, django_args, args, *kwargs)
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	201	return wrapper
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	202
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	203	return decorator
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	204
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	205
feea88d0e1d8 Factor out the allowIfCheckPasses logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1068 diff changeset	206	allowDeveloper = allowIfCheckPasses('checkIsDeveloper')
1016 15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	207
15a2f644725f Create a decorator for allowDeveloper Sverre Rabbelier <srabbelier@gmail.com> parents: 1012 diff changeset	208
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	209	class Checker(object):
590 37735d97b541 Created a seperate module for editSelf things Sverre Rabbelier <srabbelier@gmail.com> parents: 543 diff changeset	210	"""
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	211	The __setitem__() and __getitem__() methods are overloaded to DTRT
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	212	when adding new access rights, and retrieving them, so use these
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	213	rather then modifying rights directly if so desired.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	214	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	215
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	216	MEMBERSHIP = {
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	217	'anyone': 'allow',
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	218	'club_admin': ('checkHasActiveRoleForScope', club_admin_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	219	'club_member': ('checkHasActiveRoleForScope', club_member_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	220	'host': ('checkHasActiveRoleForScope', host_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	221	'org_admin': ('checkHasActiveRoleForScope', org_admin_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	222	'org_mentor': ('checkHasActiveRoleForScope', mentor_logic),
f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	223	'org_student': 'deny', #('checkHasActiveRoleForScope', student_logic),
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	224	'user': 'checkIsUser',
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	225	'user_self': ('checkIsUserSelf', 'scope_path'),
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	226	}
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	227
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	228	def __init__(self, params):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	229	"""Adopts base.rights as rights if base is set.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	230	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	231
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	232	base = params.get('rights') if params else None
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	233	self.rights = base.rights if base else {}
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	234	self.id = None
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	235	self.user = None
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	236
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	237	def normalizeChecker(self, checker):
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	238	"""Normalizes the checker to a pre-defined format.
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	239
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	240	The result is guaranteed to be a list of 2-tuples, the first element is a
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	241	checker (iff there is an checker with the specified name), the second
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	242	element is a list of arguments that should be passed to the checker when
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	243	calling it in addition to the standard django_args.
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	244	"""
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	245
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	246	# Be nice an repack so that it is always a list with tuples
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	247	if isinstance(checker, tuple):
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	248	name, arg = checker
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	249	return (name, (arg if isinstance(arg, list) else [arg]))
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	250	else:
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	251	return (checker, [])
a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	252
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	253	def __setitem__(self, key, value):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	254	"""Sets a value only if no old value exists.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	255	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	256
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	257	oldvalue = self.rights.get(key)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	258	self.rights[key] = oldvalue if oldvalue else value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	259
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	260	def __getitem__(self, key):
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	261	"""Retrieves and normalizes the right checkers.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	262	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	263
1226 a671f0d63562 Fix broken document access checks Sverre Rabbelier <srabbelier@gmail.com> parents: 1223 diff changeset	264	return [self.normalizeChecker(i) for i in self.rights.get(key, [])]
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	265
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	266	def key(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	267	"""Returns the key for the specified checker for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	268	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	269
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	270	return "%s.%s" % (self.id, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	271
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	272	def put(self, checker_name, value):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	273	"""Puts the result for the specified checker in the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	274	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	275
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	276	retention = 30
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	277
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	278	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	279	memcache.add(memcache_key, value, retention)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	280
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	281	def get(self, checker_name):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	282	"""Retrieves the result for the specified checker from cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	283	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	284
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	285	memcache_key = self.key(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	286	return memcache.get(memcache_key)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	287
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	288	def doCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	289	"""Runs the specified checker with the specified arguments.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	290	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	291
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	292	checker = getattr(self, checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	293	checker(django_args, *args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	294
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	295	def doCachedCheck(self, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	296	"""Retrieves from cache or runs the specified checker.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	297	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	298
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	299	cached = self.get(checker_name)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	300
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	301	if cached is None:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	302	try:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	303	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	304	self.put(checker_name, True)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	305	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	306	except out_of_band.Error, e:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	307	self.put(checker_name, e)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	308	raise
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	309
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	310	if cached is True:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	311	return
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	312
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	313	# re-raise the cached exception
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	314	raise cached
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	315
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	316	def check(self, use_cache, checker_name, django_args, args):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	317	"""Runs the checker, optionally using the cache.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	318	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	319
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	320	if use_cache:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	321	self.doCachedCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	322	else:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	323	self.doCheck(checker_name, django_args, args)
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	324
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	325	def setCurrentUser(self, id, user):
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	326	"""Sets up everything for the current user.
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	327	"""
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	328
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	329	self.id = id
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	330	self.user = user
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	331
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	332	def checkAccess(self, access_type, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	333	"""Runs all the defined checks for the specified type.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	334
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	335	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	336	access_type: the type of request (such as 'list' or 'edit')
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	337	rights: a dictionary containing access check functions
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	338	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	339
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	340	Rights usage:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	341	The rights dictionary is used to check if the current user is allowed
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	342	to view the page specified. The functions defined in this dictionary
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	343	are always called with the provided django_args dictionary as argument. On any
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	344	request, regardless of what type, the functions in the 'any_access' value
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	345	are called. If the specified type is not in the rights dictionary, all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	346	the functions in the 'unspecified' value are called. When the specified
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	347	type _is_ in the rights dictionary, all the functions in that access_type's
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	348	value are called.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	349	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	350
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	351	use_cache = django_args.get('SIDEBAR_CALLING')
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	352
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	353	# Call each access checker
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	354	for checker_name, args in self['any_access']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	355	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	356
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	357	if access_type not in self.rights:
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	358	# No checks defined, so do the 'generic' checks and bail out
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	359	for checker_name, args in self['unspecified']:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	360	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	361	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	362
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	363	for checker_name, args in self[access_type]:
6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	364	self.check(use_cache, checker_name, django_args, args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	365
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	366	def hasMembership(self, roles, django_args):
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	367	"""Checks whether the user has access to any of the specified roles.
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	368
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	369	Args:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	370	roles: a list of roles to check
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	371	"""
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	372
1315 7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	373	try:
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	374	# we need to check manually, as we must return True!
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	375	self.checkIsDeveloper(django_args)
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	376	return True
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	377	except out_of_band.Error:
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	378	pass
7c58f5cdd5b8 Developers have all roles Sverre Rabbelier <srabbelier@gmail.com> parents: 1309 diff changeset	379
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	380	for role in roles:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	381	try:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	382	checker_name, args = self.normalizeChecker(self.MEMBERSHIP[role])
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	383	self.doCheck(checker_name, django_args, args)
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	384	# the check passed, we can stop now
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	385	return True
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	386	except out_of_band.Error:
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	387	continue
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	388
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	389	return False
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	390
a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	391	@allowDeveloper
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	392	def checkMembership(self, action, prefix, status, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	393	"""Checks whether the user has access to the specified status.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	394
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	395	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	396	action: the action that was performed (e.g., 'read')
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	397	prefix: the prefix, determines what access set is used
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	398	status: the access status (e.g., 'public')
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	399	django_args: the django args to pass on to the checkers
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	400	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	401
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	402	checker = rights_logic.Checker(prefix)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	403	roles = checker.getMembership(status)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	404
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	405	message_fmt = DEF_NEED_MEMBERSHIP_MSG_FMT % {
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	406	'action': action,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	407	'prefix': prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	408	'status': status,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	409	}
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	410
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	411	# try to see if they belong to any of the roles, if not, raise an
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	412	# access violation for the specified action, prefix and status.
1300 a89d673771eb Factor out the hasMembership method from checkMembership Sverre Rabbelier <srabbelier@gmail.com> parents: 1265 diff changeset	413	if not self.hasMembership(roles, django_args):
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	414	raise out_of_band.AccessViolation(message_fmt)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	415
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	416	def allow(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	417	"""Never raises an alternate HTTP response. (an access no-op, basically).
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	418
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	419	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	420	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	421	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	422
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	423	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	424
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	425	def deny(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	426	"""Always raises an alternate HTTP response.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	427
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	428	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	429	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	430
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	431	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	432	always raises AccessViolationResponse if called
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	433	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	434
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	435	context = django_args.get('context', {})
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	436	context['title'] = 'Access denied'
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	437
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	438	raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	439
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	440	def checkIsLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	441	"""Raises an alternate HTTP response if Google Account is not logged in.
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	442
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	443	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	444	django_args: a dictionary with django's arguments
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	445
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	446	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	447	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	448	* if no Google Account is even logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	449	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	450
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	451	if self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	452	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	453
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	454	raise out_of_band.LoginRequest()
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	455
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	456	def checkNotLoggedIn(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	457	"""Raises an alternate HTTP response if Google Account is logged in.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	458
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	459	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	460	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	461
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	462	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	463	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	464	* if a Google Account is currently logged in
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	465	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	466
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	467	if not self.id:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	468	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	469
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	470	raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
888 a75ae24f04cb Add checkAgreesToSiteToS() (partially implemented until circular import fixed). Todd Larsen <tlarsen@google.com> parents: 887 diff changeset	471
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	472	def checkIsUser(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	473	"""Raises an alternate HTTP response if Google Account has no User entity.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	474
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	475	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	476	django_args: a dictionary with django's arguments
895 e70ffd079438 Even developers need to agree to the terms of service for Melange Sverre Rabbelier <srabbelier@gmail.com> parents: 892 diff changeset	477
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	478	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	479	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	480	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	481	* if no Google Account is logged in at all
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	482	* if User has not agreed to the site-wide ToS, if one exists
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	483	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	484
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	485	self.checkIsLoggedIn(django_args)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	486
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	487	if not self.user:
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	488	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	489
1017 6ad4fdb48840 Cache access checks and disable sidebar caching Sverre Rabbelier <srabbelier@gmail.com> parents: 1016 diff changeset	490	if user_logic.agreesToSiteToS(self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	491	return
293 1edd01373e71 Add an access control module Sverre Rabbelier <srabbelier@gmail.com> parents: diff changeset	492
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	493	# Would not reach this point of site-wide ToS did not exist, since
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	494	# agreesToSiteToS() call above always returns True if no ToS is in effect.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	495	login_msg_fmt = DEF_AGREE_TO_TOS_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	496	'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	497
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	498	raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	499
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	500	@allowDeveloper
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	501	def checkIsUserSelf(self, django_args, field_name):
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	502	"""Checks whether the specified user is the logged in user.
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	503
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	504	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	505	django_args: the keyword args from django, only scope_path is used
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	506	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	507
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	508	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	509
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	510	if not field_name in django_args:
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	511	self.deny(django_args)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	512
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	513	if self.user.link_id == django_args[field_name]:
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	514	return
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	515
1177 53c802c2a2e2 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1176 diff changeset	516	raise out_of_band.AccessViolation(DEF_NOT_YOUR_ENTITY_MSG)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	517
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	518	def checkIsUnusedAccount(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	519	"""Raises an alternate HTTP response if Google Account has a User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	520
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	521	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	522	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	523
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	524	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	525	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	526	* if a User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	527	* if a User has this Gooogle Account in their formerAccounts list
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	528	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	529
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	530	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	531
1192 b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	532	user_entity = user_logic.getForFields({'account':self.id}, unique=True)
b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	533
b53fa1e05dbd Adds the possibility to exclude the user from the website. Lennard de Rijk <ljvderijk@gmail.com> parents: 1189 diff changeset	534	if not user_entity and not user_logic.isFormerAccount(self.id):
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	535	# this account has not been used yet
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	536	return
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	537
1048 0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	538	message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	539	'email' : self.id.email()}
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	540	raise out_of_band.LoginRequest(message_fmt=message_fmt)
0fe0cb8f7253 Changed access.py to comply more with the style of the module. Lennard de Rijk <ljvderijk@gmail.com> parents: 1043 diff changeset	541
1043 5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	542	def checkHasUserEntity(self, django_args):
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	543	"""Raises an alternate HTTP response if Google Account has no User entity.
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	544
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	545	Args:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	546	django_args: a dictionary with django's arguments
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	547
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	548	Raises:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	549	AccessViolationResponse:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	550	* if no User exists for the logged-in Google Account, or
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	551	* if no Google Account is logged in at all
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	552	"""
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	553
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	554	self.checkIsLoggedIn(django_args)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	555
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	556	if not self.user:
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	557	raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	558
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	559	return
5e15994b2033 Redone the user's profile page. Lennard de Rijk <ljvderijk@gmail.com> parents: 1037 diff changeset	560
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	561	def checkIsDeveloper(self, django_args):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	562	"""Raises an alternate HTTP response if Google Account is not a Developer.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	563
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	564	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	565	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	566
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	567	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	568	AccessViolationResponse:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	569	* if User is not a Developer, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	570	* if no User exists for the logged-in Google Account, or
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	571	* if no Google Account is logged in at all
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	572	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	573
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	574	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	575
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	576	if accounts.isDeveloper(account=self.id, user=self.user):
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	577	return
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	578
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	579	login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	580	'role': 'a Site Developer '}
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	581
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	582	raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	583
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	584	@allowDeveloper
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	585	@denySidebar
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	586	def checkIsActive(self, django_args, logic,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	587	field_name='scope_path', filter_field='link_id'):
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	588	"""Raises an alternate HTTP response if the entity is not active.
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	589
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	590	Args:
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	591	django_args: a dictionary with django's arguments
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	592	logic: the logic that should be used to look up the entity
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	593	field_name: the name of the field that should be copied verbatim
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	594	If a format string is specified it will be formatted with
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	595	the specified django_args.
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	596	filter_field: the name of the field to which scope_path should be set
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	597
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	598	Raises:
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	599	AccessViolationResponse:
1438 e484f9acf999 Updated comments in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1435 diff changeset	600	* if no entity is found
e484f9acf999 Updated comments in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1435 diff changeset	601	* if the entity status is not active
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	602	"""
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	603
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	604	self.checkIsUser(django_args)
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	605
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	606	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	607	filter_field: django_args[filter_field],
1179 427d2ec42823 Rewrite getForFields to use GQL instead of the Query API Sverre Rabbelier <srabbelier@gmail.com> parents: 1177 diff changeset	608	'status': 'active',
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	609	}
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	610
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	611	if field_name:
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	612	# convert to a format string if desired
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	613	if field_name.find('%') == -1:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	614	field_name = ''.join(['%(', field_name, ')s'])
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	615
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	616	try:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	617	fields['scope_path'] = field_name % django_args
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	618	except KeyError, e:
e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	619	self.deny(django_args)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	620
1179 427d2ec42823 Rewrite getForFields to use GQL instead of the Query API Sverre Rabbelier <srabbelier@gmail.com> parents: 1177 diff changeset	621	entity = logic.getForFields(fields, unique=True)
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	622
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	623	if entity:
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	624	return
09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	625
1435 e9a2b1e87b1a Added support for having a format string as scope_path filter Sverre Rabbelier <srabbelier@gmail.com> parents: 1388 diff changeset	626	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	627
1441 e633906ed88d Make use of default value Sverre Rabbelier <srabbelier@gmail.com> parents: 1438 diff changeset	628	def checkHasActiveRoleForScope(self, django_args, logic,
e633906ed88d Make use of default value Sverre Rabbelier <srabbelier@gmail.com> parents: 1438 diff changeset	629	field_name='scope_path'):
1203 38225f2ad3a6 Renamed checkHasRole to checkHasActiveRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1201 diff changeset	630	"""Checks that the user has the specified active role.
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	631	"""
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	632
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	633	django_args['user'] = self.user
1184 bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller Sverre Rabbelier <srabbelier@gmail.com> parents: 1180 diff changeset	634	self.checkIsActive(django_args, logic, field_name, 'user')
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	635
1189 14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	636	def checkSeeded(self, django_args, checker_name, *args):
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	637	"""Wrapper to update the django_args with the contens of seed first.
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	638	"""
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	639
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	640	django_args.update(django_args.get('seed', {}))
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	641	self.doCheck(checker_name, django_args, args)
14357ec13647 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1184 diff changeset	642
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	643	def checkCanMakeRequestToGroup(self, django_args, group_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	644	"""Raises an alternate HTTP response if the specified group is not in an
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	645	active status.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	646
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	647	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	648	group_logic: Logic module for the type of group which the request is for
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	649	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	650
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	651	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	652
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	653	group_entity = role_logic.getGroupEntityFromScopePath(
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	654	group_logic.logic, django_args['scope_path'])
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	655
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	656	if not group_entity:
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	657	raise out_of_band.Error(DEF_GROUP_NOT_FOUND_MSG, status=404)
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	658
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	659	if group_entity.status != 'active':
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	660	# tell the user that this group is not active
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	661	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	662
979 789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	663	return
789e70941055 Added checkCanMakeRequestToGroup to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 974 diff changeset	664
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	665	def checkCanCreateFromRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	666	"""Raises an alternate HTTP response if the specified request does not exist
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	667	or if it's status is not group_accepted. Also when the group this request
0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	668	is from is in an inactive or invalid status access will be denied.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	669	"""
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	670
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	671	self.checkIsUserSelf(django_args, 'link_id')
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	672
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	673	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	674	'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	675	'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	676	'role': role_name,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	677	'status': 'group_accepted',
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	678	}
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	679
1176 c211191e7d81 Fixed access related bugs Sverre Rabbelier <srabbelier@gmail.com> parents: 1163 diff changeset	680	entity = request_logic.getForFields(fields, unique=True)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	681
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	682	if entity and (entity.scope.status not in ['invalid', 'inactive']):
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	683	return
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	684
1177 53c802c2a2e2 More access related fixes Sverre Rabbelier <srabbelier@gmail.com> parents: 1176 diff changeset	685	raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	686
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	687	def checkIsMyGroupAcceptedRequest(self, django_args):
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	688	"""Checks whether the user can accept the specified request.
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	689	"""
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	690
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	691	self.checkCanCreateFromRequest(django_args, django_args['role'])
972 43018f61b481 Remove the request and arg parameter from the checkAccess call Sverre Rabbelier <srabbelier@gmail.com> parents: 970 diff changeset	692
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	693	def checkCanProcessRequest(self, django_args, role_name):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	694	"""Raises an alternate HTTP response if the specified request does not exist
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	695	or if it's status is completed or denied. Also Raises an alternate HTTP response
1061 09c243461de8 Redone access checks concerning groups to deal with the state property. Lennard de Rijk <ljvderijk@gmail.com> parents: 1048 diff changeset	696	whenever the group in the request is not active.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	697	"""
948 bd956f419ad9 Add missing blank lines and remove unused checkIsInvited function from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 943 diff changeset	698
1198 3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	699	self.checkIsUser(django_args)
3318f8d00691 Added some extra isUser checks to make sure that you have to accept the ToS before you can do anything concerning requests. Lennard de Rijk <ljvderijk@gmail.com> parents: 1192 diff changeset	700
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	701	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	702	'link_id': django_args['link_id'],
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	703	'scope_path': django_args['scope_path'],
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	704	'role': role_name,
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	705	}
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	706
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	707	request_entity = request_logic.getFromKeyFieldsOr404(fields)
960 129efa976d6d Added checkCanProcessRequest in access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 958 diff changeset	708
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	709	if request_entity.status in ['completed', 'denied']:
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	710	raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	711
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	712	if request_entity.scope.status == 'active':
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	713	return
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	714
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	715	raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	716
1218 569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base. Lennard de Rijk <ljvderijk@gmail.com> parents: 1203 diff changeset	717	@allowDeveloper
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	718	@denySidebar
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	719	def checkIsHostForProgram(self, django_args):
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	720	"""Checks if the user is a host for the specified program.
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	721	"""
94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	722
1218 569a3fe9cb88 Cleaned up getKeyNameFromFields in Logic base. Lennard de Rijk <ljvderijk@gmail.com> parents: 1203 diff changeset	723	program = program_logic.getFromKeyFields(django_args)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	724
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	725	if not program or program.status == 'invalid':
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	726	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_PROGRAM_MSG)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	727
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	728	new_args = {'scope_path': program.scope_path }
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	729	self.checkHasActiveRoleForScope(new_args, host_logic)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	730
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	731	@allowDeveloper
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	732	@denySidebar
1250 b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	733	def checkIsHostForProgramInScope(self, django_args):
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	734	"""Checks if the user is a host for the specified program.
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	735	"""
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	736
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	737	program = program_logic.getFromKeyName(django_args['scope_path'])
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	738
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	739	if not program or program.status == 'invalid':
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	740	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_PROGRAM_MSG)
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	741
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	742	django_args = {'scope_path': program.scope_path}
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	743	self.checkHasActiveRoleForScope(django_args, host_logic)
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	744
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	745	@allowDeveloper
b06e6e014658 Fixed access checkers for orgs Sverre Rabbelier <srabbelier@gmail.com> parents: 1248 diff changeset	746	@denySidebar
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	747	def checkIsActivePeriod(self, django_args, period_name, key_name_arg):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	748	"""Checks if the given period is active for the given program.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	749
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	750	Args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	751	django_args: a dictionary with django's arguments.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	752	period_name: the name of the period which is checked.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	753	key_name_arg: the entry in django_args that specifies the given program
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	754	keyname. If none is given the key_name is constructed from django_args
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	755	itself.
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	756
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	757	Raises:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	758	AccessViolationResponse:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	759	* if no active Program is found
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	760	* if the period is not active
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	761	"""
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	762
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	763	if key_name_arg and key_name_arg in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	764	key_name = django_args[key_name_arg]
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	765	else:
1334 5009b63c247a Fixed a bug in access.py where a non-existing variable would have been called. Lennard de Rijk <ljvderijk@gmail.com> parents: 1318 diff changeset	766	key_name = program_logic.getKeyNameFromFields(django_args)
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	767
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	768	program_entity = program_logic.getFromKeyName(key_name)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	769
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	770	if not program_entity or (
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	771	program_entity.status in ['inactive', 'invalid']):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	772	raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	773
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	774	if timeline_helper.isActivePeriod(program_entity.timeline, period_name):
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	775	return
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	776
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	777	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG)
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	778
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	779	def checkCanCreateOrgApp(self, django_args, period_name):
1237 b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	780	"""Checks to see if the program in the scope_path is accepting org apps
b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	781	"""
b5bf2aa0f3f9 Added missing comment in access.py and removed excessive whitespace. Lennard de Rijk <ljvderijk@gmail.com> parents: 1232 diff changeset	782
1223 aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	783	if 'seed' in django_args:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	784	return self.checkIsActivePeriod(django_args['seed'],
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	785	period_name, 'scope_path')
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	786	else:
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	787	return
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	788
aca77e2cc8f7 Added new access checks to deal with timeline for programs. Lennard de Rijk <ljvderijk@gmail.com> parents: 1218 diff changeset	789	@allowDeveloper
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	790	def checkCanEditGroupApp(self, django_args, group_app_logic):
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	791	"""Checks if the group_app in args is valid to be edited by the current user.
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	792
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	793	Args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	794	group_app_logic: A logic instance for the Group Application
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	795	"""
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	796
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	797	self.checkIsUser(django_args)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	798
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	799	fields = {
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	800	'link_id': django_args['link_id'],
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	801	'applicant': self.user,
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	802	'status' : ['needs review', 'rejected']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	803	}
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	804
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	805	if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	806	fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	807
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	808	entity = group_app_logic.getForFields(fields)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	809
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	810	if entity:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	811	return
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	812
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	813	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	814
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	815	@allowSidebar
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	816	def checkCanReviewGroupApp(self, django_args, group_app_logic):
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	817	"""Checks if the group_app in args is valid to be reviewed.
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	818
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	819	Args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	820	group_app_logic: A logic instance for the Group Application
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	821	"""
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	822
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	823	if 'link_id' not in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	824	# calling review overview, so we can't check a specified entity
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	825	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	826
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	827	fields = {
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	828	'link_id': django_args['link_id'],
1366 ed246513e7cb Remove extra space from soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1350 diff changeset	829	'status': ['needs review', 'accepted', 'rejected', 'ignored',
1232 3bce6205e24e Added pre-accpeted status to group_app. Lennard de Rijk <ljvderijk@gmail.com> parents: 1227 diff changeset	830	'pre-accepted']
1201 0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	831	}
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	832
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	833	if 'scope_path' in django_args:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	834	fields['scope_path'] = django_args['scope_path']
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	835
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	836	entity = group_app_logic.getForFields(fields)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	837
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	838	if entity:
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	839	return
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	840
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	841	raise out_of_band.AccessViolation(message_fmt=DEF_REVIEW_COMPLETED_MSG)
0a4c1af700a0 Added checkCanReviewGroupApp to acces.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1200 diff changeset	842
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	843	@allowDeveloper
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	844	def checkIsApplicationAccepted(self, django_args, app_logic):
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	845	"""Returns an alternate HTTP response if Google Account has no Club App
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	846	entity for the specified Club.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	847
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	848	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	849	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	850
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	851	Raises:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	852	AccessViolationResponse: if the required authorization is not met
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	853
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	854	Returns:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	855	None if Club App exists for the specified program, or a subclass
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	856	of django.http.HttpResponse which contains the alternate response
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	857	should be returned by the calling view.
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	858	"""
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	859
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	860	self.checkIsUser(django_args)
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	861
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	862	properties = {
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	863	'applicant': self.user,
1085 0afbdd0905ef Renamed state to status where appropriate. Lennard de Rijk <ljvderijk@gmail.com> parents: 1080 diff changeset	864	'status': 'accepted'
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	865	}
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	866
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	867	application = app_logic.getForFields(properties, unique=True)
884 ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	868
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	869	if application:
ded4850776c8 Changed checkIsClubAppAccepted into a more generic checkIsApplicationAccepted. Lennard de Rijk <ljvderijk@gmail.com> parents: 882 diff changeset	870	return
814 25ffebd9fa8f Implement the checkIsClubAppAccepted function Sverre Rabbelier <srabbelier@gmail.com> parents: 802 diff changeset	871
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	872	raise out_of_band.AccessViolation(message_fmt=DEF_NO_APPLICATION_MSG)
726 ba3d399ec9be Added Notifications. Lennard de Rijk <ljvderijk@gmail.com> parents: 720 diff changeset	873
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	874	def checkIsNotParticipatingInProgramInScope(self, django_args):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	875	"""Checks if the current user has no roles for the given program in django_args.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	876
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	877	Args:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	878	django_args: a dictionary with django's arguments
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	879
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	880	Raises:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	881	AccessViolationResponse: if the current user has a student, mentor or
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	882	org admin role for the given program.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	883	"""
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	884
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	885	if not django_args.get('scope_path'):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	886	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	887
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	888	program_entity = program_logic.getFromKeyName(django_args['scope_path'])
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	889	user_entity = user_logic.getForCurrentAccount()
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	890
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	891	filter = {'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	892	'scope': program_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	893	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	894
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	895	# check if the current user is already a student for this program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	896	student_role = student_logic.getForFields(filter, unique=True)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	897
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	898	if student_role:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	899	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	900	message_fmt=DEF_ALREADY_PARTICIPATING_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	901
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	902	# fill the role_list with all the mentor and org admin roles for this user
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	903	role_list = []
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	904
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	905	filter = {'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	906	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	907
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	908	mentor_roles = mentor_logic.getForFields(filter)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	909	if mentor_roles:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	910	role_list += mentor_roles
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	911
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	912	org_admin_roles = org_admin_logic.getForFields(filter)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	913	if org_admin_roles:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	914	role_list += org_admin_roles
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	915
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	916	# check if the user has a role for the retrieved program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	917	for role in role_list:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	918
1388 237f4cf6936d Use the new program property in mentor and role for an access check. Lennard de Rijk <ljvderijk@gmail.com> parents: 1375 diff changeset	919	if role.program.key() == program_entity.key():
1375 edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	920	# the current user has a role for the given program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	921	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	922	message_fmt=DEF_ALREADY_PARTICIPATING_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	923
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	924	# no roles found, access granted
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	925	return
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	926
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	927	def checkIsNotStudentForProgramOfOrg(self, django_args):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	928	"""Checks if the current user has no active Student role for the program
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	929	that the organization in the scope_path is participating in.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	930
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	931	Args:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	932	django_args: a dictionary with django's arguments
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	933
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	934	Raises:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	935	AccessViolationResponse: if the current user is a student for the
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	936	program the organization is in.
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	937	"""
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	938
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	939	if not django_args.get('scope_path'):
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	940	raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	941
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	942	org_entity = org_logic.getFromKeyName(django_args['scope_path'])
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	943	user_entity = user_logic.getForCurrentAccount()
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	944
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	945	filter = {'scope': org_entity.scope,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	946	'user': user_entity,
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	947	'status': 'active'}
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	948
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	949	student_role = student_logic.getForFields(filter=filter, unique=True)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	950
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	951	if student_role:
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	952	raise out_of_band.AccessViolation(
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	953	message_fmt=DEF_ALREADY_STUDENT_ROLE_MSG)
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	954
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	955	return
edcb2add6934 Added new access methods. Lennard de Rijk <ljvderijk@gmail.com> parents: 1366 diff changeset	956
1180 6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	957	def checkIsMyEntity(self, django_args, logic,
6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	958	field_name='user', user=False):
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	959	"""Checks whether the entity belongs to the user.
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	960	"""
791 30da180c4bca Added the club_app view, logic and model Sverre Rabbelier <srabbelier@gmail.com> parents: 746 diff changeset	961
1012 73f0b61f2d9d Fold checkAgreesToSiteToS into checkIsUser Sverre Rabbelier <srabbelier@gmail.com> parents: 1007 diff changeset	962	self.checkIsUser(django_args)
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	963
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	964	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	965	'link_id': django_args['link_id'],
1180 6290c9e49848 Fixed club_app Sverre Rabbelier <srabbelier@gmail.com> parents: 1179 diff changeset	966	field_name: self.user if user else self.user.key().name()
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	967	}
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	968
1200 e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	969	if 'scope_path' in django_args:
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	970	fields['scope_path'] = django_args['scope_path']
e68fd70ba076 Added checkCanEditGroupApp to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1198 diff changeset	971
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	972	entity = logic.getForFields(fields)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	973
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	974	if entity:
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	975	return
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	976
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	977	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	978
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	979	@allowDeveloper
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	980	@denySidebar
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	981	def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	982	"""Returns an alternate HTTP response if the user is not allowed to manage
1068 8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	983	the role given in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	984
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	985	Args:
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	986	role_logic: determines the logic for the role in args.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	987	manage_role_logic: determines the logic for the role which is allowed
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	988	to manage this role.
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	989
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	990	Raises:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	991	AccessViolationResponse: if the required authorization is not met
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	992
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	993	Returns:
1068 8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	994	None if the given role is active and belongs to the current user.
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	995	None if the current User has an active role (from manage_role_logic)
8a06ebff014e Changed docstring for checkIsAllowedToManageRole. Lennard de Rijk <ljvderijk@gmail.com> parents: 1066 diff changeset	996	that belongs to the same scope as the role that needs to be managed
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	997	"""
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	998
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	999	try:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1000	# check if it is my role the user's own role
1248 f318538394d9 Rename checkHasActiveRole to checkHasActiveRoleForScope Sverre Rabbelier <srabbelier@gmail.com> parents: 1239 diff changeset	1001	self.checkHasActiveRoleForScope(django_args, role_logic)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1002	except out_of_band.Error:
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1003	pass
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1004
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1005	# apparently it's not the user's role so check if managing this role is allowed
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1006	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1007	'link_id': django_args['link_id'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1008	'scope_path': django_args['scope_path'],
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1009	}
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1010
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1011	role_entity = role_logic.getFromKeyFieldsOr404(fields)
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1012	if role_entity.status != 'active':
065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1013	raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ROLE_MSG)
914 6ec8dd2a73b3 Added various access methods in preperation for the new request system. Lennard de Rijk <ljvderijk@gmail.com> parents: 895 diff changeset	1014
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1015	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1016	'link_id': self.user.link_id,
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1017	'scope_path': django_args['scope_path'],
1142 da2487767ef4 Fix missing dot and wrong import sorting in soc.views.helper.access module. Pawel Solyga <Pawel.Solyga@gmail.com> parents: 1135 diff changeset	1018	'status': 'active'
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1019	}
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1020
1184 bd9c6101d41d Use .logic in checkIsAllowedToManageRole at the caller Sverre Rabbelier <srabbelier@gmail.com> parents: 1180 diff changeset	1021	manage_entity = manage_role_logic.getForFields(fields, unique=True)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1022
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1023	if not manage_entity:
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1024	raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
1066 b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1025
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1026	return
b22750a2b04a Added checkIsAllowedToManageRole to access.py. Lennard de Rijk <ljvderijk@gmail.com> parents: 1061 diff changeset	1027
1265 cecb2b35f805 Added allowsidebar to checkIsDocumentReadable. Lennard de Rijk <ljvderijk@gmail.com> parents: 1263 diff changeset	1028	@allowSidebar
1115 0a723ff3d27c Cleanups in base.Logic Sverre Rabbelier <srabbelier@gmail.com> parents: 1107 diff changeset	1029	@allowDeveloper
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1030	def checkIsDocumentReadable(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1031	"""Checks whether a document is readable.
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	1032
1007 3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1033	Args:
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1034	django_args: a dictionary with django's arguments
3b66772d21a5 Major refactor of the access module Sverre Rabbelier <srabbelier@gmail.com> parents: 999 diff changeset	1035	"""
699 4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic Sverre Rabbelier <srabbelier@gmail.com> parents: 639 diff changeset	1036
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1037	document = document_logic.getFromKeyFieldsOr404(django_args)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1038
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1039	self.checkMembership('read', document.prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1040	document.read_access, django_args)
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1041
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1042	@denySidebar
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1043	@allowDeveloper
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1044	def checkIsDocumentWritable(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1045	"""Checks whether a document is writable.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1046
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1047	Args:
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1048	django_args: a dictionary with django's arguments
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1049	"""
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1050
1239 065e5bcf90f0 Stylefixes in access.py and removal of self.deny calls Sverre Rabbelier <srabbelier@gmail.com> parents: 1237 diff changeset	1051	document = document_logic.getFromKeyFieldsOr404(django_args)
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1052
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1053	self.checkMembership('write', document.prefix,
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1054	document.write_access, django_args)
1074 94bc2a9ae103 Properly check if a program is active Sverre Rabbelier <srabbelier@gmail.com> parents: 1073 diff changeset	1055
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1056	@allowDeveloper
1318 3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1057	def checkDocumentList(self, django_args):
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1058	"""Checks whether the user is allowed to list documents.
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1059	"""
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1060
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1061	filter = django_args['filter']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1062
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1063	prefix = filter['prefix']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1064	scope_path = filter['scope_path']
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1065
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1066	checker = rights_logic.Checker(prefix)
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1067	roles = checker.getMembership('list')
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1068
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1069	if not self.hasMembership(roles, filter):
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1070	raise out_of_band.AccessViolation(message_fmt=DEF_NO_LIST_ACCESS_MSG)
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1071
3f41f33a4ad2 Add custom access check for document listing Sverre Rabbelier <srabbelier@gmail.com> parents: 1315 diff changeset	1072	@allowDeveloper
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1073	def checkDocumentPick(self, django_args):
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1074	"""Checks whether the user has access to the specified pick url.
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1075
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1076	Will update the 'read_access' field of django_args['GET'].
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1077	"""
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1078
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1079	get_args = django_args['GET']
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1080
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1081	# make mutable in order to inject the proper read_access filter
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1082	mutable = get_args._mutable
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1083	get_args._mutable = True
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1084
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1085	if 'prefix' not in get_args:
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1086	raise out_of_band.AccessViolation(message_fmt=DEF_PREFIX_NOT_IN_ARGS_MSG)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1087
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1088	prefix = get_args['prefix']
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1089
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1090	checker = rights_logic.Checker(prefix)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1091	memberships = checker.getMemberships()
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1092
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1093	roles = []
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1094	for key, value in memberships.iteritems():
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1095	if self.hasMembership(value, django_args):
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1096	roles.append(key)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1097
1309 ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1098	if not roles:
ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1099	roles = ['deny']
ba51a0cd311d Fix a bug if you have no roles at all Sverre Rabbelier <srabbelier@gmail.com> parents: 1308 diff changeset	1100
1305 9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1101	get_args.setlist('read_access', roles)
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1102	get_args._mutable = mutable
9567bb475d6d Do access checks on the pick url for documents Sverre Rabbelier <srabbelier@gmail.com> parents: 1300 diff changeset	1103
1135 24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1104	def checkCanEditTimeline(self, django_args):
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1105	"""Checks whether this program's timeline may be edited.
24d695060863 Hook up the ACL system for documents. Sverre Rabbelier <srabbelier@gmail.com> parents: 1122 diff changeset	1106	"""
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1107
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1108	time_line_keyname = django_args['scope_path']
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1109	timeline_entity = timeline_logic.getFromKeyName(time_line_keyname)
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1110
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1111	if not timeline_entity:
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1112	# timeline does not exists so deny
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1113	self.deny(django_args)
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1114
1122 659984867a9a Removed workflow type as keyfield from program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1115 diff changeset	1115	split_keyname = time_line_keyname.rsplit('/')
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1116
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1117	fields = {
d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1118	'scope_path' : split_keyname[0],
1122 659984867a9a Removed workflow type as keyfield from program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1115 diff changeset	1119	'link_id' : split_keyname[1],
1107 a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1120	}
a878188e225c Added status to program. Lennard de Rijk <ljvderijk@gmail.com> parents: 1085 diff changeset	1121
1163 d8c50be19232 Cleaned up access.py Sverre Rabbelier <srabbelier@gmail.com> parents: 1142 diff changeset	1122	self.checkIsHostForProgram(fields)

author	Sverre Rabbelier <srabbelier@gmail.com>
	Sat, 21 Feb 2009 20:14:19 +0000
changeset 1441	e633906ed88d
parent 1438	e484f9acf999
child 1442	8eec34007e80
permissions	-rw-r--r--