app/soc/views/helper/access.py
author Sverre Rabbelier <srabbelier@gmail.com>
Sun, 07 Dec 2008 19:02:02 +0000
changeset 709 e71b20847eb0
parent 699 4e8eefe95748
child 713 bcd480745f44
permissions -rw-r--r--
Add checkIsHost in access Patch by: Sverre Rabbelier
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     1
#!/usr/bin/python2.5
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     2
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     3
# Copyright 2008 the Melange authors.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     4
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     5
# Licensed under the Apache License, Version 2.0 (the "License");
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     6
# you may not use this file except in compliance with the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     7
# You may obtain a copy of the License at
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     8
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
     9
#   http://www.apache.org/licenses/LICENSE-2.0
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    10
#
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    11
# Unless required by applicable law or agreed to in writing, software
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    12
# distributed under the License is distributed on an "AS IS" BASIS,
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    13
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    14
# See the License for the specific language governing permissions and
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    15
# limitations under the License.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    16
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    17
"""Access control helper.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    18
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    19
The functions in this module can be used to check access control
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    20
related requirements. When the specified required conditions are not
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    21
met, an exception is raised. This exception contains a views that
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    22
either prompts for authentication, or informs the user that they
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    23
do not meet the required criteria.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    24
"""
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    25
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    26
__authors__ = [
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    27
  '"Todd Larsen" <tlarsen@google.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    28
  '"Sverre Rabbelier" <sverre@rabbelier.nl>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    29
  '"Pawel Solyga" <pawel.solyga@gmail.com>',
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    30
  ]
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    31
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    32
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    33
from google.appengine.api import users
315
c4f1a07ee340 Add missing blank lines between imports in access.py module.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 309
diff changeset
    34
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    35
from django.utils.translation import ugettext_lazy
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    36
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
    37
from soc.logic import accounts
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
    38
from soc.logic.models import host as host_logic
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
    39
from soc.logic.models import user as user_logic
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
    40
from soc.logic.models import request as request_logic
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    41
from soc.views import helper
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
    42
from soc.views import out_of_band
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    43
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    44
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    45
DEF_NO_USER_LOGIN_MSG_FMT = ugettext_lazy(
446
0b479d573a4c Refactoring of {site/home}_settings to make them use base.View
Sverre Rabbelier <srabbelier@gmail.com>
parents: 389
diff changeset
    46
  'Please create <a href="/user/edit">User Profile</a>'
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    47
  ' in order to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    48
320
a0a86306e7f6 Some indentations fixes and ugettext_lazy() wrap up for DEF_DEV_LOGOUT_LOGIN_MSG_FMT in access.py.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 315
diff changeset
    49
DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ugettext_lazy(
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    50
  'Please <a href="%%(sign_out)s">sign out</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    51
  ' and <a href="%%(sign_in)s">sign in</a>'
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    52
  ' again as %(role)s to view this page.')
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
    53
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    54
DEF_PAGE_DENIED_MSG = ugettext_lazy(
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    55
  'Access to this page has been restricted')
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    56
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    57
DEF_LOGOUT_MSG_FMT = ugettext_lazy(
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    58
    'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
    59
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    60
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    61
def checkAccess(access_type, request, rights):
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    62
  """Runs all the defined checks for the specified type.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    63
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    64
  Args:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    65
    access_type: the type of request (such as 'list' or 'edit')
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    66
    request: the Django request object
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    67
    rights: a dictionary containing access check functions
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    68
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    69
  Rights usage: 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    70
    The rights dictionary is used to check if the current user is allowed 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    71
    to view the page specified. The functions defined in this dictionary 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    72
    are always called with the django request object as argument. On any 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    73
    request, regardless of what type, the functions in the 'any_access' value 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    74
    are called. If the specified type is not in the rights dictionary, all 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    75
    the functions in the 'unspecified' value are called. When the specified 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    76
    type _is_ in the rights dictionary, all the functions in that access_type's 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    77
    value are called.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    78
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    79
  Returns:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    80
    True: If all the required access checks have been made successfully
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    81
    False: If a check failed, in this case self._response will contain
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
    82
      the response provided by the failed access check.
612
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    83
  """
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    84
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    85
  # Call each access checker
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    86
  for check in rights['any_access']:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    87
    check(request)
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    88
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    89
  if access_type not in rights:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    90
    for check in rights['unspecified']:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    91
      # No checks defined, so do the 'generic' checks and bail out
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    92
      check(request)
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    93
    return
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    94
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    95
  for check in rights[access_type]:
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    96
    check(request)
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    97
3cca81b1e5a1 Moved checkAccess and getCleanedFields into access and forms
Sverre Rabbelier <srabbelier@gmail.com>
parents: 590
diff changeset
    98
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
    99
def allow(request):
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   100
  """Never returns an alternate HTTP response.
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   101
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   102
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   103
    request: a Django HTTP request
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   104
  """
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   105
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   106
  return
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   107
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   108
def deny(request):
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   109
  """Returns an alternate HTTP response.
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   110
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   111
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   112
    request: a Django HTTP request
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   113
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   114
  Returns: 
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   115
    a subclass of django.http.HttpResponse which contains the
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   116
    alternate response that should be returned by the calling view.
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   117
  """
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   118
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   119
  context = {}
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   120
  context['title'] = 'Access denied'
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   121
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   122
  raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
508
2b90baceac88 Add a access.deny and access.allow method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 481
diff changeset
   123
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   124
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   125
def checkIsLoggedIn(request):
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   126
  """Returns an alternate HTTP response if Google Account is not logged in.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   127
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   128
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   129
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   130
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   131
   Raises:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   132
     AccessViolationResponse: if the required authorization is not met
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   133
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   134
  Returns:
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   135
    None if the user is logged in, or a subclass of
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   136
    django.http.HttpResponse which contains the alternate response
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   137
    that should be returned by the calling view.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   138
  """
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   139
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   140
  if users.get_current_user():
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   141
    return
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   142
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   143
  raise out_of_band.LoginRequest()
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   144
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   145
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   146
def checkNotLoggedIn(request):
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   147
  """Returns an alternate HTTP response if Google Account is not logged in.
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   148
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   149
  Args:
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   150
    request: a Django HTTP request
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   151
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   152
   Raises:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   153
     AccessViolationResponse: if the required authorization is not met
590
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   154
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   155
  Returns:
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   156
    None if the user is logged in, or a subclass of
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   157
    django.http.HttpResponse which contains the alternate response
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   158
    that should be returned by the calling view.
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   159
  """
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   160
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   161
  if not users.get_current_user():
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   162
    return
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   163
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   164
  raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   165
37735d97b541 Created a seperate module for editSelf things
Sverre Rabbelier <srabbelier@gmail.com>
parents: 543
diff changeset
   166
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   167
def checkIsUser(request):
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   168
  """Returns an alternate HTTP response if Google Account has no User entity.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   169
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   170
  Args:
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   171
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   172
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   173
   Raises:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   174
     AccessViolationResponse: if the required authorization is not met
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   175
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   176
  Returns:
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
   177
    None if User exists for a Google Account, or a subclass of
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   178
    django.http.HttpResponse which contains the alternate response
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   179
    should be returned by the calling view.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   180
  """
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   181
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   182
  checkIsLoggedIn(request)
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   183
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   184
  user = user_logic.logic.getForFields(
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
   185
      {'account': users.get_current_user()}, unique=True)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   186
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   187
  if user:
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   188
    return
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   189
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   190
  raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG_FMT)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   191
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   192
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   193
def checkIsDeveloper(request):
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   194
  """Returns an alternate HTTP response if Google Account is not a Developer.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   195
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   196
  Args:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   197
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   198
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   199
   Raises:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   200
     AccessViolationResponse: if the required authorization is not met
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   201
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   202
  Returns:
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
   203
    None if Google Account is logged in and logged-in user is a Developer,
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
   204
    or a subclass of django.http.HttpResponse which contains the alternate
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   205
    response should be returned by the calling view.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   206
  """
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   207
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   208
  checkIsUser(request)
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   209
481
94834a1e6c01 Attempt to rename User.id to User.account, in preparation for making User be
Todd Larsen <tlarsen@google.com>
parents: 448
diff changeset
   210
  if accounts.isDeveloper(account=users.get_current_user()):
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   211
    return
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   212
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   213
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   214
      'role': 'a site developer '}
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   215
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   216
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   217
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   218
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   219
def checkIsHost(request):
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   220
  """Returns an alternate HTTP response if Google Account has no Host entity
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   221
     for the specified program.
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   222
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   223
  Args:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   224
    request: a Django HTTP request
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   225
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   226
   Raises:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   227
     AccessViolationResponse: if the required authorization is not met
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   228
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   229
  Returns:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   230
    None if Host exists for the specified program, or a subclass of
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   231
    django.http.HttpResponse which contains the alternate response
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   232
    should be returned by the calling view.
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   233
  """
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   234
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   235
  try:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   236
    # if the current user is a developer we allow access
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   237
    checkIsInvited(request)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   238
    return
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   239
  except out_of_band.Error:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   240
    pass
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   241
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   242
  checkIsUser(request)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   243
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   244
  user = user_logic.logic.getForFields(
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   245
      {'account': users.get_current_user()}, unique=True)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   246
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   247
  host = host_logic.logic.getForFields(
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   248
      {'user': user}, unique=True)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   249
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   250
  if host:
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   251
    return
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   252
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   253
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   254
      'role': 'a host '}
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   255
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   256
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   257
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   258
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   259
def checkIsInvited(request):
389
9b873166d7d5 Fix identions, too long lines, unused imports and some other mistakes.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 361
diff changeset
   260
  """Returns an alternate HTTP response if Google Account has no Host entity
9b873166d7d5 Fix identions, too long lines, unused imports and some other mistakes.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 361
diff changeset
   261
     for the specified program.
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   262
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   263
  Args:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   264
    request: a Django HTTP request
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   265
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   266
   Raises:
639
1f92bd41b914 Some docstring fixes in few modules (soc.views.helper soc.views.models.base).
Pawel Solyga <Pawel.Solyga@gmail.com>
parents: 633
diff changeset
   267
     AccessViolationResponse: if the required authorization is not met
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   268
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   269
  Returns:
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   270
    None if Host exists for the specified program, or a subclass of
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   271
    django.http.HttpResponse which contains the alternate response
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   272
    should be returned by the calling view.
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   273
  """
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   274
633
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   275
  try:
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   276
    # if the current user is a developer we allow access
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   277
    checkIsDeveloper(request)
633
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   278
    return
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   279
  except out_of_band.Error:
899ec5d546bd Allow developers access to anything that does a checkIsInvited.
Lennard de Rijk <ljvderijk@gmail.com>
parents: 617
diff changeset
   280
    pass
709
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   281
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   282
  checkIsUser(request)
e71b20847eb0 Add checkIsHost in access
Sverre Rabbelier <srabbelier@gmail.com>
parents: 699
diff changeset
   283
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   284
  login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   285
      'role': 'a host for this program'}
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   286
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   287
  splitpath = request.path.split('/')
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   288
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   289
  if len(splitpath) < 4:
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   290
    # TODO: perhaps this needs a better explanation?
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   291
    deny(request)
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   292
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   293
  role = splitpath[1]
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   294
  group_id = splitpath[3]
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   295
  user_id = splitpath[4]
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   296
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   297
  user = user_logic.logic.getForFields(
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   298
      {'account': users.get_current_user()}, unique=True)
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   299
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   300
  if user_id != user.link_id:
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   301
    # TODO: perhaps this needs a better explanation?
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   302
    deny(request)
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   303
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   304
  properties = {
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   305
      'link_id': user_id,
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   306
      'role': role,
617
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   307
      'scope_path': group_id,
9cc42981d40a Now invited users can create a new Host profile
Sverre Rabbelier <srabbelier@gmail.com>
parents: 612
diff changeset
   308
      'group_accepted': True,
525
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   309
      }
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   310
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   311
  request = request_logic.logic.getForFields(properties, unique=True)
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   312
1dc62d570eff Created a checkIsInvited method
Sverre Rabbelier <srabbelier@gmail.com>
parents: 508
diff changeset
   313
  if request:
293
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   314
    return
1edd01373e71 Add an access control module
Sverre Rabbelier <srabbelier@gmail.com>
parents:
diff changeset
   315
543
280a1ac6bcc1 Merge soc/logic/out_of_band.py into soc/views/out_of_band.py. Merge
Todd Larsen <tlarsen@google.com>
parents: 525
diff changeset
   316
  raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
699
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   317
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   318
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   319
def checkIsDocumentPublic(request):
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   320
  """Checks whether a document is public
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   321
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   322
  Args:
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   323
    request: a Django HTTP request
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   324
  """
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   325
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   326
  # TODO: A proper check needs to be done to see if the document
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   327
  # is public or not, probably involving analysing it's scope or such.
4e8eefe95748 Add and use a placeholder for checkIsDocumentPublic
Sverre Rabbelier <srabbelier@gmail.com>
parents: 639
diff changeset
   328
  allow(request)