86 raise out_of_band.Error("Sidebar Calling") |
86 raise out_of_band.Error("Sidebar Calling") |
87 return fun(self, django_args, *args, **kwargs) |
87 return fun(self, django_args, *args, **kwargs) |
88 return wrapper |
88 return wrapper |
89 |
89 |
90 |
90 |
|
91 def allowDeveloper(fun): |
|
92 """Decorator that allows access if the current user is a Developer. |
|
93 """ |
|
94 |
|
95 from functools import wraps |
|
96 |
|
97 @wraps(fun) |
|
98 def wrapper(self, django_args, *args, **kwargs): |
|
99 try: |
|
100 # if the current user is a developer we allow access |
|
101 return self.checkIsDeveloper(django_args) |
|
102 except out_of_band.Error: |
|
103 return fun(self, django_args, *args, **kwargs) |
|
104 return wrapper |
|
105 |
|
106 |
91 class Checker(object): |
107 class Checker(object): |
92 """ |
108 """ |
93 The __setitem__() and __getitem__() methods are overloaded to DTRT |
109 The __setitem__() and __getitem__() methods are overloaded to DTRT |
94 when adding new access rights, and retrieving them, so use these |
110 when adding new access rights, and retrieving them, so use these |
95 rather then modifying rights directly if so desired. |
111 rather then modifying rights directly if so desired. |
376 * if User has not agreed to the site-wide ToS, or |
393 * if User has not agreed to the site-wide ToS, or |
377 * if no User exists for the logged-in Google Account, or |
394 * if no User exists for the logged-in Google Account, or |
378 * if the user is not even logged in |
395 * if the user is not even logged in |
379 """ |
396 """ |
380 |
397 |
381 try: |
|
382 # if the current user is a developer we allow access |
|
383 self.checkIsDeveloper(django_args) |
|
384 return |
|
385 except out_of_band.Error: |
|
386 pass |
|
387 |
|
388 self.checkIsUser(django_args) |
398 self.checkIsUser(django_args) |
389 |
399 |
390 user = user_logic.getForCurrentAccount() |
400 user = user_logic.getForCurrentAccount() |
391 |
401 |
392 if django_args.get('scope_path'): |
402 if django_args.get('scope_path'): |
453 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
463 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
454 'role': 'a Program Administrator '} |
464 'role': 'a Program Administrator '} |
455 |
465 |
456 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
466 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
457 |
467 |
|
468 @allowDeveloper |
458 def checkIsClubAdminForClub(self, django_args): |
469 def checkIsClubAdminForClub(self, django_args): |
459 """Returns an alternate HTTP response if Google Account has no Club Admin |
470 """Returns an alternate HTTP response if Google Account has no Club Admin |
460 entity for the specified club. |
471 entity for the specified club. |
461 |
472 |
462 Args: |
473 Args: |
469 None if Club Admin exists for the specified club, or a subclass of |
480 None if Club Admin exists for the specified club, or a subclass of |
470 django.http.HttpResponse which contains the alternate response |
481 django.http.HttpResponse which contains the alternate response |
471 should be returned by the calling view. |
482 should be returned by the calling view. |
472 """ |
483 """ |
473 |
484 |
474 try: |
|
475 # if the current user is invited to create a host profile we allow access |
|
476 checkIsDeveloper(django_args) |
|
477 return |
|
478 except out_of_band.Error: |
|
479 pass |
|
480 |
|
481 self.checkIsUser(django_args) |
485 self.checkIsUser(django_args) |
482 |
486 |
483 user = user_logic.getForCurrentAccount() |
487 user = user_logic.getForCurrentAccount() |
484 |
488 |
485 if django_args.get('scope_path'): |
489 if django_args.get('scope_path'): |
499 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
503 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
500 'role': 'a Club Admin for this Club'} |
504 'role': 'a Club Admin for this Club'} |
501 |
505 |
502 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
506 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
503 |
507 |
|
508 @allowDeveloper |
504 def checkIsApplicationAccepted(self, django_args, app_logic): |
509 def checkIsApplicationAccepted(self, django_args, app_logic): |
505 """Returns an alternate HTTP response if Google Account has no Club App |
510 """Returns an alternate HTTP response if Google Account has no Club App |
506 entity for the specified Club. |
511 entity for the specified Club. |
507 |
512 |
508 Args: |
513 Args: |
515 None if Club App exists for the specified program, or a subclass |
520 None if Club App exists for the specified program, or a subclass |
516 of django.http.HttpResponse which contains the alternate response |
521 of django.http.HttpResponse which contains the alternate response |
517 should be returned by the calling view. |
522 should be returned by the calling view. |
518 """ |
523 """ |
519 |
524 |
520 try: |
|
521 # if the current user is a developer we allow access |
|
522 checkIsDeveloper(django_args) |
|
523 return |
|
524 except out_of_band.Error: |
|
525 pass |
|
526 |
|
527 self.checkIsUser(django_args) |
525 self.checkIsUser(django_args) |
528 |
526 |
529 user = user_logic.getForCurrentAccount() |
527 user = user_logic.getForCurrentAccount() |
530 |
528 |
531 properties = { |
529 properties = { |
539 return |
537 return |
540 |
538 |
541 # TODO(srabbelier) Make this give a proper error message |
539 # TODO(srabbelier) Make this give a proper error message |
542 deny(django_args) |
540 deny(django_args) |
543 |
541 |
|
542 @allowDeveloper |
544 def checkIsMyNotification(self, django_args): |
543 def checkIsMyNotification(self, django_args): |
545 """Returns an alternate HTTP response if this request is for |
544 """Returns an alternate HTTP response if this request is for |
546 a Notification belonging to the current user. |
545 a Notification belonging to the current user. |
547 |
546 |
548 Args: |
547 Args: |
552 AccessViolationResponse: if the required authorization is not met |
551 AccessViolationResponse: if the required authorization is not met |
553 |
552 |
554 Returns: |
553 Returns: |
555 None if the current User is allowed to access this Notification. |
554 None if the current User is allowed to access this Notification. |
556 """ |
555 """ |
557 |
|
558 try: |
|
559 # if the current user is a developer we allow access |
|
560 checkIsDeveloper(django_args) |
|
561 return |
|
562 except out_of_band.Error: |
|
563 pass |
|
564 |
556 |
565 self.checkIsUser(django_args) |
557 self.checkIsUser(django_args) |
566 |
558 |
567 properties = dicts.filter(django_args, ['link_id', 'scope_path']) |
559 properties = dicts.filter(django_args, ['link_id', 'scope_path']) |
568 |
560 |
576 return None |
568 return None |
577 |
569 |
578 # TODO(ljvderijk) Make this give a proper error message |
570 # TODO(ljvderijk) Make this give a proper error message |
579 deny(django_args) |
571 deny(django_args) |
580 |
572 |
|
573 @allowDeveloper |
581 def checkIsMyApplication(self, django_args, app_logic): |
574 def checkIsMyApplication(self, django_args, app_logic): |
582 """Returns an alternate HTTP response if this request is for |
575 """Returns an alternate HTTP response if this request is for |
583 a Application belonging to the current user. |
576 a Application belonging to the current user. |
584 |
577 |
585 Args: |
578 Args: |
589 AccessViolationResponse: if the required authorization is not met |
582 AccessViolationResponse: if the required authorization is not met |
590 |
583 |
591 Returns: |
584 Returns: |
592 None if the current User is allowed to access this Application. |
585 None if the current User is allowed to access this Application. |
593 """ |
586 """ |
594 |
|
595 try: |
|
596 # if the current user is a developer we allow access |
|
597 self.checkIsDeveloper(django_args) |
|
598 return |
|
599 except out_of_band.Error: |
|
600 pass |
|
601 |
587 |
602 self.checkIsUser(django_args) |
588 self.checkIsUser(django_args) |
603 |
589 |
604 properties = dicts.filter(django_args, ['link_id']) |
590 properties = dicts.filter(django_args, ['link_id']) |
605 |
591 |
617 return None |
603 return None |
618 |
604 |
619 # TODO(srabbelier) Make this give a proper error message |
605 # TODO(srabbelier) Make this give a proper error message |
620 deny(django_args) |
606 deny(django_args) |
621 |
607 |
|
608 @allowDeveloper |
622 def checkIsMyActiveRole(self, django_args, role_logic): |
609 def checkIsMyActiveRole(self, django_args, role_logic): |
623 """Returns an alternate HTTP response if there is no active role found for |
610 """Returns an alternate HTTP response if there is no active role found for |
624 the current user using the given role_logic. |
611 the current user using the given role_logic. |
625 |
612 |
626 Raises: |
613 Raises: |