729 def checkGroupIsActiveForLinkId(self, django_args, logic): |
732 def checkGroupIsActiveForLinkId(self, django_args, logic): |
730 """Checks that the specified group is active. |
733 """Checks that the specified group is active. |
731 |
734 |
732 Only group where the link_id matches the value of the link_id |
735 Only group where the link_id matches the value of the link_id |
733 from the django_args are considered. |
736 from the django_args are considered. |
734 |
737 |
735 Args: |
738 Args: |
736 django_args: a dictionary with django's arguments |
739 django_args: a dictionary with django's arguments |
737 logic: the logic that should be used to look up the entity |
740 logic: the logic that should be used to look up the entity |
738 """ |
741 """ |
739 |
742 |
740 return self._checkIsActive(django_args, logic, ['link_id']) |
743 return self._checkIsActive(django_args, logic, ['link_id']) |
741 |
744 |
742 def checkHasActiveRole(self, django_args, logic): |
745 def checkHasActiveRole(self, django_args, logic): |
743 """Checks that the user has the specified active role. |
746 """Checks that the user has the specified active role. |
744 |
747 |
745 Args: |
748 Args: |
746 django_args: a dictionary with django's arguments |
749 django_args: a dictionary with django's arguments |
747 logic: the logic that should be used to look up the entity |
750 logic: the logic that should be used to look up the entity |
748 """ |
751 """ |
749 |
752 |
884 # tell the user that this group is not active |
887 # tell the user that this group is not active |
885 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG) |
888 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG) |
886 |
889 |
887 return |
890 return |
888 |
891 |
889 def checkCanCreateFromRequest(self, django_args, role_name): |
892 def checkCanCreateFromRequest(self, django_args): |
890 """Raises an alternate HTTP response if the specified request does not exist |
893 """Raises an alternate HTTP response if the specified request does not exist |
891 or if it's status is not group_accepted. Also when the group this request |
894 or if it's status is not group_accepted. Also when the group this request |
892 is from is in an inactive or invalid status access will be denied. |
895 is from is in an inactive or invalid status access will be denied. |
893 |
896 |
894 Args: |
897 Args: |
895 django_args: a dictionary with django's arguments |
898 django_args: a dictionary with django's arguments |
896 role_name: name of the role |
899 """ |
897 """ |
900 |
898 |
901 self.checkIsUser(django_args) |
899 self.checkIsUserSelf(django_args, 'link_id') |
902 |
900 |
903 id = int(django_args['id']) |
901 fields = { |
904 |
902 'link_id': django_args['link_id'], |
905 request_entity = request_logic.getFromIDOr404(id) |
903 'scope_path': django_args['scope_path'], |
906 |
904 'role': role_name, |
907 if request_entity.status != 'group_accepted': |
905 'status': 'group_accepted', |
908 raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_NOT_ACCEPTED_MSG) |
906 } |
909 |
907 |
910 if request_entity.group.status in ['invalid', 'inactive']: |
908 entity = request_logic.getForFields(fields, unique=True) |
911 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG) |
909 # pylint: disable-msg=E1103 |
912 |
910 if entity and (entity.scope.status not in ['invalid', 'inactive']): |
913 if request_entity.user.key() != self.user.key(): |
911 return |
914 # this request does not belong to the user creating the role |
912 |
915 raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG) |
913 raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG) |
916 |
|
917 return |
914 |
918 |
915 def checkIsMyGroupAcceptedRequest(self, django_args): |
919 def checkIsMyGroupAcceptedRequest(self, django_args): |
916 """Checks whether the user can accept the specified request. |
920 """Checks whether the user can accept the specified request. |
917 |
921 |
918 Args: |
922 Args: |
919 django_args: a dictionary with django's arguments |
923 django_args: a dictionary with django's arguments |
920 """ |
924 """ |
921 |
925 |
922 self.checkCanCreateFromRequest(django_args, django_args['role']) |
926 self.checkIsUser(django_args) |
923 |
927 |
924 def checkCanProcessRequest(self, django_args, role_name): |
928 id = int(django_args['id']) |
|
929 |
|
930 request_entity = request_logic.getFromIDOr404(id) |
|
931 |
|
932 if request_entity.user.key() != self.user.key(): |
|
933 # this is not the current user's request |
|
934 raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG) |
|
935 |
|
936 if request_entity.status != 'group_accepted': |
|
937 raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_NOT_ACCEPTED_MSG) |
|
938 |
|
939 if request_entity.group.status == 'active': |
|
940 return |
|
941 |
|
942 raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG) |
|
943 |
|
944 def checkCanProcessRequest(self, django_args, role_logics): |
925 """Raises an alternate HTTP response if the specified request does not exist |
945 """Raises an alternate HTTP response if the specified request does not exist |
926 or if it's status is completed or denied. Also Raises an alternate HTTP response |
946 or if it's status is completed or rejected. Also Raises an alternate HTTP response |
927 whenever the group in the request is not active. |
947 whenever the group in the request is not active. |
928 |
948 |
929 Args: |
949 Args: |
930 django_args: a dictionary with django's arguments |
950 django_args: a dictionary with django's arguments |
931 role_name: name of the role |
951 role_logics: list with Logic instances for roles who can process |
|
952 requests for the group the request is for. |
932 """ |
953 """ |
933 |
954 |
934 self.checkIsUser(django_args) |
955 self.checkIsUser(django_args) |
935 |
956 |
936 fields = { |
957 id = int(django_args['id']) |
937 'link_id': django_args['link_id'], |
958 |
938 'scope_path': django_args['scope_path'], |
959 request_entity = request_logic.getFromIDOr404(id) |
939 'role': role_name, |
960 |
940 } |
961 if request_entity.status in ['completed', 'rejected']: |
941 |
|
942 request_entity = request_logic.getFromKeyFieldsOr404(fields) |
|
943 |
|
944 if request_entity.status in ['completed', 'denied']: |
|
945 raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG) |
962 raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG) |
946 |
963 |
947 if request_entity.scope.status == 'active': |
964 if request_entity.group.status != 'active': |
948 return |
965 raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG) |
949 |
966 |
950 raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG) |
967 role_fields = {'user': self.user, |
|
968 'scope': request_entity.group, |
|
969 'status': 'active'} |
|
970 role_entity = None |
|
971 |
|
972 for role_logic in role_logics: |
|
973 role_entity = role_logic.getForFields(role_fields, unique=True) |
|
974 |
|
975 if role_entity: |
|
976 break; |
|
977 |
|
978 if not role_entity: |
|
979 # the current user does not have the necessary role |
|
980 raise out_of_band.AccessViolation(message_fmt=DEF_NEED_ROLE_MSG) |
|
981 |
|
982 return |
951 |
983 |
952 @allowDeveloper |
984 @allowDeveloper |
953 @denySidebar |
985 @denySidebar |
954 def checkIsHostForProgram(self, django_args): |
986 def checkIsHostForProgram(self, django_args): |
955 """Checks if the user is a host for the specified program. |
987 """Checks if the user is a host for the specified program. |
1295 if student_role: |
1329 if student_role: |
1296 raise out_of_band.AccessViolation( |
1330 raise out_of_band.AccessViolation( |
1297 message_fmt=DEF_ALREADY_STUDENT_ROLE_MSG) |
1331 message_fmt=DEF_ALREADY_STUDENT_ROLE_MSG) |
1298 |
1332 |
1299 return |
1333 return |
|
1334 |
|
1335 def checkIsNotStudentForProgramOfOrgInRequest(self, django_args, org_logic, |
|
1336 student_logic): |
|
1337 """Checks if the current user has no active Student role for the program |
|
1338 that the organization in the request is participating in. |
|
1339 |
|
1340 Args: |
|
1341 django_args: a dictionary with django's arguments |
|
1342 org_logic: Organization logic instance |
|
1343 student_logic: Student logic instance |
|
1344 |
|
1345 Raises: |
|
1346 AccessViolationResponse: if the current user is a student for the |
|
1347 program the organization is in. |
|
1348 """ |
|
1349 |
|
1350 request_entity = request_logic.getFromIDOr404(int(django_args['id'])) |
|
1351 |
|
1352 django_args['scope_path'] = request_entity.group.key().id_or_name() |
|
1353 |
|
1354 return self.checkIsNotStudentForProgramOfOrg(django_args, org_logic, student_logic) |
1300 |
1355 |
1301 @allowDeveloper |
1356 @allowDeveloper |
1302 def checkRoleAndStatusForStudentProposal(self, django_args, allowed_roles, |
1357 def checkRoleAndStatusForStudentProposal(self, django_args, allowed_roles, |
1303 role_status, proposal_status): |
1358 role_status, proposal_status): |
1304 """Checks if the current user has access to the given proposal. |
1359 """Checks if the current user has access to the given proposal. |