py_tasks_melange: comparison app/soc/views/helper/access.py

equal deleted inserted replaced

-:6907a33ca0a2
+:1dc307cb97d0
 'anymore (it has been completed or rejected).')
 DEF_REQUEST_COMPLETED_MSG = ugettext(
 'This request cannot be accepted (it is either completed or denied).')
+DEF_REQUEST_NOT_ACCEPTED_MSG = ugettext(
+'This request has not been accepted by the group (it can also be completed already).')
 DEF_SCOPE_INACTIVE_MSG = ugettext(
 'The scope for this request is not active.')
 DEF_SIGN_UP_AS_STUDENT_MSG = ugettext(
 'You need to sign up as a Student first.')
 def checkGroupIsActiveForScopeAndLinkId(self, django_args, logic):
 """Checks that the specified group is active.
 Only group where both the link_id and the scope_path match the value
 of the link_id and the scope_path from the django_args are considered.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 def checkGroupIsActiveForLinkId(self, django_args, logic):
 """Checks that the specified group is active.
 Only group where the link_id matches the value of the link_id
 from the django_args are considered.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 return self._checkIsActive(django_args, logic, ['link_id'])
 def checkHasActiveRole(self, django_args, logic):
 """Checks that the user has the specified active role.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 def _checkHasActiveRoleFor(self, django_args, logic, field_name):
 """Checks that the user has the specified active role.
 Only roles where the field as specified by field_name matches the
 scope_path from the django_args are considered.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 django_args['user'] = self.user
 return self._checkIsActive(django_args, logic, fields)
 def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic):
 """Checks that the user has the specified active role.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 def checkHasActiveRoleForScope(self, django_args, logic):
 """Checks that the user has the specified active role.
 Only roles where the scope_path matches the scope_path from the
 django_args are considered.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 def checkHasActiveRoleForLinkId(self, django_args, logic):
 """Checks that the user has the specified active role.
 Only roles where the link_id matches the link_id from the
 django_args are considered.
 Args:
 django_args: a dictionary with django's arguments
 logic: the logic that should be used to look up the entity
 """
 # tell the user that this group is not active
 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
 return
-def checkCanCreateFromRequest(self, django_args, role_name):
+def checkCanCreateFromRequest(self, django_args):
 """Raises an alternate HTTP response if the specified request does not exist
 or if it's status is not group_accepted. Also when the group this request
 is from is in an inactive or invalid status access will be denied.
 Args:
 django_args: a dictionary with django's arguments
-role_name: name of the role
+"""
-"""
+self.checkIsUser(django_args)
-self.checkIsUserSelf(django_args, 'link_id')
+id = int(django_args['id'])
-fields = {
-'link_id': django_args['link_id'],
+request_entity = request_logic.getFromIDOr404(id)
-'scope_path': django_args['scope_path'],
-'role': role_name,
+if request_entity.status != 'group_accepted':
-'status': 'group_accepted',
+raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_NOT_ACCEPTED_MSG)
-}
+if request_entity.group.status in ['invalid', 'inactive']:
-entity = request_logic.getForFields(fields, unique=True)
+raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG)
-# pylint: disable-msg=E1103
-if entity and (entity.scope.status not in ['invalid', 'inactive']):
+if request_entity.user.key() != self.user.key():
-return
+# this request does not belong to the user creating the role
+raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
-raise out_of_band.AccessViolation(message_fmt=DEF_NO_REQUEST_MSG)
+return
 def checkIsMyGroupAcceptedRequest(self, django_args):
 """Checks whether the user can accept the specified request.
 Args:
 django_args: a dictionary with django's arguments
 """
-self.checkCanCreateFromRequest(django_args, django_args['role'])
+self.checkIsUser(django_args)
-def checkCanProcessRequest(self, django_args, role_name):
+id = int(django_args['id'])
+request_entity = request_logic.getFromIDOr404(id)
+if request_entity.user.key() != self.user.key():
+# this is not the current user's request
+raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
+if request_entity.status != 'group_accepted':
+raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_NOT_ACCEPTED_MSG)
+if request_entity.group.status == 'active':
+return
+raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
+def checkCanProcessRequest(self, django_args, role_logics):
 """Raises an alternate HTTP response if the specified request does not exist
-or if it's status is completed or denied. Also Raises an alternate HTTP response
+or if it's status is completed or rejected. Also Raises an alternate HTTP response
 whenever the group in the request is not active.
 Args:
 django_args: a dictionary with django's arguments
-role_name: name of the role
+role_logics: list with Logic instances for roles who can process
+requests for the group the request is for.
 """
 self.checkIsUser(django_args)
-fields = {
+id = int(django_args['id'])
-'link_id': django_args['link_id'],
-'scope_path': django_args['scope_path'],
+request_entity = request_logic.getFromIDOr404(id)
-'role': role_name,
-}
+if request_entity.status in ['completed', 'rejected']:
-request_entity = request_logic.getFromKeyFieldsOr404(fields)
-if request_entity.status in ['completed', 'denied']:
 raise out_of_band.AccessViolation(message_fmt=DEF_REQUEST_COMPLETED_MSG)
-if request_entity.scope.status == 'active':
+if request_entity.group.status != 'active':
-return
+raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
-raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG)
+role_fields = {'user': self.user,
+'scope': request_entity.group,
+'status': 'active'}
+role_entity = None
+for role_logic in role_logics:
+role_entity = role_logic.getForFields(role_fields, unique=True)
+if role_entity:
+break;
+if not role_entity:
+# the current user does not have the necessary role
+raise out_of_band.AccessViolation(message_fmt=DEF_NEED_ROLE_MSG)
+return
 @allowDeveloper
 @denySidebar
 def checkIsHostForProgram(self, django_args):
 """Checks if the user is a host for the specified program.
 """
 if not django_args.get('scope_path'):
 raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG)
+self.checkIsUser(django_args)
 org_entity = org_logic.getFromKeyNameOr404(django_args['scope_path'])
-user_entity = user_logic.getForCurrentAccount()
+user_entity = self.user
 filter = {'scope': org_entity.scope,
 'user': user_entity,
 'status': 'active'}
 if student_role:
 raise out_of_band.AccessViolation(
 message_fmt=DEF_ALREADY_STUDENT_ROLE_MSG)
 return
+def checkIsNotStudentForProgramOfOrgInRequest(self, django_args, org_logic,
+student_logic):
+"""Checks if the current user has no active Student role for the program
+that the organization in the request is participating in.
+Args:
+django_args: a dictionary with django's arguments
+org_logic: Organization logic instance
+student_logic: Student logic instance
+Raises:
+AccessViolationResponse: if the current user is a student for the
+program the organization is in.
+"""
+request_entity = request_logic.getFromIDOr404(int(django_args['id']))
+django_args['scope_path'] = request_entity.group.key().id_or_name()
+return self.checkIsNotStudentForProgramOfOrg(django_args, org_logic, student_logic)
 @allowDeveloper
 def checkRoleAndStatusForStudentProposal(self, django_args, allowed_roles,
 role_status, proposal_status):
 """Checks if the current user has access to the given proposal.

changeset 3053	1dc307cb97d0
parent 3032	f3886d1b00a5
child 3067	371e1979ee6a