56 DEF_LOGOUT_MSG_FMT = ugettext_lazy( |
56 DEF_LOGOUT_MSG_FMT = ugettext_lazy( |
57 'Please <a href="%(sign_out)s">sign out</a> in order to view this page') |
57 'Please <a href="%(sign_out)s">sign out</a> in order to view this page') |
58 |
58 |
59 |
59 |
60 def checkAccess(access_type, request, rights): |
60 def checkAccess(access_type, request, rights): |
61 """Runs all the defined checks for the specified type |
61 """Runs all the defined checks for the specified type. |
62 |
62 |
63 Args: |
63 Args: |
64 access_type: the type of request (such as 'list' or 'edit') |
64 access_type: the type of request (such as 'list' or 'edit') |
65 request: the Django request object |
65 request: the Django request object |
66 rights: A dictionary containing access check functions |
66 rights: a dictionary containing access check functions |
67 |
67 |
68 Rights usage: The rights dictionary is used to check if the |
68 Rights usage: |
69 current user is allowed to view the page specified. The |
69 The rights dictionary is used to check if the current user is allowed |
70 functions defined in this dictionary are always called with the |
70 to view the page specified. The functions defined in this dictionary |
71 django request object as argument. |
71 are always called with the django request object as argument. On any |
72 On any request, regardless of what type, the functions in the |
72 request, regardless of what type, the functions in the 'any_access' value |
73 'any_access' value are called. |
73 are called. If the specified type is not in the rights dictionary, all |
74 If the specified type is not in the rights dictionary, all the |
74 the functions in the 'unspecified' value are called. When the specified |
75 functions in the 'unspecified' value are called. |
75 type _is_ in the rights dictionary, all the functions in that access_type's |
76 When the specified type _is_ in the rights dictionary, all the |
76 value are called. |
77 functions in that access_type's value are called. |
|
78 |
77 |
79 Returns: |
78 Returns: |
80 True: If all the required access checks have been made successfully |
79 True: If all the required access checks have been made successfully |
81 False: If a check failed, in this case self._response will contain |
80 False: If a check failed, in this case self._response will contain |
82 the response provided by the failed access check. |
81 the response provided by the failed access check. |
83 """ |
82 """ |
84 |
83 |
85 # Call each access checker |
84 # Call each access checker |
86 for check in rights['any_access']: |
85 for check in rights['any_access']: |
87 check(request) |
86 check(request) |
95 for check in rights[access_type]: |
94 for check in rights[access_type]: |
96 check(request) |
95 check(request) |
97 |
96 |
98 |
97 |
99 def allow(request): |
98 def allow(request): |
100 """Never returns an alternate HTTP response |
99 """Never returns an alternate HTTP response. |
101 |
100 |
102 Args: |
101 Args: |
103 request: a Django HTTP request |
102 request: a Django HTTP request |
104 """ |
103 """ |
105 |
104 |
106 return |
105 return |
107 |
106 |
108 def deny(request): |
107 def deny(request): |
109 """Returns an alternate HTTP response |
108 """Returns an alternate HTTP response. |
110 |
109 |
111 Args: |
110 Args: |
112 request: a Django HTTP request |
111 request: a Django HTTP request |
113 |
112 |
114 Returns: a subclass of django.http.HttpResponse which contains the |
113 Returns: |
115 alternate response that should be returned by the calling view. |
114 a subclass of django.http.HttpResponse which contains the |
|
115 alternate response that should be returned by the calling view. |
116 """ |
116 """ |
117 |
117 |
118 context = helper.responses.getUniversalContext(request) |
118 context = helper.responses.getUniversalContext(request) |
119 context['title'] = 'Access denied' |
119 context['title'] = 'Access denied' |
120 |
120 |
126 |
126 |
127 Args: |
127 Args: |
128 request: a Django HTTP request |
128 request: a Django HTTP request |
129 |
129 |
130 Raises: |
130 Raises: |
131 AccessViolationResponse: If the required authorization is not met. |
131 AccessViolationResponse: if the required authorization is not met |
132 |
132 |
133 Returns: |
133 Returns: |
134 None if the user is logged in, or a subclass of |
134 None if the user is logged in, or a subclass of |
135 django.http.HttpResponse which contains the alternate response |
135 django.http.HttpResponse which contains the alternate response |
136 that should be returned by the calling view. |
136 that should be returned by the calling view. |
147 |
147 |
148 Args: |
148 Args: |
149 request: a Django HTTP request |
149 request: a Django HTTP request |
150 |
150 |
151 Raises: |
151 Raises: |
152 AccessViolationResponse: If the required authorization is not met. |
152 AccessViolationResponse: if the required authorization is not met |
153 |
153 |
154 Returns: |
154 Returns: |
155 None if the user is logged in, or a subclass of |
155 None if the user is logged in, or a subclass of |
156 django.http.HttpResponse which contains the alternate response |
156 django.http.HttpResponse which contains the alternate response |
157 that should be returned by the calling view. |
157 that should be returned by the calling view. |
168 |
168 |
169 Args: |
169 Args: |
170 request: a Django HTTP request |
170 request: a Django HTTP request |
171 |
171 |
172 Raises: |
172 Raises: |
173 AccessViolationResponse: If the required authorization is not met. |
173 AccessViolationResponse: if the required authorization is not met |
174 |
174 |
175 Returns: |
175 Returns: |
176 None if User exists for a Google Account, or a subclass of |
176 None if User exists for a Google Account, or a subclass of |
177 django.http.HttpResponse which contains the alternate response |
177 django.http.HttpResponse which contains the alternate response |
178 should be returned by the calling view. |
178 should be returned by the calling view. |
191 |
191 |
192 def checkIsDeveloper(request): |
192 def checkIsDeveloper(request): |
193 """Returns an alternate HTTP response if Google Account is not a Developer. |
193 """Returns an alternate HTTP response if Google Account is not a Developer. |
194 |
194 |
195 Args: |
195 Args: |
196 request: A Django HTTP request |
196 request: a Django HTTP request |
197 |
197 |
198 Raises: |
198 Raises: |
199 AccessViolationResponse: If the required authorization is not met. |
199 AccessViolationResponse: if the required authorization is not met |
200 |
200 |
201 Returns: |
201 Returns: |
202 None if Google Account is logged in and logged-in user is a Developer, |
202 None if Google Account is logged in and logged-in user is a Developer, |
203 or a subclass of django.http.HttpResponse which contains the alternate |
203 or a subclass of django.http.HttpResponse which contains the alternate |
204 response should be returned by the calling view. |
204 response should be returned by the calling view. |
218 def checkIsInvited(request): |
218 def checkIsInvited(request): |
219 """Returns an alternate HTTP response if Google Account has no Host entity |
219 """Returns an alternate HTTP response if Google Account has no Host entity |
220 for the specified program. |
220 for the specified program. |
221 |
221 |
222 Args: |
222 Args: |
223 request: A Django HTTP request |
223 request: a Django HTTP request |
224 |
224 |
225 Raises: |
225 Raises: |
226 AccessViolationResponse: If the required authorization is not met. |
226 AccessViolationResponse: if the required authorization is not met |
227 |
227 |
228 Returns: |
228 Returns: |
229 None if Host exists for the specified program, or a subclass of |
229 None if Host exists for the specified program, or a subclass of |
230 django.http.HttpResponse which contains the alternate response |
230 django.http.HttpResponse which contains the alternate response |
231 should be returned by the calling view. |
231 should be returned by the calling view. |