38 |
38 |
39 from soc.logic import accounts |
39 from soc.logic import accounts |
40 from soc.logic import dicts |
40 from soc.logic import dicts |
41 from soc.logic.models import host as host_logic |
41 from soc.logic.models import host as host_logic |
42 from soc.logic.models import notification as notification_logic |
42 from soc.logic.models import notification as notification_logic |
43 from soc.logic.models import group_app as group_app_logic |
43 from soc.logic.models import club_app as club_app_logic |
44 from soc.logic.models import user as user_logic |
44 from soc.logic.models import user as user_logic |
45 from soc.logic.models import request as request_logic |
45 from soc.logic.models import request as request_logic |
46 from soc.views import helper |
46 from soc.views import helper |
47 from soc.views import out_of_band |
47 from soc.views import out_of_band |
48 |
48 |
388 'reviewed': True, |
388 'reviewed': True, |
389 'accepted': True, |
389 'accepted': True, |
390 'application_completed': False, |
390 'application_completed': False, |
391 } |
391 } |
392 |
392 |
393 group_app = group_app_logic.logic.getForFields(properties, unique=True) |
393 club_app = club_app_logic.logic.getForFields(properties, unique=True) |
394 |
394 |
395 if group_app: |
395 if club_app: |
396 return |
396 return |
397 |
397 |
398 # TODO(srabbelier) Make this give a proper error message |
398 # TODO(srabbelier) Make this give a proper error message |
399 deny(request, args, kwargs) |
399 deny(request, args, kwargs) |
400 |
400 |
441 |
441 |
442 # TODO(ljvderijk) Make this give a proper error message |
442 # TODO(ljvderijk) Make this give a proper error message |
443 deny(request, args, kwargs) |
443 deny(request, args, kwargs) |
444 |
444 |
445 |
445 |
446 def checkIsMyApplication(request, args, kwargs): |
446 def checkIsMyApplication(app_logic): |
447 """Returns an alternate HTTP response if this request is for a Application belonging |
447 """Returns an alternate HTTP response if this request is for a Application belonging |
448 to the current user. |
448 to the current user. |
449 |
449 |
450 Args: |
450 Args: |
451 request: a Django HTTP request |
451 request: a Django HTTP request |
454 AccessViolationResponse: if the required authorization is not met |
454 AccessViolationResponse: if the required authorization is not met |
455 |
455 |
456 Returns: |
456 Returns: |
457 None if the current User is allowed to access this Application. |
457 None if the current User is allowed to access this Application. |
458 """ |
458 """ |
459 |
459 |
460 try: |
460 def wrapper(request, args, kwargs): |
461 # if the current user is a developer we allow access |
461 try: |
462 checkIsDeveloper(request, args, kwargs) |
462 # if the current user is a developer we allow access |
463 return |
463 checkIsDeveloper(request, args, kwargs) |
464 except out_of_band.Error: |
464 return |
465 pass |
465 except out_of_band.Error: |
466 |
466 pass |
467 checkIsUser(request, args, kwargs) |
467 |
468 |
468 checkIsUser(request, args, kwargs) |
469 # Mine the url for params |
469 |
470 try: |
470 properties = dicts.filter(kwargs, ['link_id']) |
471 callback, args, kwargs = urlresolvers.resolve(request.path) |
471 |
472 except Exception: |
472 application = app_logic.logic.getForFields(properties, unique=True) |
|
473 user = user_logic.logic.getForCurrentAccount() |
|
474 |
|
475 # We need to check to see if the key's are equal since the User |
|
476 # objects are different and the default __eq__ method does not check |
|
477 # if the keys are equal (which is what we want). |
|
478 if user.key() == application.applicant.key(): |
|
479 return None |
|
480 |
|
481 # TODO(srabbelier) Make this give a proper error message |
473 deny(request, args, kwargs) |
482 deny(request, args, kwargs) |
474 |
483 |
475 properties = dicts.filter(kwargs, ['link_id']) |
484 return wrapper |
476 |
|
477 application = group_app_logic.logic.getForFields(properties, unique=True) |
|
478 user = user_logic.logic.getForCurrentAccount() |
|
479 |
|
480 # We need to check to see if the key's are equal since the User |
|
481 # objects are different and the default __eq__ method does not check |
|
482 # if the keys are equal (which is what we want). |
|
483 if user.key() == application.applicant.key(): |
|
484 return None |
|
485 |
|
486 # TODO(srabbelier) Make this give a proper error message |
|
487 deny(request, args, kwargs) |
|
488 |
485 |
489 |
486 |
490 def checkCanInvite(request, args, kwargs): |
487 def checkCanInvite(request, args, kwargs): |
491 """Checks to see if the current user can create an invite. |
488 """Checks to see if the current user can create an invite. |
492 |
489 |