py_tasks_melange: comparison app/soc/views/helper/access.py

equal deleted inserted replaced

-:1e6ac8f61a97
+:30ada09bdc6f
 def decorator(fun):
 """Decorator that allows access if the current user is a Developer.
 """
 @wraps(fun)
-def wrapper(self, django_args, *args, **kwargs):
+def wrapper(self, django_args=None, *args, **kwargs):
 try:
 # if the check passes we allow access regardless
 return self.doCheck(checker_name, django_args, [])
 except out_of_band.Error:
 # otherwise we run the original check
 self.check(use_cache, checker_name, django_args, args)
 def hasMembership(self, roles, django_args):
 """Checks whether the user has access to any of the specified roles.
+Makes use of self.MEMBERSHIP, which defines checkers specific to
+document access, as such this method should only be used when checking
+document access.
 Args:
 roles: a list of roles to check
+django_args: the django args that should be passed to doCheck
 """
 try:
 # we need to check manually, as we must return True!
 self.checkIsDeveloper(django_args)
 django_args: a dictionary with django's arguments
 """
 return
-def deny(self, django_args):
+def deny(self, django_args=None):
 """Always raises an alternate HTTP response.
 Args:
 django_args: a dictionary with django's arguments
 context = django_args.get('context', {})
 context['title'] = 'Access denied'
 raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
-def checkIsLoggedIn(self, django_args):
+def checkIsLoggedIn(self, django_args=None):
 """Raises an alternate HTTP response if Google Account is not logged in.
 Args:
-django_args: a dictionary with django's arguments
+django_args: a dictionary with django's arguments, not used
 Raises:
 AccessViolationResponse:
 * if no Google Account is even logged in
 """
 if self.id:
 return
 raise out_of_band.LoginRequest()
-def checkNotLoggedIn(self, django_args):
+def checkNotLoggedIn(self, django_args=None):
 """Raises an alternate HTTP response if Google Account is logged in.
 Args:
-django_args: a dictionary with django's arguments
+django_args: a dictionary with django's arguments, not used
 Raises:
 AccessViolationResponse:
 * if a Google Account is currently logged in
 """
 if not self.id:
 return
 raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
-def checkIsUser(self, django_args):
+def checkIsUser(self, django_args=None):
 """Raises an alternate HTTP response if Google Account has no User entity.
 Args:
-django_args: a dictionary with django's arguments
+django_args: a dictionary with django's arguments, not used
 Raises:
 AccessViolationResponse:
 * if no User exists for the logged-in Google Account, or
 * if no Google Account is logged in at all
 * if User has not agreed to the site-wide ToS, if one exists
 """
-self.checkIsLoggedIn(django_args)
+self.checkIsLoggedIn()
 if not self.user:
 raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
 if user_logic.agreesToSiteToS(self.user):
 @allowDeveloper
 def checkIsUserSelf(self, django_args, field_name):
 """Checks whether the specified user is the logged in user.
 Args:
-django_args: the keyword args from django, only scope_path is used
+django_args: the keyword args from django, only field_name is used
 """
-self.checkIsUser(django_args)
+self.checkIsUser()
 if not field_name in django_args:
-self.deny(django_args)
+self.deny()
 if self.user.link_id == django_args[field_name]:
 return
 raise out_of_band.AccessViolation(DEF_NOT_YOUR_ENTITY_MSG)
-def checkIsUnusedAccount(self, django_args):
+def checkIsUnusedAccount(self, django_args=None):
 """Raises an alternate HTTP response if Google Account has a User entity.
 Args:
-django_args: a dictionary with django's arguments
+django_args: a dictionary with django's arguments, not used
 Raises:
 AccessViolationResponse:
 * if a User exists for the logged-in Google Account, or
 * if a User has this Gooogle Account in their formerAccounts list
 message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
 'email' : self.id.email()}
 raise out_of_band.LoginRequest(message_fmt=message_fmt)
-def checkHasUserEntity(self, django_args):
+def checkHasUserEntity(self, django_args=None):
 """Raises an alternate HTTP response if Google Account has no User entity.
 Args:
 django_args: a dictionary with django's arguments
 AccessViolationResponse:
 * if no User exists for the logged-in Google Account, or
 * if no Google Account is logged in at all
 """
-self.checkIsLoggedIn(django_args)
+self.checkIsLoggedIn()
-if not self.user:
+if self.user:
-raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
+return
-return
+raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG)
-def checkIsDeveloper(self, django_args):
+def checkIsDeveloper(self, django_args=None):
 """Raises an alternate HTTP response if Google Account is not a Developer.
 Args:
-django_args: a dictionary with django's arguments
+django_args: a dictionary with django's arguments, not used
 Raises:
 AccessViolationResponse:
 * if User is not a Developer, or
 * if no User exists for the logged-in Google Account, or
 @allowDeveloper
 @denySidebar
 def checkIsActivePeriod(self, django_args, period_name, key_name_arg):
 """Checks if the given period is active for the given program.
 Args:
 django_args: a dictionary with django's arguments.
 period_name: the name of the period which is checked.
 key_name_arg: the entry in django_args that specifies the given program
 keyname. If none is given the key_name is constructed from django_args
 def checkCanCreateOrgApp(self, django_args, period_name):
 """Checks to see if the program in the scope_path is accepting org apps
 """
 if 'seed' in django_args:
 return self.checkIsActivePeriod(django_args['seed'],
 period_name, 'scope_path')
 else:
 return
 @allowDeveloper
 def checkCanStudentPropose(self, django_args, key_location):
 """Checks if the program for this student accepts proposals.
 Args:
 django_args: a dictionary with django's arguments
 key_location: the key for django_args in which the key_name
 from the student is stored
 """
 self.checkIsUser(django_args)
 def checkIsStudent(self, django_args, key_location, status):
 """Checks if the current user is the given student.
 Args:
 django_args: a dictionary with django's arguments
 key_location: the key for django_args in which the key_name
 from the student is stored
 status: the allowed status for the student
 """
 self.checkIsUser(django_args)
 @allowDeveloper
 @denySidebar
 def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic):
 """Returns an alternate HTTP response if the user is not allowed to manage
 the role given in args.
 Args:
 role_logic: determines the logic for the role in args.
 manage_role_logic: determines the logic for the role which is allowed
 to manage this role.
 Raises:
 AccessViolationResponse: if the required authorization is not met
 Returns:
 None if the given role is active and belongs to the current user.
 None if the current User has an active role (from manage_role_logic)
 that belongs to the same scope as the role that needs to be managed
 """
 try:
 # check if it is my role the user's own role

changeset 1524	30ada09bdc6f
parent 1505	fd6dcb852688
child 1525	fe906cdbf0e9