56 DEF_CREATE_NEW_ENTITY_MSG = ugettext_lazy( |
56 DEF_CREATE_NEW_ENTITY_MSG = ugettext_lazy( |
57 ' You can create a new %(entity_type)s by visiting' |
57 ' You can create a new %(entity_type)s by visiting' |
58 ' <a href="%(create)s">Create ' |
58 ' <a href="%(create)s">Create ' |
59 'a New %(entity_type)s</a> page.') |
59 'a New %(entity_type)s</a> page.') |
60 |
60 |
61 def __init__(self, params=None, rights=None): |
61 def __init__(self, params=None): |
62 """ |
62 """ |
63 |
63 |
64 Args: |
64 Args: |
65 rights: This dictionary should be filled with the access check |
|
66 functions that should be called, it will be modified in-place. |
|
67 params: This dictionary should be filled with the parameters |
65 params: This dictionary should be filled with the parameters |
68 specific to this entity, required fields are: |
66 specific to this entity, required fields are: |
|
67 rights: This dictionary should be filled with the access check |
|
68 functions that should be called |
69 name: the name of the entity (names should have sentence-style caps) |
69 name: the name of the entity (names should have sentence-style caps) |
70 name_short: the short form name of the name ('org' vs 'organization') |
70 name_short: the short form name of the name ('org' vs 'organization') |
71 name_plural: the plural form of the name |
71 name_plural: the plural form of the name |
72 url_name: the name of the entity used in urls |
72 url_name: the name of the entity used in urls |
73 edit_form: the class of the Django form to be used when editing |
73 edit_form: the class of the Django form to be used when editing |
82 edit_params: the params to use when editing |
82 edit_params: the params to use when editing |
83 sidebar: the sidebar menu items for this view |
83 sidebar: the sidebar menu items for this view |
84 sidebar_defaults: a dictionary with defaults for the sidebar |
84 sidebar_defaults: a dictionary with defaults for the sidebar |
85 """ |
85 """ |
86 |
86 |
87 new_rights = {} |
87 rights = {} |
88 new_rights['any_access'] = [access.checkIsUser] |
88 rights['unspecified'] = [] |
|
89 rights['any_access'] = [access.checkIsUser] |
|
90 rights['create'] = [access.checkIsDeveloper] |
|
91 rights['delete'] = [access.checkIsDeveloper] |
|
92 rights['list'] = [access.checkIsDeveloper] |
89 |
93 |
90 new_params = {} |
94 new_params = {} |
|
95 new_params['rights'] = rights |
91 new_params['create_redirect'] = '/%s' % params['url_name'] |
96 new_params['create_redirect'] = '/%s' % params['url_name'] |
92 new_params['missing_redirect'] = '/%s/create' % params['url_name'] |
97 new_params['missing_redirect'] = '/%s/create' % params['url_name'] |
93 |
98 |
94 new_params['sidebar'] = None |
99 new_params['sidebar'] = None |
95 new_params['sidebar_defaults'] = [ |
100 new_params['sidebar_defaults'] = [ |
116 'soc.views.models.%s.list', 'List %(name_plural)s'), |
121 'soc.views.models.%s.list', 'List %(name_plural)s'), |
117 ] |
122 ] |
118 |
123 |
119 new_params['list_redirect_action'] = '/' + params['url_name'] + '/edit' |
124 new_params['list_redirect_action'] = '/' + params['url_name'] + '/edit' |
120 |
125 |
121 self._rights = dicts.merge(rights, new_rights) |
|
122 self._params = dicts.merge(params, new_params) |
126 self._params = dicts.merge(params, new_params) |
123 |
127 |
124 def public(self, request, page_name=None, params=None, **kwargs): |
128 def public(self, request, page_name=None, params=None, **kwargs): |
125 """Displays the public page for the entity specified by **kwargs. |
129 """Displays the public page for the entity specified by **kwargs. |
126 |
130 |
202 """ |
206 """ |
203 |
207 |
204 params = dicts.merge(params, self._params) |
208 params = dicts.merge(params, self._params) |
205 |
209 |
206 try: |
210 try: |
207 self.checkAccess('edit', request) |
211 self.checkAccess('edit', request, rights=params['rights']) |
208 except soc.views.out_of_band.AccessViolationResponse, alt_response: |
212 except soc.views.out_of_band.AccessViolationResponse, alt_response: |
209 return alt_response.response() |
213 return alt_response.response() |
210 |
214 |
211 context = helper.responses.getUniversalContext(request) |
215 context = helper.responses.getUniversalContext(request) |
212 context['page_name'] = page_name |
216 context['page_name'] = page_name |
433 seed: the fields to seed the create page with |
437 seed: the fields to seed the create page with |
434 """ |
438 """ |
435 |
439 |
436 pass |
440 pass |
437 |
441 |
438 def checkUnspecified(self, access_type, request): |
|
439 """Checks whether an unspecified access_type should be allowed. |
|
440 |
|
441 Args: |
|
442 access_type: the access type (such as 'list' or 'edit') that was |
|
443 not present in the _rights dictionary when checking. |
|
444 """ |
|
445 |
|
446 pass |
|
447 |
|
448 def _constructResponse(self, request, entity, context, form, params): |
442 def _constructResponse(self, request, entity, context, form, params): |
449 """Updates the context and returns a response for the specified arguments. |
443 """Updates the context and returns a response for the specified arguments. |
450 |
444 |
451 Args: |
445 Args: |
452 request: the django request object |
446 request: the django request object |
468 |
462 |
469 template = params['edit_template'] |
463 template = params['edit_template'] |
470 |
464 |
471 return helper.responses.respond(request, template, context) |
465 return helper.responses.respond(request, template, context) |
472 |
466 |
473 def checkAccess(self, access_type, request): |
467 def checkAccess(self, access_type, request, rights=None): |
474 """Runs all the defined checks for the specified type |
468 """Runs all the defined checks for the specified type |
475 |
469 |
476 Args: |
470 Args: |
477 access_type: the type of request (such as 'list' or 'edit') |
471 access_type: the type of request (such as 'list' or 'edit') |
478 request: the Django request object |
472 request: the Django request object |
481 True: If all the required access checks have been made successfully |
475 True: If all the required access checks have been made successfully |
482 False: If a check failed, in this case self._response will contain |
476 False: If a check failed, in this case self._response will contain |
483 the response provided by the failed access check. |
477 the response provided by the failed access check. |
484 """ |
478 """ |
485 |
479 |
|
480 rights = dicts.merge(rights, self._params['rights']) |
|
481 |
486 # Call each access checker |
482 # Call each access checker |
487 for check in self._rights['any_access']: |
483 for check in rights['any_access']: |
488 check(request) |
484 check(request) |
489 |
485 |
490 if access_type not in self._rights: |
486 if access_type not in rights: |
491 # No checks defined, so do the 'generic check' and bail out |
487 for check in rights['unspecified']: |
492 self.checkUnspecified(access_type, request) |
488 # No checks defined, so do the 'generic check' and bail out |
|
489 check(request, access_type) |
493 return |
490 return |
494 |
491 |
495 for check in self._rights[access_type]: |
492 for check in rights[access_type]: |
496 check(request) |
493 check(request) |
497 |
494 |
498 def collectCleanedFields(self, form): |
495 def collectCleanedFields(self, form): |
499 """Collects all cleaned fields and returns them with the key_name. |
496 """Collects all cleaned fields and returns them with the key_name. |
500 |
497 |