182 rather then modifying rights directly if so desired. |
182 rather then modifying rights directly if so desired. |
183 """ |
183 """ |
184 |
184 |
185 MEMBERSHIP = { |
185 MEMBERSHIP = { |
186 'anyone': 'allow', |
186 'anyone': 'allow', |
187 'club_admin': ('checkHasRole', club_admin_logic), |
187 'club_admin': ('checkHasActiveRole', club_admin_logic), |
188 'club_member': ('checkHasRole', club_member_logic), |
188 'club_member': ('checkHasActiveRole', club_member_logic), |
189 'host': ('checkHasRole', host_logic), |
189 'host': ('checkHasActiveRole', host_logic), |
190 'org_admin': ('checkHasRole', org_admin_logic), |
190 'org_admin': ('checkHasActiveRole', org_admin_logic), |
191 'org_mentor': ('checkHasRole', mentor_logic), |
191 'org_mentor': ('checkHasActiveRole', mentor_logic), |
192 'org_student': 'deny', #('checkHasRole', student_logic), |
192 'org_student': 'deny', #('checkHasActiveRole', student_logic), |
193 'user': 'checkIsUser', |
193 'user': 'checkIsUser', |
194 'user_self': ('checkIsUserSelf', 'scope_path'), |
194 'user_self': ('checkIsUserSelf', 'scope_path'), |
195 } |
195 } |
196 |
196 |
197 def __init__(self, params): |
197 def __init__(self, params): |
568 if entity: |
568 if entity: |
569 return |
569 return |
570 |
570 |
571 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG) |
571 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG) |
572 |
572 |
573 def checkHasRole(self, django_args, logic, field_name=None): |
573 def checkHasActiveRole(self, django_args, logic, field_name=None): |
574 """Checks that the user has the specified role. |
574 """Checks that the user has the specified active role. |
575 """ |
575 """ |
576 |
576 |
577 if not field_name: |
577 if not field_name: |
578 field_name = 'scope_path' |
578 field_name = 'scope_path' |
579 |
579 |
672 |
672 |
673 if not program or program.status == 'invalid': |
673 if not program or program.status == 'invalid': |
674 self.deny(django_args) |
674 self.deny(django_args) |
675 |
675 |
676 new_args = {'scope_path': program.scope_path } |
676 new_args = {'scope_path': program.scope_path } |
677 self.checkHasRole(new_args, host_logic) |
677 self.checkHasActiveRole(new_args, host_logic) |
678 |
678 |
679 |
679 |
680 @allowDeveloper |
680 @allowDeveloper |
681 def checkCanEditGroupApp(self, django_args, group_app_logic): |
681 def checkCanEditGroupApp(self, django_args, group_app_logic): |
682 """Checks if the group_app in args is valid to be edited by the current user. |
682 """Checks if the group_app in args is valid to be edited by the current user. |
806 that belongs to the same scope as the role that needs to be managed |
806 that belongs to the same scope as the role that needs to be managed |
807 """ |
807 """ |
808 |
808 |
809 try: |
809 try: |
810 # check if it is my role the user's own role |
810 # check if it is my role the user's own role |
811 self.checkHasRole(django_args, role_logic) |
811 self.checkHasActiveRole(django_args, role_logic) |
812 except out_of_band.Error: |
812 except out_of_band.Error: |
813 pass |
813 pass |
814 |
814 |
815 # apparently it's not the user's role so check if managing this role is allowed |
815 # apparently it's not the user's role so check if managing this role is allowed |
816 fields = { |
816 fields = { |