36 from soc.logic import dicts |
36 from soc.logic import dicts |
37 from soc.logic import models |
37 from soc.logic import models |
38 from soc.models import linkable |
38 from soc.models import linkable |
39 from soc.views import helper |
39 from soc.views import helper |
40 from soc.views import out_of_band |
40 from soc.views import out_of_band |
|
41 from soc.views.helper import access |
|
42 from soc.views.helper import forms |
41 |
43 |
42 |
44 |
43 class View(object): |
45 class View(object): |
44 """Views for entity classes. |
46 """Views for entity classes. |
45 |
47 |
91 """ |
93 """ |
92 |
94 |
93 params = dicts.merge(params, self._params) |
95 params = dicts.merge(params, self._params) |
94 |
96 |
95 try: |
97 try: |
96 self.checkAccess('public', request, rights=params['rights']) |
98 access.checkAccess('public', request, rights=params['rights']) |
97 except out_of_band.Error, error: |
99 except out_of_band.Error, error: |
98 return error.response(request) |
100 return error.response(request) |
99 |
101 |
100 # create default template context for use with any templates |
102 # create default template context for use with any templates |
101 context = helper.responses.getUniversalContext(request) |
103 context = helper.responses.getUniversalContext(request) |
180 """ |
182 """ |
181 |
183 |
182 params = dicts.merge(params, self._params) |
184 params = dicts.merge(params, self._params) |
183 |
185 |
184 try: |
186 try: |
185 self.checkAccess('edit', request, rights=params['rights']) |
187 access.checkAccess('edit', request, rights=params['rights']) |
186 except out_of_band.Error, error: |
188 except out_of_band.Error, error: |
187 return error.response(request) |
189 return error.response(request) |
188 |
190 |
189 context = helper.responses.getUniversalContext(request) |
191 context = helper.responses.getUniversalContext(request) |
190 context['page_name'] = page_name |
192 context['page_name'] = page_name |
246 form = params['create_form'](request.POST) |
248 form = params['create_form'](request.POST) |
247 |
249 |
248 if not form.is_valid(): |
250 if not form.is_valid(): |
249 return self._constructResponse(request, entity, context, form, params) |
251 return self._constructResponse(request, entity, context, form, params) |
250 |
252 |
251 key_name, fields = self.collectCleanedFields(form) |
253 key_name, fields = forms.collectCleanedFields(form) |
252 |
254 |
253 request.path = params['edit_redirect'] |
255 request.path = params['edit_redirect'] |
254 self._editPost(request, entity, fields) |
256 self._editPost(request, entity, fields) |
255 |
257 |
256 if not key_name: |
258 if not key_name: |
357 """ |
359 """ |
358 |
360 |
359 params = dicts.merge(params, self._params) |
361 params = dicts.merge(params, self._params) |
360 |
362 |
361 try: |
363 try: |
362 self.checkAccess('list', request, rights=params['rights']) |
364 access.checkAccess('list', request, rights=params['rights']) |
363 except out_of_band.Error, error: |
365 except out_of_band.Error, error: |
364 return error.response(request) |
366 return error.response(request) |
365 |
367 |
366 content = helper.lists.getListContent(request, params, self._logic, filter) |
368 content = helper.lists.getListContent(request, params, self._logic, filter) |
367 contents = [content] |
369 contents = [content] |
421 """ |
423 """ |
422 |
424 |
423 params = dicts.merge(params, self._params) |
425 params = dicts.merge(params, self._params) |
424 |
426 |
425 try: |
427 try: |
426 self.checkAccess('delete', request, rights=params['rights']) |
428 access.checkAccess('delete', request, rights=params['rights']) |
427 except out_of_band.Error, error: |
429 except out_of_band.Error, error: |
428 return error.response(request) |
430 return error.response(request) |
429 |
431 |
430 # create default template context for use with any templates |
432 # create default template context for use with any templates |
431 context = helper.responses.getUniversalContext(request) |
433 context = helper.responses.getUniversalContext(request) |
539 else: |
541 else: |
540 template = params['create_template'] |
542 template = params['create_template'] |
541 |
543 |
542 return helper.responses.respond(request, template, context) |
544 return helper.responses.respond(request, template, context) |
543 |
545 |
544 def checkAccess(self, access_type, request, rights=None): |
|
545 """Runs all the defined checks for the specified type |
|
546 |
|
547 Args: |
|
548 access_type: the type of request (such as 'list' or 'edit') |
|
549 request: the Django request object |
|
550 rights: A dictionary containing access check functions |
|
551 |
|
552 Rights usage: The rights dictionary is used to check if the |
|
553 current user is allowed to view the page specified. The |
|
554 functions defined in this dictionary are always called with the |
|
555 django request object as argument. |
|
556 On any request, regardless of what type, the functions in the |
|
557 'any_access' value are called. |
|
558 If the specified type is not in the rights dictionary, all the |
|
559 functions in the 'unspecified' value are called. |
|
560 When the specified type _is_ in the rights dictionary, all the |
|
561 functions in that access_type's value are called. |
|
562 |
|
563 Returns: |
|
564 True: If all the required access checks have been made successfully |
|
565 False: If a check failed, in this case self._response will contain |
|
566 the response provided by the failed access check. |
|
567 """ |
|
568 |
|
569 rights = dicts.merge(rights, self._params['rights']) |
|
570 |
|
571 # Call each access checker |
|
572 for check in rights['any_access']: |
|
573 check(request) |
|
574 |
|
575 if access_type not in rights: |
|
576 for check in rights['unspecified']: |
|
577 # No checks defined, so do the 'generic' checks and bail out |
|
578 check(request) |
|
579 return |
|
580 |
|
581 for check in rights[access_type]: |
|
582 check(request) |
|
583 |
|
584 def collectCleanedFields(self, form): |
|
585 """Collects all cleaned fields and returns them with the key_name. |
|
586 |
|
587 Args: |
|
588 form: The form from which the cleaned fields should be collected |
|
589 |
|
590 Returns: All the fields that are in the form's cleaned_data |
|
591 property are returned. If there is a key_name field, it is not |
|
592 included in the returend fields, instead, it is returned as the |
|
593 first element in the returned tuple. If no key_name field is |
|
594 present, None is returned as first value instead. |
|
595 """ |
|
596 |
|
597 fields = {} |
|
598 |
|
599 key_name = None |
|
600 if 'key_name' in form.cleaned_data: |
|
601 key_name = form.cleaned_data.pop('key_name') |
|
602 |
|
603 for field, value in form.cleaned_data.iteritems(): |
|
604 fields[field] = value |
|
605 |
|
606 return key_name, fields |
|
607 |
|
608 def getKeyFieldsPattern(self, params): |
546 def getKeyFieldsPattern(self, params): |
609 """Returns the Django pattern for this View's entity |
547 """Returns the Django pattern for this View's entity |
610 |
548 |
611 Params usage: |
549 Params usage: |
612 key_fields_prefix: The key_fields_prefix value is used as the |
550 key_fields_prefix: The key_fields_prefix value is used as the |