|
1 #!/usr/bin/python2.5 |
|
2 # |
|
3 # Copyright 2008 the Melange authors. |
|
4 # |
|
5 # Licensed under the Apache License, Version 2.0 (the "License"); |
|
6 # you may not use this file except in compliance with the License. |
|
7 # You may obtain a copy of the License at |
|
8 # |
|
9 # http://www.apache.org/licenses/LICENSE-2.0 |
|
10 # |
|
11 # Unless required by applicable law or agreed to in writing, software |
|
12 # distributed under the License is distributed on an "AS IS" BASIS, |
|
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
14 # See the License for the specific language governing permissions and |
|
15 # limitations under the License. |
|
16 |
|
17 """Access control helper. |
|
18 |
|
19 The functions in this module can be used to check access control |
|
20 related requirements. When the specified required conditions are not |
|
21 met, an exception is raised. This exception contains a views that |
|
22 either prompts for authentication, or informs the user that they |
|
23 do not meet the required criteria. |
|
24 """ |
|
25 |
|
26 __authors__ = [ |
|
27 '"Todd Larsen" <tlarsen@google.com>', |
|
28 '"Sverre Rabbelier" <sverre@rabbelier.nl>', |
|
29 '"Pawel Solyga" <pawel.solyga@gmail.com>', |
|
30 ] |
|
31 |
|
32 |
|
33 from google.appengine.api import users |
|
34 from django.utils.translation import ugettext_lazy |
|
35 |
|
36 import soc.logic.host |
|
37 import soc.logic.out_of_band |
|
38 |
|
39 from soc.views.simple import requestLogin |
|
40 from soc.logic.site import id_user |
|
41 |
|
42 |
|
43 DEF_LOGIN_TMPL = 'soc/login.html' |
|
44 |
|
45 DEF_LOGIN_MSG_FMT = ugettext_lazy( |
|
46 'Please <a href="%(sign_in)s">sign in</a> to continue.') |
|
47 |
|
48 DEF_NO_USER_LOGIN_MSG_FMT = ugettext_lazy( |
|
49 'Please create <a href="/user/profile">User Profile</a>' |
|
50 ' in order to view this page.') |
|
51 |
|
52 DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ( |
|
53 'Please <a href="%%(sign_out)s">sign out</a>' |
|
54 ' and <a href="%%(sign_in)s">sign in</a>' |
|
55 ' again as %(role)s to view this page.') |
|
56 |
|
57 |
|
58 def checkIsLoggedIn(request): |
|
59 """Returns an alternate HTTP response if Google Account is not logged in. |
|
60 |
|
61 Args: |
|
62 request: A Django HTTP request |
|
63 |
|
64 Raises: |
|
65 AccessViolationResponse: If the required authorization is not met. |
|
66 |
|
67 Returns: |
|
68 None if the user is logged in, or a subclass of |
|
69 django.http.HttpResponse which contains the alternate response |
|
70 that should be returned by the calling view. |
|
71 """ |
|
72 |
|
73 if users.get_current_user(): |
|
74 return |
|
75 |
|
76 login_request = requestLogin(request, DEF_LOGIN_TMPL, |
|
77 login_message_fmt=DEF_LOGIN_MSG_FMT) |
|
78 |
|
79 raise soc.logic.out_of_band.AccessViolationResponse(login_request) |
|
80 |
|
81 |
|
82 def checkIsUser(request): |
|
83 """Returns an alternate HTTP response if Google Account has no User entity. |
|
84 |
|
85 Args: |
|
86 request: A Django HTTP request |
|
87 |
|
88 Raises: |
|
89 AccessViolationResponse: If the required authorization is not met. |
|
90 |
|
91 Returns: |
|
92 None if User exists for id, or a subclass of |
|
93 django.http.HttpResponse which contains the alternate response |
|
94 should be returned by the calling view. |
|
95 """ |
|
96 |
|
97 checkIsLoggedIn(request) |
|
98 |
|
99 id = users.get_current_user() |
|
100 user = soc.logic.user_logic.getFromFields(email=id) |
|
101 |
|
102 if user: |
|
103 return |
|
104 |
|
105 login_request = requestLogin(request, DEF_LOGIN_TMPL, |
|
106 login_message_fmt=DEF_NO_USER_LOGIN_MSG_FMT) |
|
107 |
|
108 raise soc.logic.out_of_band.AccessViolationResponse(login_request) |
|
109 |
|
110 |
|
111 def checkIsDeveloper(request): |
|
112 """Returns an alternate HTTP response if Google Account is not a Developer. |
|
113 |
|
114 Args: |
|
115 request: A Django HTTP request |
|
116 |
|
117 Raises: |
|
118 AccessViolationResponse: If the required authorization is not met. |
|
119 |
|
120 Returns: |
|
121 None if id is logged in and logged-in user is a Developer, or a |
|
122 subclass of django.http.HttpResponse which contains the alternate |
|
123 response should be returned by the calling view. |
|
124 """ |
|
125 |
|
126 checkIsUser(request) |
|
127 |
|
128 id = users.get_current_user() |
|
129 |
|
130 if id_user.isIdDeveloper(id=id): |
|
131 return None |
|
132 |
|
133 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
|
134 'role' : 'a site developer ', |
|
135 } |
|
136 |
|
137 login_request = requestLogin(request, DEF_LOGIN_TMPL, |
|
138 login_message_fmt=login_message_fmt) |
|
139 |
|
140 raise soc.logic.out_of_band.AccessViolationResponse(login_request) |
|
141 |
|
142 |
|
143 def checkIsHost(request, program): |
|
144 """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. |
|
145 |
|
146 Args: |
|
147 request: A Django HTTP request |
|
148 |
|
149 Raises: |
|
150 AccessViolationResponse: If the required authorization is not met. |
|
151 |
|
152 Returns: |
|
153 None if Host exists for the specified program, or a subclass of |
|
154 django.http.HttpResponse which contains the alternate response |
|
155 should be returned by the calling view. |
|
156 """ |
|
157 |
|
158 checkIsUser(request) |
|
159 |
|
160 id = users.get_current_user() |
|
161 host = soc.logic.host.getHostFromProgram(id, program) |
|
162 |
|
163 if host: |
|
164 return |
|
165 |
|
166 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
|
167 'role' : 'a host for this program', |
|
168 } |
|
169 |
|
170 login_request = requestLogin(request, DEF_LOGIN_TMPL, |
|
171 login_message_fmt=login_message_fmt) |
|
172 |
|
173 raise soc.logic.out_of_band.AccessViolationResponse(login_request) |