340 return |
340 return |
341 except out_of_band.Error: |
341 except out_of_band.Error: |
342 pass |
342 pass |
343 |
343 |
344 checkIsUser(request) |
344 checkIsUser(request) |
345 |
345 |
346 splitpath = request.path.split('/') |
346 # Mine the url for params |
347 splitpath = splitpath[1:] # cut off leading '' |
347 try: |
348 |
348 callback, args, kwargs = urlresolvers.resolve(request.path) |
349 # get the notification scope (user link_id) from the request path |
349 except Exception: |
350 user_link_id = splitpath[2] |
350 deny(request) |
351 # get the notification link_id from the request path |
351 |
352 notification_link_id = splitpath[3] |
352 properties = dicts.filter(kwargs, ['link_id', 'scope_path']) |
353 |
353 |
354 properties = { |
|
355 'link_id': notification_link_id, |
|
356 'scope_path': user_link_id, |
|
357 } |
|
358 |
|
359 notification = notification_logic.logic.getForFields(properties, unique=True) |
354 notification = notification_logic.logic.getForFields(properties, unique=True) |
360 |
|
361 user = user_logic.logic.getForCurrentAccount() |
355 user = user_logic.logic.getForCurrentAccount() |
362 |
356 |
363 # check if the key of the current user matches the key from the scope of the message |
357 # We need to check to see if the key's are equal since the User |
|
358 # objects are different and the default __eq__ method does not check |
|
359 # if the keys are equal (which is what we want). |
364 if user.key() == notification.scope.key(): |
360 if user.key() == notification.scope.key(): |
365 # access granted |
|
366 return None |
361 return None |
367 else: |
362 |
368 # access denied |
363 # TODO(ljvderijk) Make this give a proper error message |
369 deny(request) |
364 deny(request) |
370 |
365 |
371 def checkCanInvite(request): |
366 def checkCanInvite(request): |
372 """Checks to see if the current user can create an invite |
367 """Checks to see if the current user can create an invite |
373 |
368 |
374 Note that if the current url is not in the default 'request' form |
369 Note that if the current url is not in the default 'request' form |