29 from django import forms |
29 from django import forms |
30 from django.forms.util import ErrorList |
30 from django.forms.util import ErrorList |
31 from django.utils.translation import ugettext |
31 from django.utils.translation import ugettext |
32 |
32 |
33 from soc.logic import validate |
33 from soc.logic import validate |
|
34 from soc.logic import rights as rights_logic |
34 from soc.logic.models import site as site_logic |
35 from soc.logic.models import site as site_logic |
35 from soc.logic.models import user as user_logic |
36 from soc.logic.models import user as user_logic |
|
37 from soc.models import document as document_model |
36 |
38 |
37 |
39 |
38 DEF_LINK_ID_IN_USE_MSG = ugettext( |
40 DEF_LINK_ID_IN_USE_MSG = ugettext( |
39 'This link ID is already in use, please specify another one') |
41 'This link ID is already in use, please specify another one') |
|
42 |
|
43 DEF_NO_RIGHTS_FOR_ACL_MSG = ugettext( |
|
44 'You do not have the required rights for that ACL.') |
40 |
45 |
41 |
46 |
42 def check_field_is_empty(field_name): |
47 def check_field_is_empty(field_name): |
43 """Returns decorator that bypasses cleaning for empty fields. |
48 """Returns decorator that bypasses cleaning for empty fields. |
44 """ |
49 """ |
326 # return the new cleaned_data |
331 # return the new cleaned_data |
327 return cleaned_data |
332 return cleaned_data |
328 |
333 |
329 return cleaned_data |
334 return cleaned_data |
330 return wrapper |
335 return wrapper |
|
336 |
|
337 |
|
338 def validate_document_acl(view): |
|
339 """Validates that the document ACL settings are correct. |
|
340 """ |
|
341 |
|
342 def wrapper(self): |
|
343 cleaned_data = self.cleaned_data |
|
344 read_access = cleaned_data.get('read_access') |
|
345 write_access = cleaned_data.get('write_access') |
|
346 |
|
347 if not (read_access and write_access and ('prefix' in cleaned_data)): |
|
348 return cleaned_data |
|
349 |
|
350 if read_access != 'public': |
|
351 ordening = document_model.Document.DOCUMENT_ACCESS |
|
352 if ordening.index(read_access) < ordening.index(write_access): |
|
353 raise forms.ValidationError( |
|
354 "Read access should be less strict than write access.") |
|
355 |
|
356 validate_access(self, view, 'read_access') |
|
357 validate_access(self, view, 'write_access') |
|
358 |
|
359 return cleaned_data |
|
360 |
|
361 return wrapper |
|
362 |
|
363 def validate_access(self, view, field): |
|
364 """Validates that the user has access to the ACL for the specified fields. |
|
365 """ |
|
366 |
|
367 access_level = self.cleaned_data[field] |
|
368 prefix = self.cleaned_data['prefix'] |
|
369 |
|
370 params = view.getParams() |
|
371 rights = params['rights'] |
|
372 |
|
373 user = user_logic.logic.getForCurrentAccount() |
|
374 |
|
375 rights.setCurrentUser(user.account, user) |
|
376 checker = rights_logic.Checker(prefix) |
|
377 |
|
378 roles = checker.getMembership(access_level) |
|
379 |
|
380 if not rights.hasMembership(roles, {}): |
|
381 self._errors[field] = ErrorList([DEF_NO_RIGHTS_FOR_ACL_MSG]) |
|
382 del self.cleaned_data[field] |