771 |
771 |
772 Raises: |
772 Raises: |
773 AccessViolationResponse: if the required authorization is not met |
773 AccessViolationResponse: if the required authorization is not met |
774 |
774 |
775 Returns: |
775 Returns: |
776 None if the current User has no active role for the given role_logic. |
776 None if the current User has an active role for the given role_logic. |
777 """ |
777 """ |
778 |
778 |
779 if not self.user or self.user.link_id != django_args['link_id']: |
779 if not self.user or self.user.link_id != django_args['link_id']: |
780 # not my role |
780 # not my role |
781 self.deny(django_args) |
781 self.deny(django_args) |
782 |
782 |
783 fields = {'link_id': django_args['link_id'], |
783 fields = {'link_id': django_args['link_id'], |
784 'scope_path': django_args['scope_path'] |
784 'scope_path': django_args['scope_path'], |
785 } |
785 } |
786 |
786 |
787 role_entity = role_logic.logic.getForFields(fields, unique=True) |
787 role_entity = role_logic.logic.getFromFieldsOr404(**fields) |
788 |
788 |
789 if not role_entity: |
789 if role_entity.state != 'active': |
790 # no role found |
790 # role is not active |
791 self.deny(django_args) |
791 self.deny(django_args) |
792 |
792 |
793 if role_entity.state == 'active': |
793 |
794 # this role exist and is active |
794 @allowDeveloper |
795 return |
795 @denySidebar |
796 else: |
796 def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic): |
797 # this role is not active |
797 """Returns an alternate HTTP response if the user is not allowed to manage |
798 self.deny(django_args) |
798 the role given in args. |
|
799 |
|
800 Raises: |
|
801 AccessViolationResponse: if the required authorization is not met |
|
802 |
|
803 Returns: |
|
804 None if the current User has an active role for the given role_logic. |
|
805 None if the current User has an active managing role |
|
806 """ |
|
807 |
|
808 try: |
|
809 # check if it is my role the user's own role |
|
810 self.checkIsMyActiveRole(django_args, role_logic) |
|
811 except out_of_band.Error: |
|
812 pass |
|
813 |
|
814 # apparently it's not the user's role so check if managing this role is allowed |
|
815 fields = {'link_id': django_args['link_id'], |
|
816 'scope_path': django_args['scope_path'], |
|
817 } |
|
818 |
|
819 role_entity = role_logic.logic.getFromFieldsOr404(**fields) |
|
820 |
|
821 if role_entity.state != 'active': |
|
822 # cannot manage this entity |
|
823 self.deny(django_args) |
|
824 |
|
825 fields = {'link_id': self.user.link_id, |
|
826 'scope_path': django_args['scope_path'], |
|
827 'state' : 'active' |
|
828 } |
|
829 |
|
830 manage_entity = manage_role_logic.logic.getForFields(fields, unique=True) |
|
831 |
|
832 if not manage_entity: |
|
833 self.deny(django_args) |
|
834 |
|
835 return |
799 |
836 |
800 def checkHasPickGetArgs(self, django_args): |
837 def checkHasPickGetArgs(self, django_args): |
801 """Raises an alternate HTTP response if the request misses get args. |
838 """Raises an alternate HTTP response if the request misses get args. |
802 |
839 |
803 Args: |
840 Args: |