242 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
242 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
243 'role': 'a Site Developer '} |
243 'role': 'a Site Developer '} |
244 |
244 |
245 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
245 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
246 |
246 |
|
247 |
247 def checkCanCreateFromRequest(role_name): |
248 def checkCanCreateFromRequest(role_name): |
248 """Raises an alternate HTTP response if the specified request does not exist |
249 """Raises an alternate HTTP response if the specified request does not exist |
249 or if it's state is not group_accepted. |
250 or if it's state is not group_accepted. |
250 """ |
251 """ |
251 def wrapper(request, args, kwargs): |
252 def wrapper(request, args, kwargs): |
267 deny(request, args, kwargs) |
268 deny(request, args, kwargs) |
268 |
269 |
269 return |
270 return |
270 return wrapper |
271 return wrapper |
271 |
272 |
|
273 |
272 def checkIsMyGroupAcceptedRequest(request, args, kwargs): |
274 def checkIsMyGroupAcceptedRequest(request, args, kwargs): |
273 """Raises an alternate HTTP response if the specified request does not exist |
275 """Raises an alternate HTTP response if the specified request does not exist |
274 or if it's state is not group_accepted |
276 or if it's state is not group_accepted |
275 """ |
277 """ |
276 checkAgreesToSiteToS(request, args, kwargs) |
278 checkAgreesToSiteToS(request, args, kwargs) |
293 |
295 |
294 if request_entity.state != 'group_accepted': |
296 if request_entity.state != 'group_accepted': |
295 return deny(request, args, kwargs) |
297 return deny(request, args, kwargs) |
296 |
298 |
297 return |
299 return |
|
300 |
298 |
301 |
299 def checkIsHost(request, args, kwargs): |
302 def checkIsHost(request, args, kwargs): |
300 """Raises an alternate HTTP response if Google Account has no Host entity. |
303 """Raises an alternate HTTP response if Google Account has no Host entity. |
301 |
304 |
302 Args: |
305 Args: |
333 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
336 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
334 'role': 'a Program Administrator '} |
337 'role': 'a Program Administrator '} |
335 |
338 |
336 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
339 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
337 |
340 |
|
341 |
338 def checkIsHostForProgram(request, args, kwargs): |
342 def checkIsHostForProgram(request, args, kwargs): |
339 """Raises an alternate HTTP response if Google Account has no Host entity |
343 """Raises an alternate HTTP response if Google Account has no Host entity |
340 for the specified program. |
344 for the specified program. |
341 |
345 |
342 Args: |
346 Args: |
410 if club_admin_entity: |
414 if club_admin_entity: |
411 return |
415 return |
412 |
416 |
413 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
417 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
414 'role': 'a Club Admin for this Club'} |
418 'role': 'a Club Admin for this Club'} |
415 |
|
416 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
|
417 |
|
418 |
|
419 def checkIsInvited(request, args, kwargs): |
|
420 """Returns an alternate HTTP response if Google Account has no Host entity |
|
421 for the specified program. |
|
422 |
|
423 Args: |
|
424 request: a Django HTTP request |
|
425 |
|
426 Raises: |
|
427 AccessViolationResponse: if the required authorization is not met |
|
428 |
|
429 Returns: |
|
430 None if Host exists for the specified program, or a subclass of |
|
431 django.http.HttpResponse which contains the alternate response |
|
432 should be returned by the calling view. |
|
433 """ |
|
434 |
|
435 try: |
|
436 # if the current user is a developer we allow access |
|
437 checkIsDeveloper(request, args, kwargs) |
|
438 return |
|
439 except out_of_band.Error: |
|
440 pass |
|
441 |
|
442 checkAgreesToSiteToS(request, args, kwargs) |
|
443 |
|
444 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
|
445 'role': 'a Program Administrator for this Program'} |
|
446 |
|
447 splitpath = request.path.split('/') |
|
448 splitpath = splitpath[1:] # cut off leading '' |
|
449 |
|
450 if len(splitpath) < 4: |
|
451 # TODO: perhaps this needs a better explanation? |
|
452 deny(request, args, kwargs) |
|
453 |
|
454 role = splitpath[0] |
|
455 group_id = splitpath[2] |
|
456 user_id = splitpath[3] |
|
457 |
|
458 user = user_logic.getForFields({'account': users.get_current_user()}, |
|
459 unique=True) |
|
460 |
|
461 if user_id != user.link_id: |
|
462 # TODO: perhaps this needs a better explanation? |
|
463 deny(request, args, kwargs) |
|
464 |
|
465 properties = { |
|
466 'link_id': user_id, |
|
467 'role': role, |
|
468 'scope_path': group_id, |
|
469 'group_accepted': True, |
|
470 } |
|
471 |
|
472 request = request_logic.getForFields(properties, unique=True) |
|
473 |
|
474 if request: |
|
475 return |
|
476 |
419 |
477 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
420 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
478 |
421 |
479 |
422 |
480 def checkIsApplicationAccepted(app_logic): |
423 def checkIsApplicationAccepted(app_logic): |
606 |
549 |
607 # TODO(srabbelier) Make this give a proper error message |
550 # TODO(srabbelier) Make this give a proper error message |
608 deny(request, args, kwargs) |
551 deny(request, args, kwargs) |
609 |
552 |
610 return wrapper |
553 return wrapper |
|
554 |
611 |
555 |
612 def checkIsMyActiveRole(role_logic): |
556 def checkIsMyActiveRole(role_logic): |
613 """Returns an alternate HTTP response if there is no active role found for |
557 """Returns an alternate HTTP response if there is no active role found for |
614 the current user using the given role_logic. |
558 the current user using the given role_logic. |
615 |
559 |