app/soc/views/helper/access.py
changeset 948 bd956f419ad9
parent 943 897d9efdb728
child 950 8f59df49985b
equal deleted inserted replaced
947:67b41a13587a 948:bd956f419ad9
   242   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   242   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   243       'role': 'a Site Developer '}
   243       'role': 'a Site Developer '}
   244 
   244 
   245   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   245   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   246 
   246 
       
   247 
   247 def checkCanCreateFromRequest(role_name):
   248 def checkCanCreateFromRequest(role_name):
   248   """Raises an alternate HTTP response if the specified request does not exist
   249   """Raises an alternate HTTP response if the specified request does not exist
   249      or if it's state is not group_accepted. 
   250      or if it's state is not group_accepted. 
   250   """
   251   """
   251   def wrapper(request, args, kwargs):
   252   def wrapper(request, args, kwargs):
   267       deny(request, args, kwargs)
   268       deny(request, args, kwargs)
   268 
   269 
   269     return
   270     return
   270   return wrapper
   271   return wrapper
   271 
   272 
       
   273 
   272 def checkIsMyGroupAcceptedRequest(request, args, kwargs):
   274 def checkIsMyGroupAcceptedRequest(request, args, kwargs):
   273   """Raises an alternate HTTP response if the specified request does not exist
   275   """Raises an alternate HTTP response if the specified request does not exist
   274      or if it's state is not group_accepted
   276      or if it's state is not group_accepted
   275   """
   277   """
   276   checkAgreesToSiteToS(request, args, kwargs)
   278   checkAgreesToSiteToS(request, args, kwargs)
   293 
   295 
   294   if request_entity.state != 'group_accepted':
   296   if request_entity.state != 'group_accepted':
   295     return deny(request, args, kwargs)
   297     return deny(request, args, kwargs)
   296 
   298 
   297   return
   299   return
       
   300 
   298 
   301 
   299 def checkIsHost(request, args, kwargs):
   302 def checkIsHost(request, args, kwargs):
   300   """Raises an alternate HTTP response if Google Account has no Host entity.
   303   """Raises an alternate HTTP response if Google Account has no Host entity.
   301 
   304 
   302   Args:
   305   Args:
   333   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   336   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   334       'role': 'a Program Administrator '}
   337       'role': 'a Program Administrator '}
   335 
   338 
   336   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   339   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   337 
   340 
       
   341 
   338 def checkIsHostForProgram(request, args, kwargs):
   342 def checkIsHostForProgram(request, args, kwargs):
   339   """Raises an alternate HTTP response if Google Account has no Host entity
   343   """Raises an alternate HTTP response if Google Account has no Host entity
   340      for the specified program.
   344      for the specified program.
   341 
   345 
   342   Args:
   346   Args:
   410   if club_admin_entity:
   414   if club_admin_entity:
   411     return
   415     return
   412 
   416 
   413   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   417   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   414       'role': 'a Club Admin for this Club'}
   418       'role': 'a Club Admin for this Club'}
   415 
       
   416   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
       
   417 
       
   418 
       
   419 def checkIsInvited(request, args, kwargs):
       
   420   """Returns an alternate HTTP response if Google Account has no Host entity
       
   421      for the specified program.
       
   422 
       
   423   Args:
       
   424     request: a Django HTTP request
       
   425 
       
   426    Raises:
       
   427      AccessViolationResponse: if the required authorization is not met
       
   428 
       
   429   Returns:
       
   430     None if Host exists for the specified program, or a subclass of
       
   431     django.http.HttpResponse which contains the alternate response
       
   432     should be returned by the calling view.
       
   433   """
       
   434 
       
   435   try:
       
   436     # if the current user is a developer we allow access
       
   437     checkIsDeveloper(request, args, kwargs)
       
   438     return
       
   439   except out_of_band.Error:
       
   440     pass
       
   441 
       
   442   checkAgreesToSiteToS(request, args, kwargs)
       
   443 
       
   444   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
       
   445       'role': 'a Program Administrator for this Program'}
       
   446 
       
   447   splitpath = request.path.split('/')
       
   448   splitpath = splitpath[1:] # cut off leading ''
       
   449 
       
   450   if len(splitpath) < 4:
       
   451     # TODO: perhaps this needs a better explanation?
       
   452     deny(request, args, kwargs)
       
   453 
       
   454   role = splitpath[0]
       
   455   group_id = splitpath[2]
       
   456   user_id = splitpath[3]
       
   457 
       
   458   user = user_logic.getForFields({'account': users.get_current_user()},
       
   459                                  unique=True)
       
   460 
       
   461   if user_id != user.link_id:
       
   462     # TODO: perhaps this needs a better explanation?
       
   463     deny(request, args, kwargs)
       
   464 
       
   465   properties = {
       
   466       'link_id': user_id,
       
   467       'role': role,
       
   468       'scope_path': group_id,
       
   469       'group_accepted': True,
       
   470       }
       
   471 
       
   472   request = request_logic.getForFields(properties, unique=True)
       
   473 
       
   474   if request:
       
   475     return
       
   476 
   419 
   477   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   420   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   478 
   421 
   479 
   422 
   480 def checkIsApplicationAccepted(app_logic):
   423 def checkIsApplicationAccepted(app_logic):
   606 
   549 
   607     # TODO(srabbelier) Make this give a proper error message
   550     # TODO(srabbelier) Make this give a proper error message
   608     deny(request, args, kwargs)
   551     deny(request, args, kwargs)
   609 
   552 
   610   return wrapper
   553   return wrapper
       
   554 
   611 
   555 
   612 def checkIsMyActiveRole(role_logic):
   556 def checkIsMyActiveRole(role_logic):
   613   """Returns an alternate HTTP response if there is no active role found for
   557   """Returns an alternate HTTP response if there is no active role found for
   614      the current user using the given role_logic.
   558      the current user using the given role_logic.
   615 
   559