630 ordening = document_model.Document.DOCUMENT_ACCESS |
630 ordening = document_model.Document.DOCUMENT_ACCESS |
631 if ordening.index(read_access) < ordening.index(write_access): |
631 if ordening.index(read_access) < ordening.index(write_access): |
632 raise forms.ValidationError( |
632 raise forms.ValidationError( |
633 "Read access should be less strict than write access.") |
633 "Read access should be less strict than write access.") |
634 |
634 |
635 validate_access(self, view, 'read_access') |
635 params = view.getParams() |
636 validate_access(self, view, 'write_access') |
636 rights = params['rights'] |
|
637 |
|
638 user = user_logic.getForCurrentAccount() |
|
639 |
|
640 rights.setCurrentUser(user.account, user) |
|
641 |
|
642 prefix = self.cleaned_data['prefix'] |
|
643 scope_path = self.cleaned_data['scope_path'] |
|
644 |
|
645 validate_access(self, view, rights, prefix, scope_path, 'read_access') |
|
646 validate_access(self, view, rights, prefix, scope_path, 'write_access') |
|
647 |
|
648 if creating and not has_access(rights, 'restricted', scope_path, prefix): |
|
649 raise forms.ValidationError( |
|
650 "You do not have the required access to create this document.") |
637 |
651 |
638 return cleaned_data |
652 return cleaned_data |
639 |
653 |
640 return wrapper |
654 return wrapper |
641 |
655 |
642 def validate_access(self, view, field): |
656 |
643 """Validates that the user has access to the ACL for the specified fields. |
657 def has_access(rights, access_level, scope_path, prefix): |
644 """ |
658 """Checks whether the current user has the required access. |
645 |
659 """ |
646 access_level = self.cleaned_data[field] |
660 |
647 prefix = self.cleaned_data['prefix'] |
|
648 scope_path = self.cleaned_data['scope_path'] |
|
649 |
|
650 params = view.getParams() |
|
651 rights = params['rights'] |
|
652 |
|
653 user = user_logic.getForCurrentAccount() |
|
654 |
|
655 rights.setCurrentUser(user.account, user) |
|
656 checker = rights_logic.Checker(prefix) |
661 checker = rights_logic.Checker(prefix) |
657 |
|
658 roles = checker.getMembership(access_level) |
662 roles = checker.getMembership(access_level) |
659 |
663 |
660 django_args = { |
664 django_args = { |
661 'scope_path': scope_path, |
665 'scope_path': scope_path, |
662 'prefix': prefix |
666 'prefix': prefix, |
663 } |
667 } |
664 |
668 |
665 if not rights.hasMembership(roles, django_args): |
669 return rights.hasMembership(roles, django_args) |
|
670 |
|
671 def validate_access(self, view, rights, prefix, scope_path, field): |
|
672 """Validates that the user has access to the ACL for the specified fields. |
|
673 """ |
|
674 |
|
675 access_level = self.cleaned_data[field] |
|
676 |
|
677 if not has_access(rights, access_level, scope_path, prefix): |
666 self._errors[field] = ErrorList([DEF_NO_RIGHTS_FOR_ACL_MSG]) |
678 self._errors[field] = ErrorList([DEF_NO_RIGHTS_FOR_ACL_MSG]) |
667 del self.cleaned_data[field] |
679 del self.cleaned_data[field] |