387 self.checkIsUser(django_args) |
387 self.checkIsUser(django_args) |
388 |
388 |
389 user_entity = user_logic.getForCurrentAccount() |
389 user_entity = user_logic.getForCurrentAccount() |
390 |
390 |
391 if user_entity.link_id != django_args['link_id']: |
391 if user_entity.link_id != django_args['link_id']: |
392 deny(django_args) |
392 self.deny(django_args) |
393 |
393 |
394 fields = {'link_id': django_args['link_id'], |
394 fields = {'link_id': django_args['link_id'], |
395 'scope_path': django_args['scope_path'], |
395 'scope_path': django_args['scope_path'], |
396 'role': role_name} |
396 'role': role_name} |
397 |
397 |
398 request_entity = request_logic.getFromFieldsOr404(**fields) |
398 request_entity = request_logic.getFromFieldsOr404(**fields) |
399 |
399 |
400 if request_entity.state != 'group_accepted': |
400 if request_entity.state != 'group_accepted': |
401 # TODO tell the user that this request has not been accepted yet |
401 # TODO tell the user that this request has not been accepted yet |
402 deny(django_args) |
402 self.deny(django_args) |
403 |
403 |
404 return |
404 return |
405 |
405 |
406 def checkCanProcessRequest(self, django_args, role_name): |
406 def checkCanProcessRequest(self, django_args, role_name): |
407 """Raises an alternate HTTP response if the specified request does not exist |
407 """Raises an alternate HTTP response if the specified request does not exist |
414 |
414 |
415 request_entity = request_logic.getFromFieldsOr404(**fields) |
415 request_entity = request_logic.getFromFieldsOr404(**fields) |
416 |
416 |
417 if request_entity.state in ['completed', 'denied']: |
417 if request_entity.state in ['completed', 'denied']: |
418 # TODO tell the user that this request has been processed |
418 # TODO tell the user that this request has been processed |
419 deny(django_args) |
419 self.deny(django_args) |
420 |
420 |
421 return |
421 return |
422 |
422 |
423 def checkIsMyGroupAcceptedRequest(self, django_args): |
423 def checkIsMyGroupAcceptedRequest(self, django_args): |
424 """Raises an alternate HTTP response if the specified request does not exist |
424 """Raises an alternate HTTP response if the specified request does not exist |
429 |
429 |
430 user_entity = user_logic.getForCurrentAccount() |
430 user_entity = user_logic.getForCurrentAccount() |
431 |
431 |
432 if user_entity.link_id != django_args['link_id']: |
432 if user_entity.link_id != django_args['link_id']: |
433 # not the current user's request |
433 # not the current user's request |
434 return deny(django_args) |
434 self.deny(django_args) |
435 |
435 |
436 fields = {'link_id': django_args['link_id'], |
436 fields = {'link_id': django_args['link_id'], |
437 'scope_path': django_args['scope_path'], |
437 'scope_path': django_args['scope_path'], |
438 'role': django_args['role']} |
438 'role': django_args['role']} |
439 |
439 |
440 request_entity = request_logic.getForFields(fields, unique=True) |
440 request_entity = request_logic.getForFields(fields, unique=True) |
441 |
441 |
442 if not request_entity: |
442 if not request_entity: |
443 # TODO return 404 |
443 # TODO return 404 |
444 return deny(django_args) |
444 self.deny(django_args) |
445 |
445 |
446 if request_entity.state != 'group_accepted': |
446 if request_entity.state != 'group_accepted': |
447 return deny(django_args) |
447 self.deny(django_args) |
448 |
448 |
449 return |
449 return |
450 |
450 |
451 @denySidebar |
451 @denySidebar |
452 @allowDeveloper |
452 @allowDeveloper |
494 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
494 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
495 'role': 'a Program Administrator '} |
495 'role': 'a Program Administrator '} |
496 |
496 |
497 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
497 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
498 |
498 |
|
499 @allowDeveloper |
499 def checkIsHostForSponsor(self, django_args): |
500 def checkIsHostForSponsor(self, django_args): |
500 """Raises an alternate HTTP response if Google Account has no Host entity |
501 """Raises an alternate HTTP response if Google Account has no Host entity |
501 for the specified Sponsor. |
502 for the specified Sponsor. |
502 |
503 |
503 Args: |
504 Args: |
604 |
605 |
605 if application: |
606 if application: |
606 return |
607 return |
607 |
608 |
608 # TODO(srabbelier) Make this give a proper error message |
609 # TODO(srabbelier) Make this give a proper error message |
609 deny(django_args) |
610 self.deny(django_args) |
610 |
611 |
611 @allowDeveloper |
612 @allowDeveloper |
612 def checkIsMyNotification(self, django_args): |
613 def checkIsMyNotification(self, django_args): |
613 """Returns an alternate HTTP response if this request is for |
614 """Returns an alternate HTTP response if this request is for |
614 a Notification belonging to the current user. |
615 a Notification belonging to the current user. |
635 # if the keys are equal (which is what we want). |
636 # if the keys are equal (which is what we want). |
636 if user.key() == notification.scope.key(): |
637 if user.key() == notification.scope.key(): |
637 return None |
638 return None |
638 |
639 |
639 # TODO(ljvderijk) Make this give a proper error message |
640 # TODO(ljvderijk) Make this give a proper error message |
640 deny(django_args) |
641 self.deny(django_args) |
641 |
642 |
642 @allowDeveloper |
643 @allowDeveloper |
643 def checkIsMyApplication(self, django_args, app_logic): |
644 def checkIsMyApplication(self, django_args, app_logic): |
644 """Returns an alternate HTTP response if this request is for |
645 """Returns an alternate HTTP response if this request is for |
645 a Application belonging to the current user. |
646 a Application belonging to the current user. |
659 properties = dicts.filter(django_args, ['link_id']) |
660 properties = dicts.filter(django_args, ['link_id']) |
660 |
661 |
661 application = app_logic.logic.getForFields(properties, unique=True) |
662 application = app_logic.logic.getForFields(properties, unique=True) |
662 |
663 |
663 if not application: |
664 if not application: |
664 deny(django_args) |
665 self.deny(django_args) |
665 |
|
666 user = user_logic.getForCurrentAccount() |
|
667 |
666 |
668 # We need to check to see if the key's are equal since the User |
667 # We need to check to see if the key's are equal since the User |
669 # objects are different and the default __eq__ method does not check |
668 # objects are different and the default __eq__ method does not check |
670 # if the keys are equal (which is what we want). |
669 # if the keys are equal (which is what we want). |
671 if user.key() == application.applicant.key(): |
670 if self.user.key() == application.applicant.key(): |
672 return None |
671 return None |
673 |
672 |
674 # TODO(srabbelier) Make this give a proper error message |
673 # TODO(srabbelier) Make this give a proper error message |
675 deny(django_args) |
674 self.deny(django_args) |
676 |
675 |
677 @allowDeveloper |
676 @allowDeveloper |
678 def checkIsMyActiveRole(self, django_args, role_logic): |
677 def checkIsMyActiveRole(self, django_args, role_logic): |
679 """Returns an alternate HTTP response if there is no active role found for |
678 """Returns an alternate HTTP response if there is no active role found for |
680 the current user using the given role_logic. |
679 the current user using the given role_logic. |
684 |
683 |
685 Returns: |
684 Returns: |
686 None if the current User has no active role for the given role_logic. |
685 None if the current User has no active role for the given role_logic. |
687 """ |
686 """ |
688 |
687 |
689 user = user_logic.getForCurrentAccount() |
688 if not self.user or self.user.link_id != django_args['link_id']: |
690 |
|
691 if not user or user.link_id != django_args['link_id']: |
|
692 # not my role |
689 # not my role |
693 deny(django_args) |
690 self.deny(django_args) |
694 |
691 |
695 fields = {'link_id': django_args['link_id'], |
692 fields = {'link_id': django_args['link_id'], |
696 'scope_path': django_args['scope_path'] |
693 'scope_path': django_args['scope_path'] |
697 } |
694 } |
698 |
695 |
699 role_entity = role_logic.logic.getForFields(fields, unique=True) |
696 role_entity = role_logic.logic.getForFields(fields, unique=True) |
700 |
697 |
701 if not role_entity: |
698 if not role_entity: |
702 # no role found |
699 # no role found |
703 deny(django_args) |
700 self.deny(django_args) |
704 |
701 |
705 if role_entity.state == 'active': |
702 if role_entity.state == 'active': |
706 # this role exist and is active |
703 # this role exist and is active |
707 return |
704 return |
708 else: |
705 else: |
709 # this role is not active |
706 # this role is not active |
710 deny(django_args) |
707 self.deny(django_args) |
711 |
708 |
712 def checkHasPickGetArgs(self, django_args): |
709 def checkHasPickGetArgs(self, django_args): |
713 """Raises an alternate HTTP response if the request misses get args. |
710 """Raises an alternate HTTP response if the request misses get args. |
714 |
711 |
715 Args: |
712 Args: |
725 |
722 |
726 if 'continue' in get_args and 'field' in get_args: |
723 if 'continue' in get_args and 'field' in get_args: |
727 return |
724 return |
728 |
725 |
729 #TODO(SRabbelier) inform user that return_url and field are required |
726 #TODO(SRabbelier) inform user that return_url and field are required |
730 deny(django_args) |
727 self.deny(django_args) |
731 |
728 |
732 def checkIsDocumentPublic(self, django_args): |
729 def checkIsDocumentPublic(self, django_args): |
733 """Checks whether a document is public. |
730 """Checks whether a document is public. |
734 |
731 |
735 Args: |
732 Args: |
736 django_args: a dictionary with django's arguments |
733 django_args: a dictionary with django's arguments |
737 """ |
734 """ |
738 |
735 |
739 # TODO(srabbelier): A proper check needs to be done to see if the document |
736 # TODO(srabbelier): A proper check needs to be done to see if the document |
740 # is public or not, probably involving analysing it's scope or such. |
737 # is public or not, probably involving analysing it's scope or such. |
741 allow(django_args) |
738 self.allow(django_args) |