38 |
38 |
39 from soc.logic import accounts |
39 from soc.logic import accounts |
40 from soc.logic import dicts |
40 from soc.logic import dicts |
41 from soc.logic.models import host as host_logic |
41 from soc.logic.models import host as host_logic |
42 from soc.logic.models import notification as notification_logic |
42 from soc.logic.models import notification as notification_logic |
43 from soc.logic.models import club_app as club_app_logic |
|
44 from soc.logic.models import user as user_logic |
43 from soc.logic.models import user as user_logic |
45 from soc.logic.models import request as request_logic |
44 from soc.logic.models import request as request_logic |
46 from soc.views import helper |
45 from soc.views import helper |
47 from soc.views import out_of_band |
46 from soc.views import out_of_band |
48 |
47 |
368 |
367 |
369 Returns: |
368 Returns: |
370 None if Club App exists for the specified program, or a subclass |
369 None if Club App exists for the specified program, or a subclass |
371 of django.http.HttpResponse which contains the alternate response |
370 of django.http.HttpResponse which contains the alternate response |
372 should be returned by the calling view. |
371 should be returned by the calling view. |
373 """ |
|
374 |
|
375 try: |
|
376 # if the current user is a developer we allow access |
|
377 checkIsDeveloper(request, args, kwargs) |
|
378 return |
|
379 except out_of_band.Error: |
|
380 pass |
|
381 |
|
382 checkIsUser(request, args, kwargs) |
|
383 |
|
384 user = user_logic.logic.getForCurrentAccount() |
|
385 |
|
386 properties = { |
|
387 'applicant': user, |
|
388 'reviewed': True, |
|
389 'accepted': True, |
|
390 'application_completed': False, |
|
391 } |
|
392 |
|
393 club_app = club_app_logic.logic.getForFields(properties, unique=True) |
|
394 |
|
395 if club_app: |
|
396 return |
|
397 |
|
398 # TODO(srabbelier) Make this give a proper error message |
|
399 deny(request, args, kwargs) |
|
400 |
|
401 |
|
402 def checkIsMyNotification(request, args, kwargs): |
|
403 """Returns an alternate HTTP response if this request is for a Notification belonging |
|
404 to the current user. |
|
405 |
|
406 Args: |
|
407 request: a Django HTTP request |
|
408 |
|
409 Raises: |
|
410 AccessViolationResponse: if the required authorization is not met |
|
411 |
|
412 Returns: |
|
413 None if the current User is allowed to access this Notification. |
|
414 """ |
|
415 |
|
416 try: |
|
417 # if the current user is a developer we allow access |
|
418 checkIsDeveloper(request, args, kwargs) |
|
419 return |
|
420 except out_of_band.Error: |
|
421 pass |
|
422 |
|
423 checkIsUser(request, args, kwargs) |
|
424 |
|
425 # Mine the url for params |
|
426 try: |
|
427 callback, args, kwargs = urlresolvers.resolve(request.path) |
|
428 except Exception: |
|
429 deny(request, args, kwargs) |
|
430 |
|
431 properties = dicts.filter(kwargs, ['link_id', 'scope_path']) |
|
432 |
|
433 notification = notification_logic.logic.getForFields(properties, unique=True) |
|
434 user = user_logic.logic.getForCurrentAccount() |
|
435 |
|
436 # We need to check to see if the key's are equal since the User |
|
437 # objects are different and the default __eq__ method does not check |
|
438 # if the keys are equal (which is what we want). |
|
439 if user.key() == notification.scope.key(): |
|
440 return None |
|
441 |
|
442 # TODO(ljvderijk) Make this give a proper error message |
|
443 deny(request, args, kwargs) |
|
444 |
|
445 |
|
446 def checkIsMyApplication(app_logic): |
|
447 """Returns an alternate HTTP response if this request is for a Application belonging |
|
448 to the current user. |
|
449 |
|
450 Args: |
|
451 request: a Django HTTP request |
|
452 |
|
453 Raises: |
|
454 AccessViolationResponse: if the required authorization is not met |
|
455 |
|
456 Returns: |
|
457 None if the current User is allowed to access this Application. |
|
458 """ |
372 """ |
459 |
373 |
460 def wrapper(request, args, kwargs): |
374 def wrapper(request, args, kwargs): |
461 try: |
375 try: |
462 # if the current user is a developer we allow access |
376 # if the current user is a developer we allow access |
465 except out_of_band.Error: |
379 except out_of_band.Error: |
466 pass |
380 pass |
467 |
381 |
468 checkIsUser(request, args, kwargs) |
382 checkIsUser(request, args, kwargs) |
469 |
383 |
|
384 user = user_logic.logic.getForCurrentAccount() |
|
385 |
|
386 properties = { |
|
387 'applicant': user, |
|
388 'reviewed': True, |
|
389 'accepted': True, |
|
390 'application_completed': False, |
|
391 } |
|
392 |
|
393 application = app_logic.logic.getForFields(properties, unique=True) |
|
394 |
|
395 if application: |
|
396 return |
|
397 |
|
398 # TODO(srabbelier) Make this give a proper error message |
|
399 deny(request, args, kwargs) |
|
400 |
|
401 return wrapper |
|
402 |
|
403 |
|
404 def checkIsMyNotification(request, args, kwargs): |
|
405 """Returns an alternate HTTP response if this request is for a Notification belonging |
|
406 to the current user. |
|
407 |
|
408 Args: |
|
409 request: a Django HTTP request |
|
410 |
|
411 Raises: |
|
412 AccessViolationResponse: if the required authorization is not met |
|
413 |
|
414 Returns: |
|
415 None if the current User is allowed to access this Notification. |
|
416 """ |
|
417 |
|
418 try: |
|
419 # if the current user is a developer we allow access |
|
420 checkIsDeveloper(request, args, kwargs) |
|
421 return |
|
422 except out_of_band.Error: |
|
423 pass |
|
424 |
|
425 checkIsUser(request, args, kwargs) |
|
426 |
|
427 # Mine the url for params |
|
428 try: |
|
429 callback, args, kwargs = urlresolvers.resolve(request.path) |
|
430 except Exception: |
|
431 deny(request, args, kwargs) |
|
432 |
|
433 properties = dicts.filter(kwargs, ['link_id', 'scope_path']) |
|
434 |
|
435 notification = notification_logic.logic.getForFields(properties, unique=True) |
|
436 user = user_logic.logic.getForCurrentAccount() |
|
437 |
|
438 # We need to check to see if the key's are equal since the User |
|
439 # objects are different and the default __eq__ method does not check |
|
440 # if the keys are equal (which is what we want). |
|
441 if user.key() == notification.scope.key(): |
|
442 return None |
|
443 |
|
444 # TODO(ljvderijk) Make this give a proper error message |
|
445 deny(request, args, kwargs) |
|
446 |
|
447 |
|
448 def checkIsMyApplication(app_logic): |
|
449 """Returns an alternate HTTP response if this request is for a Application belonging |
|
450 to the current user. |
|
451 |
|
452 Args: |
|
453 request: a Django HTTP request |
|
454 |
|
455 Raises: |
|
456 AccessViolationResponse: if the required authorization is not met |
|
457 |
|
458 Returns: |
|
459 None if the current User is allowed to access this Application. |
|
460 """ |
|
461 |
|
462 def wrapper(request, args, kwargs): |
|
463 try: |
|
464 # if the current user is a developer we allow access |
|
465 checkIsDeveloper(request, args, kwargs) |
|
466 return |
|
467 except out_of_band.Error: |
|
468 pass |
|
469 |
|
470 checkIsUser(request, args, kwargs) |
|
471 |
470 properties = dicts.filter(kwargs, ['link_id']) |
472 properties = dicts.filter(kwargs, ['link_id']) |
471 |
473 |
472 application = app_logic.logic.getForFields(properties, unique=True) |
474 application = app_logic.logic.getForFields(properties, unique=True) |
|
475 |
|
476 if not application: |
|
477 deny(request, args, kwargs) |
|
478 |
473 user = user_logic.logic.getForCurrentAccount() |
479 user = user_logic.logic.getForCurrentAccount() |
474 |
480 |
475 # We need to check to see if the key's are equal since the User |
481 # We need to check to see if the key's are equal since the User |
476 # objects are different and the default __eq__ method does not check |
482 # objects are different and the default __eq__ method does not check |
477 # if the keys are equal (which is what we want). |
483 # if the keys are equal (which is what we want). |