163 |
163 |
164 from functools import wraps |
164 from functools import wraps |
165 |
165 |
166 @wraps(fun) |
166 @wraps(fun) |
167 def wrapper(self, django_args, *args, **kwargs): |
167 def wrapper(self, django_args, *args, **kwargs): |
|
168 """Decorator wrapper method. |
|
169 """ |
168 if django_args.get('SIDEBAR_CALLING'): |
170 if django_args.get('SIDEBAR_CALLING'): |
169 return |
171 return |
170 return fun(self, django_args, *args, **kwargs) |
172 return fun(self, django_args, *args, **kwargs) |
171 return wrapper |
173 return wrapper |
172 |
174 |
177 |
179 |
178 from functools import wraps |
180 from functools import wraps |
179 |
181 |
180 @wraps(fun) |
182 @wraps(fun) |
181 def wrapper(self, django_args, *args, **kwargs): |
183 def wrapper(self, django_args, *args, **kwargs): |
|
184 """Decorator wrapper method. |
|
185 """ |
182 if django_args.get('SIDEBAR_CALLING'): |
186 if django_args.get('SIDEBAR_CALLING'): |
183 raise out_of_band.Error("Sidebar Calling") |
187 raise out_of_band.Error("Sidebar Calling") |
184 return fun(self, django_args, *args, **kwargs) |
188 return fun(self, django_args, *args, **kwargs) |
185 return wrapper |
189 return wrapper |
186 |
190 |
195 """Decorator that allows access if the current user is a Developer. |
199 """Decorator that allows access if the current user is a Developer. |
196 """ |
200 """ |
197 |
201 |
198 @wraps(fun) |
202 @wraps(fun) |
199 def wrapper(self, django_args=None, *args, **kwargs): |
203 def wrapper(self, django_args=None, *args, **kwargs): |
|
204 """Decorator wrapper method. |
|
205 """ |
200 try: |
206 try: |
201 # if the check passes we allow access regardless |
207 # if the check passes we allow access regardless |
202 return self.doCheck(checker_name, django_args, []) |
208 return self.doCheck(checker_name, django_args, []) |
203 except out_of_band.Error: |
209 except out_of_band.Error: |
204 # otherwise we run the original check |
210 # otherwise we run the original check |
205 return fun(self, django_args, *args, **kwargs) |
211 return fun(self, django_args, *args, **kwargs) |
206 return wrapper |
212 return wrapper |
207 |
213 |
208 return decorator |
214 return decorator |
209 |
215 |
210 |
216 # pylint: disable-msg=C0103 |
211 allowDeveloper = allowIfCheckPasses('checkIsDeveloper') |
217 allowDeveloper = allowIfCheckPasses('checkIsDeveloper') |
212 |
218 |
213 |
219 |
214 class Checker(object): |
220 class Checker(object): |
215 """ |
221 """ |
216 The __setitem__() and __getitem__() methods are overloaded to DTRT |
222 The __setitem__() and __getitem__() methods are overloaded to DTRT |
437 |
443 |
438 If none of the specified checks passes, the exception that the first of the |
444 If none of the specified checks passes, the exception that the first of the |
439 checks raised is reraised. |
445 checks raised is reraised. |
440 """ |
446 """ |
441 |
447 |
442 first = None |
448 first = Exception() |
443 |
449 |
444 for checker_name, args in checks: |
450 for checker_name, args in checks: |
445 try: |
451 try: |
446 self.doCheck(checker_name, django_args, args) |
452 self.doCheck(checker_name, django_args, args) |
447 # one check passed, all is well |
453 # one check passed, all is well |
721 django_args = django_args.copy() |
727 django_args = django_args.copy() |
722 django_args['user'] = self.user |
728 django_args['user'] = self.user |
723 self._checkIsActive(django_args, logic, fields) |
729 self._checkIsActive(django_args, logic, fields) |
724 |
730 |
725 def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic): |
731 def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic): |
726 """ |
732 """Checks that the user has the specified active role. |
|
733 |
|
734 Args: |
|
735 django_args: a dictionary with django's arguments |
|
736 logic: the logic that should be used to look up the entity |
727 """ |
737 """ |
728 |
738 |
729 key_fields = "%(scope_path)s/%(link_id)s" % django_args |
739 key_fields = "%(scope_path)s/%(link_id)s" % django_args |
730 new_args = {'scope_path': key_fields} |
740 new_args = {'scope_path': key_fields} |
731 self._checkHasActiveRoleFor(new_args, logic, 'scope_path') |
741 self._checkHasActiveRoleFor(new_args, logic, 'scope_path') |
1123 """ |
1133 """ |
1124 |
1134 |
1125 if not django_args.get('scope_path'): |
1135 if not django_args.get('scope_path'): |
1126 raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG) |
1136 raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_DENIED_MSG) |
1127 |
1137 |
1128 program_entity = program_logic.getFromKeyNameOr404(django_args['scope_path']) |
1138 program_entity = program_logic.getFromKeyNameOr404( |
|
1139 django_args['scope_path']) |
1129 user_entity = user_logic.getForCurrentAccount() |
1140 user_entity = user_logic.getForCurrentAccount() |
1130 |
1141 |
1131 filter = {'user': user_entity, |
1142 filter = {'user': user_entity, |
1132 'scope': program_entity, |
1143 'scope': program_entity, |
1133 'status': 'active'} |
1144 'status': 'active'} |
1138 if student_role: |
1149 if student_role: |
1139 raise out_of_band.AccessViolation( |
1150 raise out_of_band.AccessViolation( |
1140 message_fmt=DEF_ALREADY_PARTICIPATING_MSG) |
1151 message_fmt=DEF_ALREADY_PARTICIPATING_MSG) |
1141 |
1152 |
1142 # fill the role_list with all the mentor and org admin roles for this user |
1153 # fill the role_list with all the mentor and org admin roles for this user |
1143 role_list = [] |
1154 # role_list = [] |
1144 |
1155 |
1145 filter = {'user': user_entity, |
1156 filter = {'user': user_entity, |
1146 'program': program_entity, |
1157 'program': program_entity, |
1147 'status': 'active'} |
1158 'status': 'active'} |
1148 |
1159 |
1390 |
1401 |
1391 raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG) |
1402 raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG) |
1392 |
1403 |
1393 @allowDeveloper |
1404 @allowDeveloper |
1394 @denySidebar |
1405 @denySidebar |
1395 def checkIsAllowedToManageRole(self, django_args, role_logic, manage_role_logic): |
1406 def checkIsAllowedToManageRole(self, django_args, logic_for_role, |
|
1407 manage_role_logic): |
1396 """Returns an alternate HTTP response if the user is not allowed to manage |
1408 """Returns an alternate HTTP response if the user is not allowed to manage |
1397 the role given in args. |
1409 the role given in args. |
1398 |
1410 |
1399 Args: |
1411 Args: |
1400 django_args: a dictionary with django's arguments |
1412 django_args: a dictionary with django's arguments |
1401 role_logic: determines the logic for the role in args. |
1413 logic_for_role: determines the logic for the role in args. |
1402 manage_role_logic: determines the logic for the role which is allowed |
1414 manage_role_logic: determines the logic for the role which is allowed |
1403 to manage this role. |
1415 to manage this role. |
1404 |
1416 |
1405 Raises: |
1417 Raises: |
1406 AccessViolationResponse: if the required authorization is not met |
1418 AccessViolationResponse: if the required authorization is not met |
1411 that belongs to the same scope as the role that needs to be managed |
1423 that belongs to the same scope as the role that needs to be managed |
1412 """ |
1424 """ |
1413 |
1425 |
1414 try: |
1426 try: |
1415 # check if it is my role the user's own role |
1427 # check if it is my role the user's own role |
1416 self.checkHasActiveRoleForScope(django_args, role_logic) |
1428 self.checkHasActiveRoleForScope(django_args, logic_for_role) |
1417 return |
1429 return |
1418 except out_of_band.Error: |
1430 except out_of_band.Error: |
1419 pass |
1431 pass |
1420 |
1432 |
1421 # apparently it's not the user's role so check if managing this role is allowed |
1433 # apparently it's not the user's role so check |
|
1434 # if managing this role is allowed |
1422 fields = { |
1435 fields = { |
1423 'link_id': django_args['link_id'], |
1436 'link_id': django_args['link_id'], |
1424 'scope_path': django_args['scope_path'], |
1437 'scope_path': django_args['scope_path'], |
1425 } |
1438 } |
1426 |
1439 |