app/soc/views/helper/access.py
changeset 1525 fe906cdbf0e9
parent 1524 30ada09bdc6f
child 1528 abbdf42ab322
equal deleted inserted replaced
1524:30ada09bdc6f 1525:fe906cdbf0e9
   535         'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
   535         'tos_link': redirects.getToSRedirect(site_logic.getSingleton())}
   536 
   536 
   537     raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
   537     raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
   538 
   538 
   539   @allowDeveloper
   539   @allowDeveloper
       
   540   def checkIsHost(self, django_args=None):
       
   541     """Checks whether the current user has a role entity.
       
   542 
       
   543     Args:
       
   544       django_args: the keyword args from django, not used
       
   545     """
       
   546 
       
   547     if not django_args:
       
   548       django_args = {}
       
   549 
       
   550     return self.checkHasActiveRole(django_args, host_logic)
       
   551 
       
   552   @allowDeveloper
   540   def checkIsUserSelf(self, django_args, field_name):
   553   def checkIsUserSelf(self, django_args, field_name):
   541     """Checks whether the specified user is the logged in user.
   554     """Checks whether the specified user is the logged in user.
   542 
   555 
   543     Args:
   556     Args:
   544       django_args: the keyword args from django, only field_name is used
   557       django_args: the keyword args from django, only field_name is used
   564       AccessViolationResponse:
   577       AccessViolationResponse:
   565       * if a User exists for the logged-in Google Account, or
   578       * if a User exists for the logged-in Google Account, or
   566       * if a User has this Gooogle Account in their formerAccounts list
   579       * if a User has this Gooogle Account in their formerAccounts list
   567     """
   580     """
   568 
   581 
   569     self.checkIsLoggedIn(django_args)
   582     self.checkIsLoggedIn()
   570 
   583 
   571     user_entity = user_logic.getForFields({'account':self.id}, unique=True)
   584     if not self.user and not user_logic.isFormerAccount(self.id):
   572 
       
   573     if not user_entity and not user_logic.isFormerAccount(self.id):
       
   574       # this account has not been used yet
   585       # this account has not been used yet
   575       return
   586       return
   576 
   587 
   577     message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
   588     message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
   578         'email' : self.id.email()}
   589         'email' : self.id.email()
       
   590         }
       
   591 
   579     raise out_of_band.LoginRequest(message_fmt=message_fmt)
   592     raise out_of_band.LoginRequest(message_fmt=message_fmt)
   580 
   593 
   581   def checkHasUserEntity(self, django_args=None):
   594   def checkHasUserEntity(self, django_args=None):
   582     """Raises an alternate HTTP response if Google Account has no User entity.
   595     """Raises an alternate HTTP response if Google Account has no User entity.
   583 
   596 
   608       * if User is not a Developer, or
   621       * if User is not a Developer, or
   609       * if no User exists for the logged-in Google Account, or
   622       * if no User exists for the logged-in Google Account, or
   610       * if no Google Account is logged in at all
   623       * if no Google Account is logged in at all
   611     """
   624     """
   612 
   625 
   613     self.checkIsUser(django_args)
   626     self.checkIsUser()
   614 
   627 
   615     if accounts.isDeveloper(account=self.id, user=self.user):
   628     if user_logic.isDeveloper(account=self.id, user=self.user):
   616       return
   629       return
   617 
   630 
   618     login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   631     login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
   619         'role': 'a Site Developer '}
   632         'role': 'a Site Developer ',
       
   633         }
   620 
   634 
   621     raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   635     raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
   622 
   636 
   623   @allowDeveloper
   637   @allowDeveloper
   624   @denySidebar
   638   @denySidebar
   625   def checkIsActive(self, django_args, logic,
   639   def _checkIsActive(self, django_args, logic, fields):
   626                     field_name='scope_path', filter_field='link_id'):
       
   627     """Raises an alternate HTTP response if the entity is not active.
   640     """Raises an alternate HTTP response if the entity is not active.
   628 
   641 
   629     Args:
   642     Args:
   630       django_args: a dictionary with django's arguments
   643       django_args: a dictionary with django's arguments
   631       logic: the logic that should be used to look up the entity
   644       logic: the logic that should be used to look up the entity
   632       field_name: the name of the field that should be copied verbatim
   645       fields: the name of the fields that should be copied verbatim
   633                   If a format string is specified it will be formatted with
   646               from the django_args as filter
   634                   the specified django_args.
       
   635       filter_field: the name of the field to which scope_path should be set
       
   636 
   647 
   637     Raises:
   648     Raises:
   638       AccessViolationResponse:
   649       AccessViolationResponse:
   639       * if no entity is found
   650       * if no entity is found
   640       * if the entity status is not active
   651       * if the entity status is not active
   641     """
   652     """
   642 
   653 
   643     self.checkIsUser(django_args)
   654     self.checkIsUser()
   644 
   655 
   645     fields = {
   656     fields = dicts.filter(django_args, fields)
   646         filter_field: django_args[filter_field],
   657     fields['status'] = 'active'
   647         'status': 'active',
       
   648         }
       
   649 
       
   650     if field_name:
       
   651       # convert to a format string if desired
       
   652       if field_name.find('%') == -1:
       
   653         field_name = ''.join(['%(', field_name, ')s'])
       
   654 
       
   655       try:
       
   656         fields['scope_path'] = field_name % django_args
       
   657       except KeyError, e:
       
   658         self.deny(django_args)
       
   659 
   658 
   660     entity = logic.getForFields(fields, unique=True)
   659     entity = logic.getForFields(fields, unique=True)
   661 
   660 
   662     if entity:
   661     if entity:
   663       return
   662       return
   664 
   663 
   665     raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
   664     raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
   666 
   665 
   667   def checkHasActiveRoleForScope(self, django_args, logic,
   666   def checkGroupIsActiveForScopeAndLinkId(self, django_args, logic):
   668                                  field_name='scope_path'):
   667     """Checks that the specified group is active.
       
   668 
       
   669     Only group where both the link_id and the scope_path match the value
       
   670     of the link_id and the scope_path from the django_args are considered.
       
   671     """
       
   672 
       
   673     fields = ['scope_path', 'link_id']
       
   674     self._checkIsActive(django_args, logic, fields)
       
   675 
       
   676   def checkGroupIsActiveForLinkId(self, django_args, logic):
       
   677     """Checks that the specified group is active.
       
   678 
       
   679     Only group where the link_id matches the value of the link_id
       
   680     from the django_args are considered.
       
   681     """
       
   682 
       
   683     self._checkIsActive(django_args, logic, ['link_id'])
       
   684 
       
   685   def checkHasActiveRole(self, django_args, logic):
   669     """Checks that the user has the specified active role.
   686     """Checks that the user has the specified active role.
   670     """
   687     """
   671 
   688 
   672     django_args['user'] = self.user
   689     django_args['user'] = self.user
   673     self.checkIsActive(django_args, logic, field_name, 'user')
   690     self._checkIsActive(django_args, logic, ['user'])
       
   691 
       
   692   def _checkHasActiveRoleFor(self, django_args, logic, field_name):
       
   693     """Checks that the user has the specified active role.
       
   694 
       
   695     Only roles where the field as specified by field_name matches the
       
   696     scope_path from the django_args are considered.
       
   697     """
       
   698 
       
   699     fields = ['scope_path', 'user']
       
   700     django_args['user'] = self.user
       
   701     self._checkIsActive(django_args, logic, fields)
       
   702 
       
   703   def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic):
       
   704     """
       
   705     """
       
   706 
       
   707     key_fields = "%(scope_path)s/%(link_id)s" % django_args
       
   708     new_args = {'scope_path': key_fields}
       
   709     self._checkHasActiveRoleFor(new_args, logic, 'scope_path')
       
   710 
       
   711   def checkHasActiveRoleForScope(self, django_args, logic):
       
   712     """Checks that the user has the specified active role.
       
   713 
       
   714     Only roles where the scope_path matches the scope_path from the
       
   715     django_args are considered.
       
   716     """
       
   717 
       
   718     self._checkHasActiveRoleFor(django_args, logic, 'scope_path')
       
   719 
       
   720   def checkHasActiveRoleForLinkId(self, django_args, logic):
       
   721     """Checks that the user has the specified active role.
       
   722 
       
   723     Only roles where the link_id matches the link_id from the
       
   724     django_args are considered.
       
   725     """
       
   726     self._checkHasActiveRoleFor(django_args, logic, 'link_id')
   674 
   727 
   675   def checkHasDocumentAccess(self, django_args, logic, target_scope):
   728   def checkHasDocumentAccess(self, django_args, logic, target_scope):
   676     """Checks that the user has access to the specified document scope.
   729     """Checks that the user has access to the specified document scope.
   677     """
   730     """
   678 
   731