564 AccessViolationResponse: |
577 AccessViolationResponse: |
565 * if a User exists for the logged-in Google Account, or |
578 * if a User exists for the logged-in Google Account, or |
566 * if a User has this Gooogle Account in their formerAccounts list |
579 * if a User has this Gooogle Account in their formerAccounts list |
567 """ |
580 """ |
568 |
581 |
569 self.checkIsLoggedIn(django_args) |
582 self.checkIsLoggedIn() |
570 |
583 |
571 user_entity = user_logic.getForFields({'account':self.id}, unique=True) |
584 if not self.user and not user_logic.isFormerAccount(self.id): |
572 |
|
573 if not user_entity and not user_logic.isFormerAccount(self.id): |
|
574 # this account has not been used yet |
585 # this account has not been used yet |
575 return |
586 return |
576 |
587 |
577 message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % { |
588 message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % { |
578 'email' : self.id.email()} |
589 'email' : self.id.email() |
|
590 } |
|
591 |
579 raise out_of_band.LoginRequest(message_fmt=message_fmt) |
592 raise out_of_band.LoginRequest(message_fmt=message_fmt) |
580 |
593 |
581 def checkHasUserEntity(self, django_args=None): |
594 def checkHasUserEntity(self, django_args=None): |
582 """Raises an alternate HTTP response if Google Account has no User entity. |
595 """Raises an alternate HTTP response if Google Account has no User entity. |
583 |
596 |
608 * if User is not a Developer, or |
621 * if User is not a Developer, or |
609 * if no User exists for the logged-in Google Account, or |
622 * if no User exists for the logged-in Google Account, or |
610 * if no Google Account is logged in at all |
623 * if no Google Account is logged in at all |
611 """ |
624 """ |
612 |
625 |
613 self.checkIsUser(django_args) |
626 self.checkIsUser() |
614 |
627 |
615 if accounts.isDeveloper(account=self.id, user=self.user): |
628 if user_logic.isDeveloper(account=self.id, user=self.user): |
616 return |
629 return |
617 |
630 |
618 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
631 login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { |
619 'role': 'a Site Developer '} |
632 'role': 'a Site Developer ', |
|
633 } |
620 |
634 |
621 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
635 raise out_of_band.LoginRequest(message_fmt=login_message_fmt) |
622 |
636 |
623 @allowDeveloper |
637 @allowDeveloper |
624 @denySidebar |
638 @denySidebar |
625 def checkIsActive(self, django_args, logic, |
639 def _checkIsActive(self, django_args, logic, fields): |
626 field_name='scope_path', filter_field='link_id'): |
|
627 """Raises an alternate HTTP response if the entity is not active. |
640 """Raises an alternate HTTP response if the entity is not active. |
628 |
641 |
629 Args: |
642 Args: |
630 django_args: a dictionary with django's arguments |
643 django_args: a dictionary with django's arguments |
631 logic: the logic that should be used to look up the entity |
644 logic: the logic that should be used to look up the entity |
632 field_name: the name of the field that should be copied verbatim |
645 fields: the name of the fields that should be copied verbatim |
633 If a format string is specified it will be formatted with |
646 from the django_args as filter |
634 the specified django_args. |
|
635 filter_field: the name of the field to which scope_path should be set |
|
636 |
647 |
637 Raises: |
648 Raises: |
638 AccessViolationResponse: |
649 AccessViolationResponse: |
639 * if no entity is found |
650 * if no entity is found |
640 * if the entity status is not active |
651 * if the entity status is not active |
641 """ |
652 """ |
642 |
653 |
643 self.checkIsUser(django_args) |
654 self.checkIsUser() |
644 |
655 |
645 fields = { |
656 fields = dicts.filter(django_args, fields) |
646 filter_field: django_args[filter_field], |
657 fields['status'] = 'active' |
647 'status': 'active', |
|
648 } |
|
649 |
|
650 if field_name: |
|
651 # convert to a format string if desired |
|
652 if field_name.find('%') == -1: |
|
653 field_name = ''.join(['%(', field_name, ')s']) |
|
654 |
|
655 try: |
|
656 fields['scope_path'] = field_name % django_args |
|
657 except KeyError, e: |
|
658 self.deny(django_args) |
|
659 |
658 |
660 entity = logic.getForFields(fields, unique=True) |
659 entity = logic.getForFields(fields, unique=True) |
661 |
660 |
662 if entity: |
661 if entity: |
663 return |
662 return |
664 |
663 |
665 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG) |
664 raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG) |
666 |
665 |
667 def checkHasActiveRoleForScope(self, django_args, logic, |
666 def checkGroupIsActiveForScopeAndLinkId(self, django_args, logic): |
668 field_name='scope_path'): |
667 """Checks that the specified group is active. |
|
668 |
|
669 Only group where both the link_id and the scope_path match the value |
|
670 of the link_id and the scope_path from the django_args are considered. |
|
671 """ |
|
672 |
|
673 fields = ['scope_path', 'link_id'] |
|
674 self._checkIsActive(django_args, logic, fields) |
|
675 |
|
676 def checkGroupIsActiveForLinkId(self, django_args, logic): |
|
677 """Checks that the specified group is active. |
|
678 |
|
679 Only group where the link_id matches the value of the link_id |
|
680 from the django_args are considered. |
|
681 """ |
|
682 |
|
683 self._checkIsActive(django_args, logic, ['link_id']) |
|
684 |
|
685 def checkHasActiveRole(self, django_args, logic): |
669 """Checks that the user has the specified active role. |
686 """Checks that the user has the specified active role. |
670 """ |
687 """ |
671 |
688 |
672 django_args['user'] = self.user |
689 django_args['user'] = self.user |
673 self.checkIsActive(django_args, logic, field_name, 'user') |
690 self._checkIsActive(django_args, logic, ['user']) |
|
691 |
|
692 def _checkHasActiveRoleFor(self, django_args, logic, field_name): |
|
693 """Checks that the user has the specified active role. |
|
694 |
|
695 Only roles where the field as specified by field_name matches the |
|
696 scope_path from the django_args are considered. |
|
697 """ |
|
698 |
|
699 fields = ['scope_path', 'user'] |
|
700 django_args['user'] = self.user |
|
701 self._checkIsActive(django_args, logic, fields) |
|
702 |
|
703 def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic): |
|
704 """ |
|
705 """ |
|
706 |
|
707 key_fields = "%(scope_path)s/%(link_id)s" % django_args |
|
708 new_args = {'scope_path': key_fields} |
|
709 self._checkHasActiveRoleFor(new_args, logic, 'scope_path') |
|
710 |
|
711 def checkHasActiveRoleForScope(self, django_args, logic): |
|
712 """Checks that the user has the specified active role. |
|
713 |
|
714 Only roles where the scope_path matches the scope_path from the |
|
715 django_args are considered. |
|
716 """ |
|
717 |
|
718 self._checkHasActiveRoleFor(django_args, logic, 'scope_path') |
|
719 |
|
720 def checkHasActiveRoleForLinkId(self, django_args, logic): |
|
721 """Checks that the user has the specified active role. |
|
722 |
|
723 Only roles where the link_id matches the link_id from the |
|
724 django_args are considered. |
|
725 """ |
|
726 self._checkHasActiveRoleFor(django_args, logic, 'link_id') |
674 |
727 |
675 def checkHasDocumentAccess(self, django_args, logic, target_scope): |
728 def checkHasDocumentAccess(self, django_args, logic, target_scope): |
676 """Checks that the user has access to the specified document scope. |
729 """Checks that the user has access to the specified document scope. |
677 """ |
730 """ |
678 |
731 |