--- a/app/soc/views/helper/access.py Fri Jan 23 09:08:26 2009 +0000
+++ b/app/soc/views/helper/access.py Fri Jan 23 11:32:53 2009 +0000
@@ -38,6 +38,7 @@
from soc.logic import accounts
from soc.logic import dicts
+from soc.logic.models.club_admin import logic as club_admin_logic
from soc.logic.models.host import logic as host_logic
from soc.logic.models.notification import logic as notification_logic
from soc.logic.models.request import logic as request_logic
@@ -236,8 +237,87 @@
raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
+def checkCanCreateFromRequest(role_name):
+ """Raises an alternate HTTP response if the specified invite does not exist
+ or if it has not been group_accepted.
+ """
+ def wrapper(request, args, kwargs):
+ checkAgreesToSiteToS(request, args, kwargs)
+
+ user_entity = user_logic.getForCurrentAccount()
+
+ if user_entity.link_id != kwargs['link_id']:
+ deny(request, args, kwargs)
+
+ fields = {'link_id' : kwargs['link_id'],
+ 'scope_path' : kwargs['scope_path'],
+ 'role' : role_name}
+
+ request_entity = request_logic.getFromFieldsOr404(**fields)
+
+ if not request_entity.group_accepted:
+ # TODO tell the user that this request has not been accepted yet
+ deny(request, args, kwargs)
+
+ return
+ return wrapper
+
+def checkIsMyUncompletedRequest(request, args, kwargs):
+ """Raises an alternate HTTP response if the specified Request has been completed.
+ """
+ checkAgreesToSiteToS(request, args, kwargs)
+
+ user_entity = user_logic.getForCurrentAccount()
+
+ if user_entity.link_id != kwargs['link_id']:
+ # not the current user's request
+ return deny(request, args, kwargs)
+
+ fields = {'link_id' : kwargs['link_id'],
+ 'scope_path' : kwargs['scope_path'],
+ 'role' : kwargs['role'],
+ 'completed' : False}
+
+ request_entity = request_logic.getForFields(fields, unique=True)
+
+ if not request_entity:
+ # TODO return 404
+ return deny(request, args, kwargs)
+
+ return
def checkIsHost(request, args, kwargs):
+ """Raises an alternate HTTP response if Google Account has no Host entity.
+
+ Args:
+ request: a Django HTTP request
+
+ Raises:
+ AccessViolationResponse:
+ * if User is not already a Host, or
+ * if User has not agreed to the site-wide ToS, or
+ * if no User exists for the logged-in Google Account, or
+ * if the user is not even logged in
+ """
+ checkAgreesToSiteToS(request, args, kwargs)
+
+ user = user_logic.getForFields({'account': users.get_current_user()},
+ unique=True)
+
+ fields = {'user' : user,
+ 'active' : True}
+
+ host = host_logic.getForFields(fields, unique=True)
+
+ if host:
+ return
+
+ login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
+ 'role': 'a Program Administrator '}
+
+ raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
+
+def checkIsHostForProgram(request, args, kwargs):
"""Raises an alternate HTTP response if Google Account has no Host entity
for the specified program.
@@ -246,25 +326,21 @@
Raises:
AccessViolationResponse:
- * if User has not been invited to be a Host, or
- * if User is not already a Host, or
+ * if User is not already a Host for the specified program, or
* if User has not agreed to the site-wide ToS, or
* if no User exists for the logged-in Google Account, or
* if the user is not even logged in
"""
checkAgreesToSiteToS(request, args, kwargs)
- try:
- # if the current user is invited to create a host profile we allow access
- checkIsInvited(request, args, kwargs)
- return
- except out_of_band.Error:
- pass
-
user = user_logic.getForFields({'account': users.get_current_user()},
unique=True)
- host = host_logic.getForFields({'user': user}, unique=True)
+ fields = {'user' : user,
+ 'scope_path' : kwargs['scope_path'],
+ 'active' : True}
+
+ host = host_logic.getForFields(fields, unique=True)
if host:
return
@@ -300,7 +376,16 @@
checkAgreesToSiteToS(request, args, kwargs)
- # TODO(srabbelier) implement this
+ user = user_logic.getForCurrentAccount()
+
+ fields = {'user' : user,
+ 'scope_path' : kwargs['link_id'],
+ 'state' : 'active'}
+
+ club_admin_entity = club_admin_logic.getForFields(fields, unique=True)
+
+ if club_admin_entity:
+ return
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
'role': 'a Club Admin for this Club'}
@@ -501,6 +586,50 @@
return wrapper
+def checkIsMyActiveRole(role_logic):
+ """Returns an alternate HTTP response if there is no active role found for
+ the current user using the given role_logic.
+
+ Raises:
+ AccessViolationResponse: if the required authorization is not met
+
+ Returns:
+ None if the current User has no active role for the given role_logic.
+ """
+
+ def wrapper(request, args, kwargs):
+ try:
+ # if the current user is a developer we allow access
+ checkIsDeveloper(request, args, kwargs)
+ return
+ except out_of_band.Error:
+ pass
+
+ user = user_logic.getForCurrentAccount()
+
+ if not user or user.link_id != kwargs['link_id']:
+ # not my role
+ deny(request, args, kwargs)
+
+ fields = {'link_id' : kwargs['link_id'],
+ 'scope_path' : kwargs['scope_path']
+ }
+
+ role_entity = role_logic.logic.getForFields(fields, unique=True)
+
+ if not role_entity:
+ # no role found
+ deny(request, args, kwargs)
+
+ if role_entity.state == 'active':
+ # this role exist and is active
+ return
+ else:
+ # this role is not active
+ deny(request, args, kwargs)
+
+ return wrapper
+
def checkCanInvite(request, args, kwargs):
"""Checks to see if the current user can create an invite.