app/soc/views/helper/access.py
changeset 872 70e0b6d8ff73
parent 814 25ffebd9fa8f
child 882 267e31f1a0b6
--- a/app/soc/views/helper/access.py	Wed Jan 21 15:35:10 2009 +0000
+++ b/app/soc/views/helper/access.py	Wed Jan 21 16:11:47 2009 +0000
@@ -63,7 +63,7 @@
     'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
 
 
-def checkAccess(access_type, request, rights):
+def checkAccess(access_type, request, rights, args=None, kwargs=None):
   """Runs all the defined checks for the specified type.
 
   Args:
@@ -89,19 +89,19 @@
 
   # Call each access checker
   for check in rights['any_access']:
-    check(request)
+    check(request, args, kwargs)
 
   if access_type not in rights:
     for check in rights['unspecified']:
       # No checks defined, so do the 'generic' checks and bail out
-      check(request)
+      check(request, args, kwargs)
     return
 
   for check in rights[access_type]:
-    check(request)
+    check(request, args, kwargs)
 
 
-def allow(request):
+def allow(request, args, kwargs):
   """Never returns an alternate HTTP response.
 
   Args:
@@ -110,7 +110,8 @@
 
   return
 
-def deny(request):
+
+def deny(request, args, kwargs):
   """Returns an alternate HTTP response.
 
   Args:
@@ -127,7 +128,7 @@
   raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context)
 
 
-def checkIsLoggedIn(request):
+def checkIsLoggedIn(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account is not logged in.
 
   Args:
@@ -148,7 +149,7 @@
   raise out_of_band.LoginRequest()
 
 
-def checkNotLoggedIn(request):
+def checkNotLoggedIn(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account is not logged in.
 
   Args:
@@ -169,7 +170,7 @@
   raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
 
 
-def checkIsUser(request):
+def checkIsUser(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account has no User entity.
 
   Args:
@@ -184,7 +185,7 @@
     should be returned by the calling view.
   """
 
-  checkIsLoggedIn(request)
+  checkIsLoggedIn(request, args, kwargs)
 
   user = user_logic.logic.getForFields(
       {'account': users.get_current_user()}, unique=True)
@@ -195,7 +196,7 @@
   raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG_FMT)
 
 
-def checkIsDeveloper(request):
+def checkIsDeveloper(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account is not a Developer.
 
   Args:
@@ -210,7 +211,7 @@
     response should be returned by the calling view.
   """
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   if accounts.isDeveloper(account=users.get_current_user()):
     return
@@ -221,7 +222,7 @@
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
 
-def checkIsHost(request):
+def checkIsHost(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account has no Host entity
      for the specified program.
 
@@ -239,12 +240,12 @@
 
   try:
     # if the current user is invited to create a host profile we allow access
-    checkIsInvited(request)
+    checkIsInvited(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   user = user_logic.logic.getForFields(
       {'account': users.get_current_user()}, unique=True)
@@ -261,7 +262,7 @@
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
 
-def checkIsClubAdminForClub(request):
+def checkIsClubAdminForClub(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account has no Club Admin
      entity for the specified club.
 
@@ -279,12 +280,12 @@
 
   try:
     # if the current user is invited to create a host profile we allow access
-    checkIsDeveloper(request)
+    checkIsDeveloper(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   # TODO(srabbelier) implement this
 
@@ -294,7 +295,7 @@
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
 
-def checkIsInvited(request):
+def checkIsInvited(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account has no Host entity
      for the specified program.
 
@@ -312,12 +313,12 @@
 
   try:
     # if the current user is a developer we allow access
-    checkIsDeveloper(request)
+    checkIsDeveloper(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
       'role': 'a Program Administrator for this Program'}
@@ -327,7 +328,7 @@
 
   if len(splitpath) < 4:
     # TODO: perhaps this needs a better explanation?
-    deny(request)
+    deny(request, args, kwargs)
 
   role = splitpath[0]
   group_id = splitpath[2]
@@ -338,7 +339,7 @@
 
   if user_id != user.link_id:
     # TODO: perhaps this needs a better explanation?
-    deny(request)
+    deny(request, args, kwargs)
 
   properties = {
       'link_id': user_id,
@@ -355,7 +356,7 @@
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
 
-def checkIsClubAppAccepted(request):
+def checkIsClubAppAccepted(request, args, kwargs):
   """Returns an alternate HTTP response if Google Account has no Club App
      entity for the specified Club.
 
@@ -373,12 +374,12 @@
 
   try:
     # if the current user is a developer we allow access
-    checkIsDeveloper(request)
+    checkIsDeveloper(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   user = user_logic.logic.getForCurrentAccount()
 
@@ -395,10 +396,10 @@
     return
 
   # TODO(srabbelier) Make this give a proper error message
-  deny(request)
+  deny(request, args, kwargs)
 
 
-def checkIsMyNotification(request):
+def checkIsMyNotification(request, args, kwargs):
   """Returns an alternate HTTP response if this request is for a Notification belonging
      to the current user.
 
@@ -414,18 +415,18 @@
   
   try:
     # if the current user is a developer we allow access
-    checkIsDeveloper(request)
+    checkIsDeveloper(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   # Mine the url for params
   try:
     callback, args, kwargs = urlresolvers.resolve(request.path)
   except Exception:
-    deny(request)
+    deny(request, args, kwargs)
 
   properties = dicts.filter(kwargs, ['link_id', 'scope_path'])
 
@@ -439,9 +440,10 @@
     return None
 
   # TODO(ljvderijk) Make this give a proper error message
-  deny(request)
+  deny(request, args, kwargs)
 
-def checkIsMyApplication(request):
+
+def checkIsMyApplication(request, args, kwargs):
   """Returns an alternate HTTP response if this request is for a Application belonging
      to the current user.
 
@@ -457,18 +459,18 @@
   
   try:
     # if the current user is a developer we allow access
-    checkIsDeveloper(request)
+    checkIsDeveloper(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
 
-  checkIsUser(request)
+  checkIsUser(request, args, kwargs)
 
   # Mine the url for params
   try:
     callback, args, kwargs = urlresolvers.resolve(request.path)
   except Exception:
-    deny(request)
+    deny(request, args, kwargs)
 
   properties = dicts.filter(kwargs, ['link_id'])
 
@@ -482,10 +484,10 @@
     return None
 
   # TODO(srabbelier) Make this give a proper error message
-  deny(request)
+  deny(request, args, kwargs)
 
 
-def checkCanInvite(request):
+def checkCanInvite(request, args, kwargs):
   """Checks to see if the current user can create an invite.
 
   Note that if the current url is not in the default 'request' form
@@ -497,7 +499,7 @@
 
   try:
     # if the current user is a developer we allow access
-    checkIsDeveloper(request)
+    checkIsDeveloper(request, args, kwargs)
     return
   except out_of_band.Error:
     pass
@@ -506,7 +508,7 @@
   try:
     callback, args, kwargs = urlresolvers.resolve(request.path)
   except Exception:
-    deny(request)
+    deny(request, args, kwargs)
 
   # Construct a new url by reshufling the kwargs
   order = ['role', 'access_type', 'scope_path', 'link_id']
@@ -517,16 +519,17 @@
   try:
     callback, args, kwargs = urlresolvers.resolve(url)
   except Exception:
-    deny(request)
+    deny(request, args, kwargs)
 
   # Get the everything we need for the access check
   params = callback.im_self.getParams()
   access_type = kwargs['access_type']
 
   # Perform the access check
-  helper.access.checkAccess(access_type, request, rights=params['rights'])
+  checkAccess(access_type, request, rights=params['rights'])
 
-def checkIsDocumentPublic(request):
+
+def checkIsDocumentPublic(request, args, kwargs):
   """Checks whether a document is public.
 
   Args:
@@ -535,4 +538,4 @@
 
   # TODO(srabbelier): A proper check needs to be done to see if the document
   # is public or not, probably involving analysing it's scope or such.
-  allow(request)
+  allow(request, args, kwargs)