Mercurial Mercurial > py_tasks_melange / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
app/soc/views/helper/access.py
changeset 2536 9f1b7aba026f
parent 2534 c880489123fc
child 2538 c82fbf7fbad0 
--- a/app/soc/views/helper/access.py	Sat Jul 04 16:23:00 2009 +0200
+++ b/app/soc/views/helper/access.py	Sat Jul 04 16:44:08 2009 +0200
@@ -147,8 +147,8 @@
 DEF_GROUP_NOT_FOUND_MSG = ugettext(
     'The requested Group can not be found.')
 
-DEF_NO_ACTIVE_STUDENT_PROJECT_MSG = ugettext(
-    'There is no active student project that would allow you to take this survey.')
+DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG = ugettext(
+    'You are not allowed to take this Survey for the specified Student Project')
 
 DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext(
     'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
@@ -161,6 +161,22 @@
     '</ul>')
 
 
+class Error(Exception):
+  """Base class for all exceptions raised by this module.
+  """
+
+  pass
+
+
+class InvalidArgumentError(Error):
+  """Raised when an invalid argument is passed to a method.
+
+  For example, if an argument is None, but must always be non-False.
+  """
+
+  pass
+
+
 def allowSidebar(fun):
   """Decorator that allows access if the sidebar is calling.
   """
@@ -1635,10 +1651,40 @@
         where the key for the project can be located.
     """
 
-    # TODO(ljvderijk) implement this check
-    #raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_STUDENT_PROJECT_MSG)
+    if not role_name in ['mentor', 'student']:
+      raise InvalidArgumentError('role_name is not mentor or student')
+
+    # get the project keyname from the GET dictionary
+    get_dict= django_args['GET']
+    key_name = get_dict.get(project_key_location)
+
+    if not key_name:
+      # no key name present so no need to deny access
+      return
+
+    # retrieve the Student Project for the key
+    entity = student_project_logic.getFromKeyNameOr404(key_name)
 
-    self.allow(django_args)
+    # TODO(ljvderijk) change this to cope with multiple surveys for one project
+    # check if a survey can be conducted about this project
+    if entity.status != 'accepted':
+      raise out_of_band.AccessViolation(
+          message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG)
+
+    # get the correct role depending on the role_name
+    role_entity = getattr(entity, role_name)
+    user_entity = user_logic.getForCurrentAccount()
+
+    # check if the role matches the current user
+    if (not user_entity) or (role_entity.user.key() != user_entity.key()):
+      raise out_of_band.AccessViolation(
+          message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG)
+
+    # check if the role is active
+    if role_entity.status != 'active':
+      raise out_of_band.AccessViolation(message_fmt=DEF_NEED_ROLE_MSG)
+
+    return
 
   @allowSidebar
   @allowDeveloper
py_tasks_melange