--- a/app/soc/views/helper/access.py Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/helper/access.py Fri Jan 23 23:42:07 2009 +0000
@@ -245,8 +245,8 @@
raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
def checkCanCreateFromRequest(role_name):
- """Raises an alternate HTTP response if the specified invite does not exist
- or if it has not been group_accepted.
+ """Raises an alternate HTTP response if the specified request does not exist
+ or if it's state is not group_accepted.
"""
def wrapper(request, args, kwargs):
checkAgreesToSiteToS(request, args, kwargs)
@@ -262,15 +262,16 @@
request_entity = request_logic.getFromFieldsOr404(**fields)
- if not request_entity.group_accepted:
+ if request_entity.state != 'group_accepted':
# TODO tell the user that this request has not been accepted yet
deny(request, args, kwargs)
return
return wrapper
-def checkIsMyUncompletedRequest(request, args, kwargs):
- """Raises an alternate HTTP response if the specified Request has been completed.
+def checkIsMyGroupAcceptedRequest(request, args, kwargs):
+ """Raises an alternate HTTP response if the specified request does not exist
+ or if it's state is not group_accepted
"""
checkAgreesToSiteToS(request, args, kwargs)
@@ -282,8 +283,7 @@
fields = {'link_id' : kwargs['link_id'],
'scope_path' : kwargs['scope_path'],
- 'role' : kwargs['role'],
- 'completed' : False}
+ 'role' : kwargs['role']}
request_entity = request_logic.getForFields(fields, unique=True)
@@ -291,6 +291,9 @@
# TODO return 404
return deny(request, args, kwargs)
+ if request_entity.state != 'group_accepted':
+ return deny(request, args, kwargs)
+
return
def checkIsHost(request, args, kwargs):
@@ -306,6 +309,14 @@
* if no User exists for the logged-in Google Account, or
* if the user is not even logged in
"""
+
+ try:
+ # if the current user is invited to create a host profile we allow access
+ checkIsDeveloper(request, args, kwargs)
+ return
+ except out_of_band.Error:
+ pass
+
checkAgreesToSiteToS(request, args, kwargs)
user = user_logic.getForFields({'account': users.get_current_user()},