Mercurial Mercurial > py_tasks_melange / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
app/soc/views/helper/access.py
changeset 726 ba3d399ec9be
parent 720 9eb2522dfa83
child 727 ddf44af087a0 
--- a/app/soc/views/helper/access.py	Fri Dec 12 00:35:51 2008 +0000
+++ b/app/soc/views/helper/access.py	Fri Dec 12 23:28:18 2008 +0000
@@ -26,6 +26,7 @@
 __authors__ = [
   '"Todd Larsen" <tlarsen@google.com>',
   '"Sverre Rabbelier" <sverre@rabbelier.nl>',
+  '"Lennard de Rijk" <ljvderijk@gmail.com>',
   '"Pawel Solyga" <pawel.solyga@gmail.com>',
   ]
 
@@ -38,6 +39,7 @@
 from soc.logic import accounts
 from soc.logic import dicts
 from soc.logic.models import host as host_logic
+from soc.logic.models import notification as notification_logic
 from soc.logic.models import user as user_logic
 from soc.logic.models import request as request_logic
 from soc.views import helper
@@ -318,6 +320,54 @@
 
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
+def checkIsMyNotification(request):
+  """Returns an alternate HTTP response if this request is for a Notification belonging
+     to the current user.
+
+  Args:
+    request: a Django HTTP request
+
+   Raises:
+     AccessViolationResponse: if the required authorization is not met
+
+  Returns:
+    None if the current User is allowed to access this Notification.
+  """
+  
+  try:
+    # if the current user is a developer we allow access
+    checkIsDeveloper(request)
+    return
+  except out_of_band.Error:
+    pass
+
+  checkIsUser(request)
+  
+  splitpath = request.path.split('/')
+  splitpath = splitpath[1:] # cut off leading ''
+  
+  # get the notification scope (user link_id) from the request path
+  user_link_id = splitpath[2]
+  # get the notification link_id from the request path
+  notification_link_id = splitpath[3]
+  
+  properties = {
+      'link_id': notification_link_id,
+      'scope_path': user_link_id,
+      }
+  
+  notification = notification_logic.logic.getForFields(properties, unique=True)
+  
+  user = user_logic.logic.getForFields(
+      {'account': users.get_current_user()}, unique=True)
+  
+  # check if the key of the current user matches the key from the scope of the message
+  if user.key() == notification.scope.key():
+    # access granted
+    return None
+  else:
+    # access denied
+    deny(request)  
 
 def checkCanInvite(request):
   """Checks to see if the current user can create an invite
@@ -360,7 +410,6 @@
   # Perform the access check
   helper.access.checkAccess(access_type, request, rights=params['rights'])
 
-
 def checkIsDocumentPublic(request):
   """Checks whether a document is public.
py_tasks_melange