--- a/app/soc/views/helper/access.py Thu Feb 26 16:56:37 2009 +0000
+++ b/app/soc/views/helper/access.py Thu Feb 26 16:57:13 2009 +0000
@@ -537,6 +537,19 @@
raise out_of_band.LoginRequest(message_fmt=login_msg_fmt)
@allowDeveloper
+ def checkIsHost(self, django_args=None):
+ """Checks whether the current user has a role entity.
+
+ Args:
+ django_args: the keyword args from django, not used
+ """
+
+ if not django_args:
+ django_args = {}
+
+ return self.checkHasActiveRole(django_args, host_logic)
+
+ @allowDeveloper
def checkIsUserSelf(self, django_args, field_name):
"""Checks whether the specified user is the logged in user.
@@ -566,16 +579,16 @@
* if a User has this Gooogle Account in their formerAccounts list
"""
- self.checkIsLoggedIn(django_args)
+ self.checkIsLoggedIn()
- user_entity = user_logic.getForFields({'account':self.id}, unique=True)
-
- if not user_entity and not user_logic.isFormerAccount(self.id):
+ if not self.user and not user_logic.isFormerAccount(self.id):
# this account has not been used yet
return
message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
- 'email' : self.id.email()}
+ 'email' : self.id.email()
+ }
+
raise out_of_band.LoginRequest(message_fmt=message_fmt)
def checkHasUserEntity(self, django_args=None):
@@ -610,29 +623,27 @@
* if no Google Account is logged in at all
"""
- self.checkIsUser(django_args)
+ self.checkIsUser()
- if accounts.isDeveloper(account=self.id, user=self.user):
+ if user_logic.isDeveloper(account=self.id, user=self.user):
return
login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % {
- 'role': 'a Site Developer '}
+ 'role': 'a Site Developer ',
+ }
raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
@allowDeveloper
@denySidebar
- def checkIsActive(self, django_args, logic,
- field_name='scope_path', filter_field='link_id'):
+ def _checkIsActive(self, django_args, logic, fields):
"""Raises an alternate HTTP response if the entity is not active.
Args:
django_args: a dictionary with django's arguments
logic: the logic that should be used to look up the entity
- field_name: the name of the field that should be copied verbatim
- If a format string is specified it will be formatted with
- the specified django_args.
- filter_field: the name of the field to which scope_path should be set
+ fields: the name of the fields that should be copied verbatim
+ from the django_args as filter
Raises:
AccessViolationResponse:
@@ -640,22 +651,10 @@
* if the entity status is not active
"""
- self.checkIsUser(django_args)
-
- fields = {
- filter_field: django_args[filter_field],
- 'status': 'active',
- }
+ self.checkIsUser()
- if field_name:
- # convert to a format string if desired
- if field_name.find('%') == -1:
- field_name = ''.join(['%(', field_name, ')s'])
-
- try:
- fields['scope_path'] = field_name % django_args
- except KeyError, e:
- self.deny(django_args)
+ fields = dicts.filter(django_args, fields)
+ fields['status'] = 'active'
entity = logic.getForFields(fields, unique=True)
@@ -664,13 +663,67 @@
raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG)
- def checkHasActiveRoleForScope(self, django_args, logic,
- field_name='scope_path'):
+ def checkGroupIsActiveForScopeAndLinkId(self, django_args, logic):
+ """Checks that the specified group is active.
+
+ Only group where both the link_id and the scope_path match the value
+ of the link_id and the scope_path from the django_args are considered.
+ """
+
+ fields = ['scope_path', 'link_id']
+ self._checkIsActive(django_args, logic, fields)
+
+ def checkGroupIsActiveForLinkId(self, django_args, logic):
+ """Checks that the specified group is active.
+
+ Only group where the link_id matches the value of the link_id
+ from the django_args are considered.
+ """
+
+ self._checkIsActive(django_args, logic, ['link_id'])
+
+ def checkHasActiveRole(self, django_args, logic):
"""Checks that the user has the specified active role.
"""
django_args['user'] = self.user
- self.checkIsActive(django_args, logic, field_name, 'user')
+ self._checkIsActive(django_args, logic, ['user'])
+
+ def _checkHasActiveRoleFor(self, django_args, logic, field_name):
+ """Checks that the user has the specified active role.
+
+ Only roles where the field as specified by field_name matches the
+ scope_path from the django_args are considered.
+ """
+
+ fields = ['scope_path', 'user']
+ django_args['user'] = self.user
+ self._checkIsActive(django_args, logic, fields)
+
+ def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic):
+ """
+ """
+
+ key_fields = "%(scope_path)s/%(link_id)s" % django_args
+ new_args = {'scope_path': key_fields}
+ self._checkHasActiveRoleFor(new_args, logic, 'scope_path')
+
+ def checkHasActiveRoleForScope(self, django_args, logic):
+ """Checks that the user has the specified active role.
+
+ Only roles where the scope_path matches the scope_path from the
+ django_args are considered.
+ """
+
+ self._checkHasActiveRoleFor(django_args, logic, 'scope_path')
+
+ def checkHasActiveRoleForLinkId(self, django_args, logic):
+ """Checks that the user has the specified active role.
+
+ Only roles where the link_id matches the link_id from the
+ django_args are considered.
+ """
+ self._checkHasActiveRoleFor(django_args, logic, 'link_id')
def checkHasDocumentAccess(self, django_args, logic, target_scope):
"""Checks that the user has access to the specified document scope.