diff -r 4d143278f9a0 -r 16ba61efc108 app/soc/views/helper/access.py
--- a/app/soc/views/helper/access.py	Wed Aug 05 12:38:50 2009 +0200
+++ b/app/soc/views/helper/access.py	Wed Aug 05 16:52:08 2009 +0200
@@ -1669,8 +1669,11 @@
                                           role_name, project_key_location):
     """Checks whether a ProjectSurvey can be taken by the current User.
 
-    role_name argument determines wether the current user should be the
-    student or mentor specified by the project in GET dict.
+    role_name argument determines wether the current user is taking the survey
+    as a student or mentor specified by the project in GET dict.
+
+    If the survey is taken as a mentor, org admins for the Organization in
+    which the project resides will also have access.
 
     However if the project entry is not present in the dictionary this access
     check passes.
@@ -1686,6 +1689,10 @@
     if not role_name in ['mentor', 'student']:
       raise InvalidArgumentError('role_name is not mentor or student')
 
+    # check if the current user is signed up
+    self.checkIsUser(django_args)
+    user_entity = self.user
+
     # get the project keyname from the GET dictionary
     get_dict= django_args['GET']
     key_name = get_dict.get(project_key_location)
@@ -1695,25 +1702,36 @@
       return
 
     # retrieve the Student Project for the key
-    entity = student_project_logic.getFromKeyNameOr404(key_name)
+    project_entity = student_project_logic.getFromKeyNameOr404(key_name)
 
-    # TODO(ljvderijk) change this to cope with multiple surveys for one project
     # check if a survey can be conducted about this project
-    if entity.status != 'accepted':
+    if project_entity.status != 'accepted':
       raise out_of_band.AccessViolation(
           message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG)
 
     # get the correct role depending on the role_name
-    role_entity = getattr(entity, role_name)
-    user_entity = user_logic.getForCurrentAccount()
+    if role_name == 'student':
+      role_entity = project_entity.student
+    elif role_name == 'mentor':
+      role_entity = project_entity.mentor
 
     # check if the role matches the current user
-    if (not user_entity) or (role_entity.user.key() != user_entity.key()):
-      raise out_of_band.AccessViolation(
-          message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG)
-
-    # check if the role is active
-    if role_entity.status != 'active':
+    if role_entity.user.key() != user_entity.key():
+      if role_name == 'student':
+        raise out_of_band.AccessViolation(
+            message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG)
+      elif role_name == 'mentor':
+        # check if the current user is an Org Admin for this Student Project
+        fields = {'user': user_entity,
+                  'scope': project_entity.scope,
+                  'status': 'active'}
+        admin_entity = org_admin_logic.getForFields(fields, unique=True)
+        if not admin_entity:
+          # this user is no Org Admin or Mentor for this project
+          raise out_of_band.AccessViolation(
+              message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG)
+    elif role_entity.status != 'active':
+      # this role is not active
       raise out_of_band.AccessViolation(message_fmt=DEF_NEED_ROLE_MSG)
 
     return