diff -r 0ec74865eb5e -r 70e0b6d8ff73 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Wed Jan 21 15:35:10 2009 +0000 +++ b/app/soc/views/helper/access.py Wed Jan 21 16:11:47 2009 +0000 @@ -63,7 +63,7 @@ 'Please sign out in order to view this page') -def checkAccess(access_type, request, rights): +def checkAccess(access_type, request, rights, args=None, kwargs=None): """Runs all the defined checks for the specified type. Args: @@ -89,19 +89,19 @@ # Call each access checker for check in rights['any_access']: - check(request) + check(request, args, kwargs) if access_type not in rights: for check in rights['unspecified']: # No checks defined, so do the 'generic' checks and bail out - check(request) + check(request, args, kwargs) return for check in rights[access_type]: - check(request) + check(request, args, kwargs) -def allow(request): +def allow(request, args, kwargs): """Never returns an alternate HTTP response. Args: @@ -110,7 +110,8 @@ return -def deny(request): + +def deny(request, args, kwargs): """Returns an alternate HTTP response. Args: @@ -127,7 +128,7 @@ raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context) -def checkIsLoggedIn(request): +def checkIsLoggedIn(request, args, kwargs): """Returns an alternate HTTP response if Google Account is not logged in. Args: @@ -148,7 +149,7 @@ raise out_of_band.LoginRequest() -def checkNotLoggedIn(request): +def checkNotLoggedIn(request, args, kwargs): """Returns an alternate HTTP response if Google Account is not logged in. Args: @@ -169,7 +170,7 @@ raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT) -def checkIsUser(request): +def checkIsUser(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no User entity. Args: @@ -184,7 +185,7 @@ should be returned by the calling view. """ - checkIsLoggedIn(request) + checkIsLoggedIn(request, args, kwargs) user = user_logic.logic.getForFields( {'account': users.get_current_user()}, unique=True) @@ -195,7 +196,7 @@ raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG_FMT) -def checkIsDeveloper(request): +def checkIsDeveloper(request, args, kwargs): """Returns an alternate HTTP response if Google Account is not a Developer. Args: @@ -210,7 +211,7 @@ response should be returned by the calling view. """ - checkIsUser(request) + checkIsUser(request, args, kwargs) if accounts.isDeveloper(account=users.get_current_user()): return @@ -221,7 +222,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsHost(request): +def checkIsHost(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. @@ -239,12 +240,12 @@ try: # if the current user is invited to create a host profile we allow access - checkIsInvited(request) + checkIsInvited(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) user = user_logic.logic.getForFields( {'account': users.get_current_user()}, unique=True) @@ -261,7 +262,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsClubAdminForClub(request): +def checkIsClubAdminForClub(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Club Admin entity for the specified club. @@ -279,12 +280,12 @@ try: # if the current user is invited to create a host profile we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) # TODO(srabbelier) implement this @@ -294,7 +295,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsInvited(request): +def checkIsInvited(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. @@ -312,12 +313,12 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { 'role': 'a Program Administrator for this Program'} @@ -327,7 +328,7 @@ if len(splitpath) < 4: # TODO: perhaps this needs a better explanation? - deny(request) + deny(request, args, kwargs) role = splitpath[0] group_id = splitpath[2] @@ -338,7 +339,7 @@ if user_id != user.link_id: # TODO: perhaps this needs a better explanation? - deny(request) + deny(request, args, kwargs) properties = { 'link_id': user_id, @@ -355,7 +356,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsClubAppAccepted(request): +def checkIsClubAppAccepted(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Club App entity for the specified Club. @@ -373,12 +374,12 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) user = user_logic.logic.getForCurrentAccount() @@ -395,10 +396,10 @@ return # TODO(srabbelier) Make this give a proper error message - deny(request) + deny(request, args, kwargs) -def checkIsMyNotification(request): +def checkIsMyNotification(request, args, kwargs): """Returns an alternate HTTP response if this request is for a Notification belonging to the current user. @@ -414,18 +415,18 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) # Mine the url for params try: callback, args, kwargs = urlresolvers.resolve(request.path) except Exception: - deny(request) + deny(request, args, kwargs) properties = dicts.filter(kwargs, ['link_id', 'scope_path']) @@ -439,9 +440,10 @@ return None # TODO(ljvderijk) Make this give a proper error message - deny(request) + deny(request, args, kwargs) -def checkIsMyApplication(request): + +def checkIsMyApplication(request, args, kwargs): """Returns an alternate HTTP response if this request is for a Application belonging to the current user. @@ -457,18 +459,18 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) # Mine the url for params try: callback, args, kwargs = urlresolvers.resolve(request.path) except Exception: - deny(request) + deny(request, args, kwargs) properties = dicts.filter(kwargs, ['link_id']) @@ -482,10 +484,10 @@ return None # TODO(srabbelier) Make this give a proper error message - deny(request) + deny(request, args, kwargs) -def checkCanInvite(request): +def checkCanInvite(request, args, kwargs): """Checks to see if the current user can create an invite. Note that if the current url is not in the default 'request' form @@ -497,7 +499,7 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass @@ -506,7 +508,7 @@ try: callback, args, kwargs = urlresolvers.resolve(request.path) except Exception: - deny(request) + deny(request, args, kwargs) # Construct a new url by reshufling the kwargs order = ['role', 'access_type', 'scope_path', 'link_id'] @@ -517,16 +519,17 @@ try: callback, args, kwargs = urlresolvers.resolve(url) except Exception: - deny(request) + deny(request, args, kwargs) # Get the everything we need for the access check params = callback.im_self.getParams() access_type = kwargs['access_type'] # Perform the access check - helper.access.checkAccess(access_type, request, rights=params['rights']) + checkAccess(access_type, request, rights=params['rights']) -def checkIsDocumentPublic(request): + +def checkIsDocumentPublic(request, args, kwargs): """Checks whether a document is public. Args: @@ -535,4 +538,4 @@ # TODO(srabbelier): A proper check needs to be done to see if the document # is public or not, probably involving analysing it's scope or such. - allow(request) + allow(request, args, kwargs)