diff -r d987dc40ea5d -r 9f1b7aba026f app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Sat Jul 04 16:23:00 2009 +0200 +++ b/app/soc/views/helper/access.py Sat Jul 04 16:44:08 2009 +0200 @@ -147,8 +147,8 @@ DEF_GROUP_NOT_FOUND_MSG = ugettext( 'The requested Group can not be found.') -DEF_NO_ACTIVE_STUDENT_PROJECT_MSG = ugettext( - 'There is no active student project that would allow you to take this survey.') +DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG = ugettext( + 'You are not allowed to take this Survey for the specified Student Project') DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext( 'The %(email)s account cannot be used with this site, for' @@ -161,6 +161,22 @@ '') +class Error(Exception): + """Base class for all exceptions raised by this module. + """ + + pass + + +class InvalidArgumentError(Error): + """Raised when an invalid argument is passed to a method. + + For example, if an argument is None, but must always be non-False. + """ + + pass + + def allowSidebar(fun): """Decorator that allows access if the sidebar is calling. """ @@ -1635,10 +1651,40 @@ where the key for the project can be located. """ - # TODO(ljvderijk) implement this check - #raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_STUDENT_PROJECT_MSG) + if not role_name in ['mentor', 'student']: + raise InvalidArgumentError('role_name is not mentor or student') + + # get the project keyname from the GET dictionary + get_dict= django_args['GET'] + key_name = get_dict.get(project_key_location) + + if not key_name: + # no key name present so no need to deny access + return + + # retrieve the Student Project for the key + entity = student_project_logic.getFromKeyNameOr404(key_name) - self.allow(django_args) + # TODO(ljvderijk) change this to cope with multiple surveys for one project + # check if a survey can be conducted about this project + if entity.status != 'accepted': + raise out_of_band.AccessViolation( + message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG) + + # get the correct role depending on the role_name + role_entity = getattr(entity, role_name) + user_entity = user_logic.getForCurrentAccount() + + # check if the role matches the current user + if (not user_entity) or (role_entity.user.key() != user_entity.key()): + raise out_of_band.AccessViolation( + message_fmt=DEF_NOT_ALLOWED_PROJECT_FOR_SURVEY_MSG) + + # check if the role is active + if role_entity.status != 'active': + raise out_of_band.AccessViolation(message_fmt=DEF_NEED_ROLE_MSG) + + return @allowSidebar @allowDeveloper