diff -r 30ada09bdc6f -r fe906cdbf0e9 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Thu Feb 26 16:56:37 2009 +0000 +++ b/app/soc/views/helper/access.py Thu Feb 26 16:57:13 2009 +0000 @@ -537,6 +537,19 @@ raise out_of_band.LoginRequest(message_fmt=login_msg_fmt) @allowDeveloper + def checkIsHost(self, django_args=None): + """Checks whether the current user has a role entity. + + Args: + django_args: the keyword args from django, not used + """ + + if not django_args: + django_args = {} + + return self.checkHasActiveRole(django_args, host_logic) + + @allowDeveloper def checkIsUserSelf(self, django_args, field_name): """Checks whether the specified user is the logged in user. @@ -566,16 +579,16 @@ * if a User has this Gooogle Account in their formerAccounts list """ - self.checkIsLoggedIn(django_args) + self.checkIsLoggedIn() - user_entity = user_logic.getForFields({'account':self.id}, unique=True) - - if not user_entity and not user_logic.isFormerAccount(self.id): + if not self.user and not user_logic.isFormerAccount(self.id): # this account has not been used yet return message_fmt = DEF_USER_ACCOUNT_INVALID_MSG_FMT % { - 'email' : self.id.email()} + 'email' : self.id.email() + } + raise out_of_band.LoginRequest(message_fmt=message_fmt) def checkHasUserEntity(self, django_args=None): @@ -610,29 +623,27 @@ * if no Google Account is logged in at all """ - self.checkIsUser(django_args) + self.checkIsUser() - if accounts.isDeveloper(account=self.id, user=self.user): + if user_logic.isDeveloper(account=self.id, user=self.user): return login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { - 'role': 'a Site Developer '} + 'role': 'a Site Developer ', + } raise out_of_band.LoginRequest(message_fmt=login_message_fmt) @allowDeveloper @denySidebar - def checkIsActive(self, django_args, logic, - field_name='scope_path', filter_field='link_id'): + def _checkIsActive(self, django_args, logic, fields): """Raises an alternate HTTP response if the entity is not active. Args: django_args: a dictionary with django's arguments logic: the logic that should be used to look up the entity - field_name: the name of the field that should be copied verbatim - If a format string is specified it will be formatted with - the specified django_args. - filter_field: the name of the field to which scope_path should be set + fields: the name of the fields that should be copied verbatim + from the django_args as filter Raises: AccessViolationResponse: @@ -640,22 +651,10 @@ * if the entity status is not active """ - self.checkIsUser(django_args) - - fields = { - filter_field: django_args[filter_field], - 'status': 'active', - } + self.checkIsUser() - if field_name: - # convert to a format string if desired - if field_name.find('%') == -1: - field_name = ''.join(['%(', field_name, ')s']) - - try: - fields['scope_path'] = field_name % django_args - except KeyError, e: - self.deny(django_args) + fields = dicts.filter(django_args, fields) + fields['status'] = 'active' entity = logic.getForFields(fields, unique=True) @@ -664,13 +663,67 @@ raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_ENTITY_MSG) - def checkHasActiveRoleForScope(self, django_args, logic, - field_name='scope_path'): + def checkGroupIsActiveForScopeAndLinkId(self, django_args, logic): + """Checks that the specified group is active. + + Only group where both the link_id and the scope_path match the value + of the link_id and the scope_path from the django_args are considered. + """ + + fields = ['scope_path', 'link_id'] + self._checkIsActive(django_args, logic, fields) + + def checkGroupIsActiveForLinkId(self, django_args, logic): + """Checks that the specified group is active. + + Only group where the link_id matches the value of the link_id + from the django_args are considered. + """ + + self._checkIsActive(django_args, logic, ['link_id']) + + def checkHasActiveRole(self, django_args, logic): """Checks that the user has the specified active role. """ django_args['user'] = self.user - self.checkIsActive(django_args, logic, field_name, 'user') + self._checkIsActive(django_args, logic, ['user']) + + def _checkHasActiveRoleFor(self, django_args, logic, field_name): + """Checks that the user has the specified active role. + + Only roles where the field as specified by field_name matches the + scope_path from the django_args are considered. + """ + + fields = ['scope_path', 'user'] + django_args['user'] = self.user + self._checkIsActive(django_args, logic, fields) + + def checkHasActiveRoleForKeyFieldsAsScope(self, django_args, logic): + """ + """ + + key_fields = "%(scope_path)s/%(link_id)s" % django_args + new_args = {'scope_path': key_fields} + self._checkHasActiveRoleFor(new_args, logic, 'scope_path') + + def checkHasActiveRoleForScope(self, django_args, logic): + """Checks that the user has the specified active role. + + Only roles where the scope_path matches the scope_path from the + django_args are considered. + """ + + self._checkHasActiveRoleFor(django_args, logic, 'scope_path') + + def checkHasActiveRoleForLinkId(self, django_args, logic): + """Checks that the user has the specified active role. + + Only roles where the link_id matches the link_id from the + django_args are considered. + """ + self._checkHasActiveRoleFor(django_args, logic, 'link_id') def checkHasDocumentAccess(self, django_args, logic, target_scope): """Checks that the user has access to the specified document scope.