# HG changeset patch # User Sverre Rabbelier # Date 1236108475 0 # Node ID 0aa3de1b2acc8312cbbf7b2a289ca73cc95eed10 # Parent b56976cac36b727e7383d8987801995cc25e3f53 Fix access bug due to forgotten normalization Prevent this from happening again by wrapping all occurences of users.get_current_account with accounts.getCurrentAccount, which will always normalize (unless explicitly told not to). Patch by: Sverre Rabbelier diff -r b56976cac36b -r 0aa3de1b2acc app/soc/cache/home.py --- a/app/soc/cache/home.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/cache/home.py Tue Mar 03 19:27:55 2009 +0000 @@ -25,7 +25,8 @@ import logging from google.appengine.api import memcache -from google.appengine.api import users + +from soc.logic import accounts import soc.cache.base @@ -43,7 +44,8 @@ # only cache the page for non-logged-in users # TODO: figure out how to cache everything but the sidebar - if users.get_current_user(): + # also, no need to normalize as we don't use it anyway + if accounts.getCurrentAccount(normalize=False): return (None, None) entity = self._logic.getFromKeyFields(kwargs) @@ -64,7 +66,8 @@ """ # no sense in storing anything if we won't query it later on - if users.get_current_user(): + # also, no need to normalize as we don't use it anyway + if accounts.getCurrentAccount(normalize=False): return # Store sidebar for just ten minutes to force a refresh every so often diff -r b56976cac36b -r 0aa3de1b2acc app/soc/cache/sidebar.py --- a/app/soc/cache/sidebar.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/cache/sidebar.py Tue Mar 03 19:27:55 2009 +0000 @@ -23,10 +23,10 @@ from google.appengine.api import memcache -from google.appengine.api import users import soc.cache.base import soc.cache.rights +import soc.logic.accounts def key(id): @@ -67,7 +67,7 @@ """ if not id: - id = users.get_current_user() + id = soc.logic.accounts.getCurrentAccount() memcache_key = key(id) memcache.delete(memcache_key) diff -r b56976cac36b -r 0aa3de1b2acc app/soc/logic/accounts.py --- a/app/soc/logic/accounts.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/logic/accounts.py Tue Mar 03 19:27:55 2009 +0000 @@ -27,6 +27,14 @@ from google.appengine.api import users +def getCurrentAccount(normalize=True): + """Returns an optionally normalized version of the current account. + """ + + account = users.get_current_user() + return normalizeAccount(account) if (account and normalize) else account + + def normalizeAccount(account): """Returns a normalized version of the specified account. """ @@ -68,7 +76,7 @@ """ # Get the currently logged in user - current = users.get_current_user() + current = getCurrentAccount() if current and (not account): # default to the current user diff -r b56976cac36b -r 0aa3de1b2acc app/soc/logic/mail_dispatcher.py --- a/app/soc/logic/mail_dispatcher.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/logic/mail_dispatcher.py Tue Mar 03 19:27:55 2009 +0000 @@ -67,7 +67,6 @@ from django.template import loader from google.appengine.api import mail -from google.appengine.api import users from soc.logic import dicts @@ -147,7 +146,7 @@ return (site_entity.site_name, site_entity.noreply_email) # use the email address of the current logged in user - account = users.get_current_user() + account = accounts.getCurrentAccount(normalize=False) # we need to retrieve account seperately, as user_logic normalizes it # and the GAE admin API is case sensitive diff -r b56976cac36b -r 0aa3de1b2acc app/soc/logic/models/user.py --- a/app/soc/logic/models/user.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/logic/models/user.py Tue Mar 03 19:27:55 2009 +0000 @@ -68,7 +68,7 @@ entity, None is returned. """ - account = users.get_current_user() + account = accounts.getCurrentAccount() if not account: return None @@ -102,9 +102,11 @@ user: if not specified, defaults to the current user """ + current = accounts.getCurrentAccount() + if not account: # default account to the current logged in account - account = users.get_current_user() + account = current if account and (not user): # default user to the current logged in user @@ -113,7 +115,7 @@ if user and user.is_developer: return True - if account and (account == users.get_current_user()): + if account and (account == current): return users.is_current_user_admin() def agreesToSiteToS(self, entity): diff -r b56976cac36b -r 0aa3de1b2acc app/soc/views/helper/responses.py --- a/app/soc/views/helper/responses.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/views/helper/responses.py Tue Mar 03 19:27:55 2009 +0000 @@ -107,7 +107,7 @@ } """ - account = users.get_current_user() + account = accounts.getCurrentAccount() user = None is_admin = False diff -r b56976cac36b -r 0aa3de1b2acc app/soc/views/models/organization.py --- a/app/soc/views/models/organization.py Tue Mar 03 03:37:16 2009 +0000 +++ b/app/soc/views/models/organization.py Tue Mar 03 19:27:55 2009 +0000 @@ -204,7 +204,7 @@ """See base.View.list. """ - account = users.get_current_user() + account = accounts.getCurrentAccount() user = user_logic.logic.getForAccount(account) if account else None try: