# HG changeset patch # User Lennard de Rijk # Date 1233674320 0 # Node ID 38225f2ad3a6e620884f5afcf46567fcb060ccf2 # Parent 8060f33a164f07ecf866b630adfd13a3f6ed250d Renamed checkHasRole to checkHasActiveRole. We need this distinction to later allow another check to grant access upon a role that also might be inactive. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/cache/rights.py --- a/app/soc/cache/rights.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/cache/rights.py Tue Feb 03 15:18:40 2009 +0000 @@ -31,7 +31,7 @@ 'checkCanMakeRequestToGroup', 'checkCanProcessRequest', 'checkHasPickGetArgs', - 'checkHasRole', + 'checkHasActiveRole', 'checkHasUserEntity', 'checkIsActive', 'checkIsAllowedToManageRole', diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/helper/access.py Tue Feb 03 15:18:40 2009 +0000 @@ -184,12 +184,12 @@ MEMBERSHIP = { 'anyone': 'allow', - 'club_admin': ('checkHasRole', club_admin_logic), - 'club_member': ('checkHasRole', club_member_logic), - 'host': ('checkHasRole', host_logic), - 'org_admin': ('checkHasRole', org_admin_logic), - 'org_mentor': ('checkHasRole', mentor_logic), - 'org_student': 'deny', #('checkHasRole', student_logic), + 'club_admin': ('checkHasActiveRole', club_admin_logic), + 'club_member': ('checkHasActiveRole', club_member_logic), + 'host': ('checkHasActiveRole', host_logic), + 'org_admin': ('checkHasActiveRole', org_admin_logic), + 'org_mentor': ('checkHasActiveRole', mentor_logic), + 'org_student': 'deny', #('checkHasActiveRole', student_logic), 'user': 'checkIsUser', 'user_self': ('checkIsUserSelf', 'scope_path'), } @@ -570,8 +570,8 @@ raise out_of_band.AccessViolation(message_fmt=DEF_NO_ACTIVE_GROUP_MSG) - def checkHasRole(self, django_args, logic, field_name=None): - """Checks that the user has the specified role. + def checkHasActiveRole(self, django_args, logic, field_name=None): + """Checks that the user has the specified active role. """ if not field_name: @@ -674,7 +674,7 @@ self.deny(django_args) new_args = {'scope_path': program.scope_path } - self.checkHasRole(new_args, host_logic) + self.checkHasActiveRole(new_args, host_logic) @allowDeveloper @@ -808,7 +808,7 @@ try: # check if it is my role the user's own role - self.checkHasRole(django_args, role_logic) + self.checkHasActiveRole(django_args, role_logic) except out_of_band.Error: pass diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/club.py --- a/app/soc/views/models/club.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/club.py Tue Feb 03 15:18:40 2009 +0000 @@ -58,15 +58,15 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasRole', [club_admin_logic.logic, 'link_id']), + rights['edit'] = [('checkHasActiveRole', [club_admin_logic.logic, 'link_id']), ('checkIsActive', [club_logic.logic, None])] rights['delete'] = ['checkIsDeveloper'] rights['home'] = ['allow'] rights['list'] = ['checkIsDeveloper'] rights['apply_member'] = ['checkIsUser', ('checkIsActive', club_logic.logic)] - rights['list_requests'] = [('checkHasRole', [club_admin_logic.logic, 'link_id'])] - rights['list_roles'] = [('checkHasRole', [club_admin_logic.logic, 'link_id'])] + rights['list_requests'] = [('checkHasActiveRole', [club_admin_logic.logic, 'link_id'])] + rights['list_roles'] = [('checkHasActiveRole', [club_admin_logic.logic, 'link_id'])] rights['applicant'] = [('checkIsApplicationAccepted', club_app_logic.logic)] diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/club_admin.py --- a/app/soc/views/models/club_admin.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/club_admin.py Tue Feb 03 15:18:40 2009 +0000 @@ -51,11 +51,11 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasRole', club_admin_logic.logic)] + rights['edit'] = [('checkHasActiveRole', club_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] - rights['invite'] = [('checkHasRole', club_admin_logic.logic)] + rights['invite'] = [('checkHasActiveRole', club_admin_logic.logic)] rights['accept_invite'] = [('checkCanCreateFromRequest', 'club_admin')] - rights['process_request'] = [('checkHasRole', club_admin_logic.logic), + rights['process_request'] = [('checkHasActiveRole', club_admin_logic.logic), ('checkCanProcessRequest', 'club_admin')] rights['manage'] = [('checkIsAllowedToManageRole', [club_admin_logic.logic, diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/club_app.py --- a/app/soc/views/models/club_app.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/club_app.py Tue Feb 03 15:18:40 2009 +0000 @@ -57,7 +57,7 @@ rights['list'] = ['checkIsUser'] rights['public'] = [('checkCanEditGroupApp', [club_app_logic.logic])] - rights['review'] = [('checkHasRole', host_logic.logic), + rights['review'] = [('checkHasActiveRole', host_logic.logic), ('checkCanReviewGroupApp', [club_app_logic.logic])] new_params = {} diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/club_member.py --- a/app/soc/views/models/club_member.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/club_member.py Tue Feb 03 15:18:40 2009 +0000 @@ -51,13 +51,13 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasRole', club_admin_logic.logic)] + rights['edit'] = [('checkHasActiveRole', club_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] - rights['invite'] = [('checkHasRole', club_admin_logic.logic)] + rights['invite'] = [('checkHasActiveRole', club_admin_logic.logic)] rights['accept_invite'] = [('checkCanCreateFromRequest','club_member')] rights['request'] = ['checkIsUser', ('checkCanMakeRequestToGroup', club_logic)] - rights['process_request'] = [('checkHasRole', club_admin_logic.logic), + rights['process_request'] = [('checkHasActiveRole', club_admin_logic.logic), ('checkCanProcessRequest','club_member')] rights['manage'] = [('checkIsAllowedToManageRole', [soc.logic.models.club_member.logic, diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/host.py --- a/app/soc/views/models/host.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/host.py Tue Feb 03 15:18:40 2009 +0000 @@ -56,12 +56,12 @@ """ rights = access.Checker(params) - rights['create'] = [('checkHasRole', host_logic.logic)] - rights['edit'] = [('checkHasRole', host_logic.logic)] - rights['invite'] = [('checkHasRole', host_logic.logic)] + rights['create'] = [('checkHasActiveRole', host_logic.logic)] + rights['edit'] = [('checkHasActiveRole', host_logic.logic)] + rights['invite'] = [('checkHasActiveRole', host_logic.logic)] rights['list'] = ['checkIsDeveloper'] rights['accept_invite'] = [('checkCanCreateFromRequest','host')] - rights['process_request'] = [('checkHasRole', host_logic.logic), + rights['process_request'] = [('checkHasActiveRole', host_logic.logic), ('checkCanProcessRequest','host')] rights['manage'] = [('checkIsAllowedToManageRole', [host_logic.logic, host_logic.logic])] diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/mentor.py --- a/app/soc/views/models/mentor.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/mentor.py Tue Feb 03 15:18:40 2009 +0000 @@ -50,7 +50,7 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasRole', soc.logic.models.mentor.logic)] + rights['edit'] = [('checkHasActiveRole', soc.logic.models.mentor.logic)] rights['delete'] = ['checkIsDeveloper'] # TODO accessCheck checkIsAdministratorForOrg rights['invite'] = ['checkIsDeveloper'] diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/org_admin.py --- a/app/soc/views/models/org_admin.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/org_admin.py Tue Feb 03 15:18:40 2009 +0000 @@ -50,7 +50,7 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasRole', org_admin_logic.logic)] + rights['edit'] = [('checkHasActiveRole', org_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] # TODO accessCheck checkIsAdministratorForOrg rights['invite'] = ['checkIsDeveloper'] diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/program.py --- a/app/soc/views/models/program.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/program.py Tue Feb 03 15:18:40 2009 +0000 @@ -57,7 +57,7 @@ rights = access.Checker(params) rights['any_access'] = ['allow'] rights['show'] = ['allow'] - rights['create'] = [('checkSeeded', ['checkHasRole', host_logic.logic])] + rights['create'] = [('checkSeeded', ['checkHasActiveRole', host_logic.logic])] rights['edit'] = ['checkIsHostForProgram'] rights['delete'] = ['checkIsDeveloper'] diff -r 8060f33a164f -r 38225f2ad3a6 app/soc/views/models/sponsor.py --- a/app/soc/views/models/sponsor.py Tue Feb 03 14:19:51 2009 +0000 +++ b/app/soc/views/models/sponsor.py Tue Feb 03 15:18:40 2009 +0000 @@ -50,13 +50,13 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasRole', [host_logic, 'link_id']), + rights['edit'] = [('checkHasActiveRole', [host_logic, 'link_id']), ('checkIsActive', [sponsor_logic, None, 'link_id'])] rights['delete'] = ['checkIsDeveloper'] - rights['home'] = [('checkHasRole', host_logic)] + rights['home'] = [('checkHasActiveRole', host_logic)] rights['list'] = ['checkIsDeveloper'] - rights['list_requests'] = [('checkHasRole', [host_logic, 'link_id'])] - rights['list_roles'] = [('checkHasRole', [host_logic, 'link_id'])] + rights['list_requests'] = [('checkHasActiveRole', [host_logic, 'link_id'])] + rights['list_roles'] = [('checkHasActiveRole', [host_logic, 'link_id'])] new_params = {} new_params['logic'] = soc.logic.models.sponsor.logic