# HG changeset patch # User Sverre Rabbelier # Date 1234629800 0 # Node ID 3f41f33a4ad2f6160228dcd4f4b5ccd4d1d42154 # Parent fad74cf4e5da1bc80bb77c84d6ea9526f9d2a6f2 Add custom access check for document listing Patch by: Sverre Rabbelier diff -r fad74cf4e5da -r 3f41f33a4ad2 app/soc/logic/rights.py --- a/app/soc/logic/rights.py Sat Feb 14 15:57:53 2009 +0000 +++ b/app/soc/logic/rights.py Sat Feb 14 16:43:20 2009 +0000 @@ -32,36 +32,42 @@ 'admin': [], 'restricted': ['host'], 'member': ['user'], + 'list': [], } CLUB_MEMBERSHIP = { 'admin': ['host', 'club_admin'], 'restricted': ['host', 'club_admin'], 'member': ['host', 'club_admin', 'club_member'], + 'list': ['host', 'club_admin', 'club_member'], } SPONSOR_MEMBERSHIP = { 'admin': ['host'], 'restricted': ['host'], 'member': ['host'], + 'list': ['host'], } PROGRAM_MEMBERSHIP = { 'admin': ['host'], 'restricted': ['host', 'org_admin'], 'member': ['host', 'org_admin', 'org_mentor', 'org_student'], + 'list': ['host', 'org_admin', 'org_mentor'], } ORGANIZATION_MEMBERSHIP = { 'admin': ['host', 'org_admin'], 'restricted': ['host', 'org_admin', 'org_mentor'], 'member': ['host', 'org_admin', 'org_mentor', 'org_student'], + 'list': ['host', 'org_admin', 'org_mentor'], } USER_MEMBERSHIP = { 'admin': ['user_self'], 'restricted': ['user_self'], # ,'friends' 'member': ['user'], + 'list': ['user_self'], } RIGHTS = { @@ -96,4 +102,10 @@ """Returns all memberships for the configured prefix. """ - return dicts.merge(self.rights, {'user': ['user'], 'public': ['anyone']}) + extra_rights = { + 'user': ['user'], + 'public': ['anyone'], + 'list': [], + } + + return dicts.merge(extra_rights, self.rights) diff -r fad74cf4e5da -r 3f41f33a4ad2 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Sat Feb 14 15:57:53 2009 +0000 +++ b/app/soc/views/helper/access.py Sat Feb 14 16:43:20 2009 +0000 @@ -111,6 +111,9 @@ DEF_SCOPE_INACTIVE_MSG = ugettext( 'The scope for this request is not active.') +DEF_NO_LIST_ACCESS_MSG = ugettext( + 'You do not have the required rights to list documents for this scope and prefix.') + DEF_PAGE_DENIED_MSG = ugettext( 'Access to this page has been restricted') @@ -949,6 +952,22 @@ document.write_access, django_args) @allowDeveloper + def checkDocumentList(self, django_args): + """Checks whether the user is allowed to list documents. + """ + + filter = django_args['filter'] + + prefix = filter['prefix'] + scope_path = filter['scope_path'] + + checker = rights_logic.Checker(prefix) + roles = checker.getMembership('list') + + if not self.hasMembership(roles, filter): + raise out_of_band.AccessViolation(message_fmt=DEF_NO_LIST_ACCESS_MSG) + + @allowDeveloper def checkDocumentPick(self, django_args): """Checks whether the user has access to the specified pick url. diff -r fad74cf4e5da -r 3f41f33a4ad2 app/soc/views/models/document.py --- a/app/soc/views/models/document.py Sat Feb 14 15:57:53 2009 +0000 +++ b/app/soc/views/models/document.py Sat Feb 14 16:43:20 2009 +0000 @@ -65,6 +65,7 @@ rights['create'] = ['checkIsUser'] rights['edit'] = ['checkIsDocumentWritable'] rights['delete'] = ['checkIsDocumentWritable'] + rights['list'] = ['checkDocumentList'] rights['pick'] = ['checkDocumentPick'] new_params = {}