# HG changeset patch # User Sverre Rabbelier # Date 1232841761 0 # Node ID 43018f61b481f2777d2087ee2970211d0bd71dc0 # Parent 1d852b58b182353f8d2365bdd657406e72e943b8 Remove the request and arg parameter from the checkAccess call They are obsolete with the introduction of kwargs (args was never needed in the first place). Patch by: Sverre Rabbelier diff -r 1d852b58b182 -r 43018f61b481 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Sun Jan 25 00:01:19 2009 +0000 +++ b/app/soc/views/helper/access.py Sun Jan 25 00:02:41 2009 +0000 @@ -70,58 +70,54 @@ 'Please sign out in order to view this page') -def checkAccess(access_type, request, rights, args=None, kwargs=None): +def checkAccess(access_type, rights, kwargs=None): """Runs all the defined checks for the specified type. Args: access_type: the type of request (such as 'list' or 'edit') - request: the Django request object rights: a dictionary containing access check functions + kwargs: a dictionary with django's arguments Rights usage: The rights dictionary is used to check if the current user is allowed to view the page specified. The functions defined in this dictionary - are always called with the django request object as argument. On any - request, regardless of what type, the functions in the 'any_access' value - are called. If the specified type is not in the rights dictionary, all - the functions in the 'unspecified' value are called. When the specified - type _is_ in the rights dictionary, all the functions in that access_type's + are always called with the provided kwargs dictionary as argument. On any + request, regardless of what type, the functions in the 'any_access' value + are called. If the specified type is not in the rights dictionary, all + the functions in the 'unspecified' value are called. When the specified + type _is_ in the rights dictionary, all the functions in that access_type's value are called. - - Returns: - True: If all the required access checks have been made successfully - False: If a check failed, in this case self._response will contain - the response provided by the failed access check. """ # Call each access checker for check in rights['any_access']: - check(request, args, kwargs) + check(kwargs) if access_type not in rights: for check in rights['unspecified']: # No checks defined, so do the 'generic' checks and bail out - check(request, args, kwargs) + check(kwargs) return for check in rights[access_type]: - check(request, args, kwargs) + check(kwargs) -def allow(request, args, kwargs): +def allow(kwargs): """Never raises an alternate HTTP response. (an access no-op, basically). Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments """ + return -def deny(request, args, kwargs): +def deny(kwargs): """Always raises an alternate HTTP response. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: always raises AccessViolationResponse if called @@ -129,63 +125,61 @@ import soc.views.helper.responses - if kwargs.get('SIDEBAR_CALLING', False): - context = {} - else: - context = soc.views.helper.responses.getUniversalContext(request) - + kwargs.get('context', {}) context['title'] = 'Access denied' raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context) -def checkIsLoggedIn(request, args, kwargs): +def checkIsLoggedIn(kwargs): """Raises an alternate HTTP response if Google Account is not logged in. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: * if no Google Account is even logged in """ + if users.get_current_user(): return raise out_of_band.LoginRequest() -def checkNotLoggedIn(request, args, kwargs): +def checkNotLoggedIn(kwargs): """Raises an alternate HTTP response if Google Account is logged in. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: * if a Google Account is currently logged in """ + if not users.get_current_user(): return raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT) -def checkIsUser(request, args, kwargs): +def checkIsUser(kwargs): """Raises an alternate HTTP response if Google Account has no User entity. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: * if no User exists for the logged-in Google Account, or * if no Google Account is logged in at all """ - checkIsLoggedIn(request, args, kwargs) - user = user_logic.getForFields({'account': users.get_current_user()}, - unique=True) + checkIsLoggedIn(kwargs) + + user = user_logic.getForCurrentAccount() if user: return @@ -193,11 +187,11 @@ raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG_FMT) -def checkAgreesToSiteToS(request, args, kwargs): +def checkAgreesToSiteToS(kwargs): """Raises an alternate HTTP response if User has not agreed to site-wide ToS. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: @@ -205,7 +199,8 @@ * if no User exists for the logged-in Google Account, or * if no Google Account is logged in at all """ - checkIsUser(request, args, kwargs) + + checkIsUser(kwargs) user = user_logic.getForCurrentAccount() @@ -220,11 +215,11 @@ raise out_of_band.LoginRequest(message_fmt=login_msg_fmt) -def checkIsDeveloper(request, args, kwargs): +def checkIsDeveloper(kwargs): """Raises an alternate HTTP response if Google Account is not a Developer. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: @@ -233,7 +228,7 @@ * if no Google Account is logged in at all """ - checkAgreesToSiteToS(request, args, kwargs) + checkAgreesToSiteToS(kwargs) if accounts.isDeveloper(account=users.get_current_user()): return @@ -248,13 +243,14 @@ """Raises an alternate HTTP response if the specified request does not exist or if it's state is not group_accepted. """ - def wrapper(request, args, kwargs): - checkAgreesToSiteToS(request, args, kwargs) + + def wrapper(kwargs): + checkAgreesToSiteToS(kwargs) user_entity = user_logic.getForCurrentAccount() if user_entity.link_id != kwargs['link_id']: - deny(request, args, kwargs) + deny(kwargs) fields = {'link_id': kwargs['link_id'], 'scope_path': kwargs['scope_path'], @@ -264,9 +260,10 @@ if request_entity.state != 'group_accepted': # TODO tell the user that this request has not been accepted yet - deny(request, args, kwargs) + deny(kwargs) return + return wrapper @@ -274,7 +271,8 @@ """Raises an alternate HTTP response if the specified request does not exist or if it's state is completed or denied. """ - def wrapper(request, args, kwargs): + + def wrapper(kwargs): fields = {'link_id': kwargs['link_id'], 'scope_path': kwargs['scope_path'], @@ -284,23 +282,25 @@ if request_entity.state in ['completed', 'denied']: # TODO tell the user that this request has been processed - deny(request, args, kwargs) + deny(kwargs) return + return wrapper -def checkIsMyGroupAcceptedRequest(request, args, kwargs): +def checkIsMyGroupAcceptedRequest(kwargs): """Raises an alternate HTTP response if the specified request does not exist or if it's state is not group_accepted. """ - checkAgreesToSiteToS(request, args, kwargs) + + checkAgreesToSiteToS(kwargs) user_entity = user_logic.getForCurrentAccount() if user_entity.link_id != kwargs['link_id']: # not the current user's request - return deny(request, args, kwargs) + return deny(kwargs) fields = {'link_id': kwargs['link_id'], 'scope_path': kwargs['scope_path'], @@ -310,15 +310,15 @@ if not request_entity: # TODO return 404 - return deny(request, args, kwargs) + return deny(kwargs) if request_entity.state != 'group_accepted': - return deny(request, args, kwargs) + return deny(kwargs) return -def checkIsHost(request, args, kwargs): +def checkIsHost(kwargs): """Raises an alternate HTTP response if Google Account has no Host entity. Args: @@ -334,15 +334,14 @@ try: # if the current user is invited to create a host profile we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass - checkAgreesToSiteToS(request, args, kwargs) + checkAgreesToSiteToS(kwargs) - user = user_logic.getForFields({'account': users.get_current_user()}, - unique=True) + user = user_logic.getForCurrentAccount() fields = {'user': user, 'state': 'active'} @@ -358,7 +357,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsHostForProgram(request, args, kwargs): +def checkIsHostForProgram(kwargs): """Raises an alternate HTTP response if Google Account has no Host entity for the specified program. @@ -372,10 +371,10 @@ * if no User exists for the logged-in Google Account, or * if the user is not even logged in """ - checkAgreesToSiteToS(request, args, kwargs) - user = user_logic.getForFields({'account': users.get_current_user()}, - unique=True) + checkAgreesToSiteToS(kwargs) + + user = user_logic.getForCurrentAccount() fields = {'user': user, 'scope_path': kwargs['scope_path'], @@ -392,12 +391,12 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsClubAdminForClub(request, args, kwargs): +def checkIsClubAdminForClub(kwargs): """Returns an alternate HTTP response if Google Account has no Club Admin entity for the specified club. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: if the required authorization is not met @@ -410,12 +409,12 @@ try: # if the current user is invited to create a host profile we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass - checkAgreesToSiteToS(request, args, kwargs) + checkAgreesToSiteToS(kwargs) user = user_logic.getForCurrentAccount() @@ -444,7 +443,7 @@ entity for the specified Club. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: if the required authorization is not met @@ -455,15 +454,15 @@ should be returned by the calling view. """ - def wrapper(request, args, kwargs): + def wrapper(kwargs): try: # if the current user is a developer we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass - checkAgreesToSiteToS(request, args, kwargs) + checkAgreesToSiteToS(kwargs) user = user_logic.getForCurrentAccount() @@ -478,17 +477,17 @@ return # TODO(srabbelier) Make this give a proper error message - deny(request, args, kwargs) + deny(kwargs) return wrapper -def checkIsMyNotification(request, args, kwargs): +def checkIsMyNotification(kwargs): """Returns an alternate HTTP response if this request is for a Notification belonging to the current user. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: if the required authorization is not met @@ -499,18 +498,12 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass - checkAgreesToSiteToS(request, args, kwargs) - - # Mine the url for params - try: - callback, args, kwargs = urlresolvers.resolve(request.path) - except Exception: - deny(request, args, kwargs) + checkAgreesToSiteToS(kwargs) properties = dicts.filter(kwargs, ['link_id', 'scope_path']) @@ -524,7 +517,7 @@ return None # TODO(ljvderijk) Make this give a proper error message - deny(request, args, kwargs) + deny(kwargs) def checkIsMyApplication(app_logic): @@ -541,22 +534,22 @@ None if the current User is allowed to access this Application. """ - def wrapper(request, args, kwargs): + def wrapper(kwargs): try: # if the current user is a developer we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass - checkAgreesToSiteToS(request, args, kwargs) + checkAgreesToSiteToS(kwargs) properties = dicts.filter(kwargs, ['link_id']) application = app_logic.logic.getForFields(properties, unique=True) if not application: - deny(request, args, kwargs) + deny(kwargs) user = user_logic.getForCurrentAccount() @@ -567,7 +560,7 @@ return None # TODO(srabbelier) Make this give a proper error message - deny(request, args, kwargs) + deny(kwargs) return wrapper @@ -583,10 +576,10 @@ None if the current User has no active role for the given role_logic. """ - def wrapper(request, args, kwargs): + def wrapper(kwargs): try: # if the current user is a developer we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass @@ -595,7 +588,7 @@ if not user or user.link_id != kwargs['link_id']: # not my role - deny(request, args, kwargs) + deny(kwargs) fields = {'link_id': kwargs['link_id'], 'scope_path': kwargs['scope_path'] @@ -605,19 +598,19 @@ if not role_entity: # no role found - deny(request, args, kwargs) + deny(kwargs) if role_entity.state == 'active': # this role exist and is active return else: # this role is not active - deny(request, args, kwargs) + deny(kwargs) return wrapper -def checkCanInvite(request, args, kwargs): +def checkCanInvite(kwargs): """Checks to see if the current user can create an invite. Note that if the current url is not in the default 'request' form @@ -629,17 +622,11 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request, args, kwargs) + checkIsDeveloper(kwargs) return except out_of_band.Error: pass - # Mine the url for params - try: - callback, args, kwargs = urlresolvers.resolve(request.path) - except Exception: - deny(request, args, kwargs) - # Construct a new url by reshufling the kwargs order = ['role', 'access_type', 'scope_path', 'link_id'] url_params = dicts.unzip(kwargs, order) @@ -649,21 +636,21 @@ try: callback, args, kwargs = urlresolvers.resolve(url) except Exception: - deny(request, args, kwargs) + deny(kwargs) # Get the everything we need for the access check params = callback.im_self.getParams() access_type = kwargs['access_type'] # Perform the access check - checkAccess(access_type, request, rights=params['rights']) + checkAccess(access_type, rights=params['rights'], kwargs=kwargs) -def checkHasPickGetArgs(request, arg, kwargs): +def checkHasPickGetArgs(kwargs): """Raises an alternate HTTP response if the request misses get args. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments Raises: AccessViolationResponse: @@ -671,22 +658,22 @@ * if field is not in request.GET """ - get_args = request.GET + get_args = kwargs.get('GET', {}) if 'continue' in get_args and 'field' in get_args: return #TODO(SRabbelier) inform user that return_url and field are required - deny(request, arg, kwargs) + deny(kwargs) -def checkIsDocumentPublic(request, args, kwargs): +def checkIsDocumentPublic(kwargs): """Checks whether a document is public. Args: - request: a Django HTTP request + kwargs: a dictionary with django's arguments """ # TODO(srabbelier): A proper check needs to be done to see if the document # is public or not, probably involving analysing it's scope or such. - allow(request, args, kwargs) + allow(kwargs) diff -r 1d852b58b182 -r 43018f61b481 app/soc/views/helper/decorators.py --- a/app/soc/views/helper/decorators.py Sun Jan 25 00:01:19 2009 +0000 +++ b/app/soc/views/helper/decorators.py Sun Jan 25 00:02:41 2009 +0000 @@ -81,6 +81,7 @@ from soc.views import out_of_band from soc.views import helper from soc.views.helper import access + from soc.views.helper import responses @wraps(func) def wrapper(self, request, access_type, *args, **kwargs): @@ -92,9 +93,16 @@ else: rights = self._params['rights'] + check_kwargs = kwargs.copy() + context = responses.getUniversalContext(request) + + check_kwargs['GET'] = request.GET + check_kwargs['POST'] = request.POST + check_kwargs['context'] = context + # Do the access check dance try: - access.checkAccess(access_type, request, rights, args, kwargs) + access.checkAccess(access_type, rights, kwargs=check_kwargs) except out_of_band.Error, error: return helper.responses.errorResponse(error, request) return func(self, request, access_type, *args, **kwargs) diff -r 1d852b58b182 -r 43018f61b481 app/soc/views/sitemap/sidebar.py --- a/app/soc/views/sitemap/sidebar.py Sun Jan 25 00:01:19 2009 +0000 +++ b/app/soc/views/sitemap/sidebar.py Sun Jan 25 00:02:41 2009 +0000 @@ -137,7 +137,7 @@ for url, menu_text, access_type in items: try: - access.checkAccess(access_type, request, rights, args, kwargs) + access.checkAccess(access_type, rights, kwargs) submenus.append({'url': url, 'title': menu_text}) except out_of_band.Error: pass