# HG changeset patch # User Sverre Rabbelier # Date 1223823527 0 # Node ID 4f1bb54ddae5c95fde48ff5819a53a08ba8cf1ae # Parent 3b9c52170f46ddf8f32c381327062fdabd881b5d Moved soc/logic/helper/access to soc/views/helper/access Patch by: Sverre Rabbelier Reviewed by: to-be-reviewed diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/logic/helper/access.py --- a/app/soc/logic/helper/access.py Sun Oct 12 08:46:05 2008 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,173 +0,0 @@ -#!/usr/bin/python2.5 -# -# Copyright 2008 the Melange authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Access control helper. - -The functions in this module can be used to check access control -related requirements. When the specified required conditions are not -met, an exception is raised. This exception contains a views that -either prompts for authentication, or informs the user that they -do not meet the required criteria. -""" - -__authors__ = [ - '"Todd Larsen" ', - '"Sverre Rabbelier" ', - '"Pawel Solyga" ', - ] - - -from google.appengine.api import users -from django.utils.translation import ugettext_lazy - -import soc.logic.host -import soc.logic.out_of_band - -from soc.views.simple import requestLogin -from soc.logic.site import id_user - - -DEF_LOGIN_TMPL = 'soc/login.html' - -DEF_LOGIN_MSG_FMT = ugettext_lazy( - 'Please sign in to continue.') - -DEF_NO_USER_LOGIN_MSG_FMT = ugettext_lazy( - 'Please create User Profile' - ' in order to view this page.') - -DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ( - 'Please sign out' - ' and sign in' - ' again as %(role)s to view this page.') - - -def checkIsLoggedIn(request): - """Returns an alternate HTTP response if Google Account is not logged in. - - Args: - request: A Django HTTP request - - Raises: - AccessViolationResponse: If the required authorization is not met. - - Returns: - None if the user is logged in, or a subclass of - django.http.HttpResponse which contains the alternate response - that should be returned by the calling view. - """ - - if users.get_current_user(): - return - - login_request = requestLogin(request, DEF_LOGIN_TMPL, - login_message_fmt=DEF_LOGIN_MSG_FMT) - - raise soc.logic.out_of_band.AccessViolationResponse(login_request) - - -def checkIsUser(request): - """Returns an alternate HTTP response if Google Account has no User entity. - - Args: - request: A Django HTTP request - - Raises: - AccessViolationResponse: If the required authorization is not met. - - Returns: - None if User exists for id, or a subclass of - django.http.HttpResponse which contains the alternate response - should be returned by the calling view. - """ - - checkIsLoggedIn(request) - - id = users.get_current_user() - user = soc.logic.user_logic.getFromFields(email=id) - - if user: - return - - login_request = requestLogin(request, DEF_LOGIN_TMPL, - login_message_fmt=DEF_NO_USER_LOGIN_MSG_FMT) - - raise soc.logic.out_of_band.AccessViolationResponse(login_request) - - -def checkIsDeveloper(request): - """Returns an alternate HTTP response if Google Account is not a Developer. - - Args: - request: A Django HTTP request - - Raises: - AccessViolationResponse: If the required authorization is not met. - - Returns: - None if id is logged in and logged-in user is a Developer, or a - subclass of django.http.HttpResponse which contains the alternate - response should be returned by the calling view. - """ - - checkIsUser(request) - - id = users.get_current_user() - - if id_user.isIdDeveloper(id=id): - return None - - login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { - 'role' : 'a site developer ', - } - - login_request = requestLogin(request, DEF_LOGIN_TMPL, - login_message_fmt=login_message_fmt) - - raise soc.logic.out_of_band.AccessViolationResponse(login_request) - - -def checkIsHost(request, program): - """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. - - Args: - request: A Django HTTP request - - Raises: - AccessViolationResponse: If the required authorization is not met. - - Returns: - None if Host exists for the specified program, or a subclass of - django.http.HttpResponse which contains the alternate response - should be returned by the calling view. - """ - - checkIsUser(request) - - id = users.get_current_user() - host = soc.logic.host.getHostFromProgram(id, program) - - if host: - return - - login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { - 'role' : 'a host for this program', - } - - login_request = requestLogin(request, DEF_LOGIN_TMPL, - login_message_fmt=login_message_fmt) - - raise soc.logic.out_of_band.AccessViolationResponse(login_request) diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/logic/model.py --- a/app/soc/logic/model.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/logic/model.py Sun Oct 12 14:58:47 2008 +0000 @@ -42,7 +42,7 @@ base_class: Model class that inherits directly from polymodel.PolyModel, such as soc.models.work.Work derived_class: optional more-specific Model class that - derives from base_class, such as soc.model.document.Document; + derives from base_class, such as soc.models.document.Document; default is None, in which case the inheritance_line property is *not* tested by the returned query string """ diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/logic/out_of_band.py --- a/app/soc/logic/out_of_band.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/logic/out_of_band.py Sun Oct 12 14:58:47 2008 +0000 @@ -25,6 +25,7 @@ class OutOfBandResponse(Exception): """Base exception for out-of-band responses raised by controller logic. """ + pass @@ -41,25 +42,6 @@ django.http.HttpResponse; the most commonly used is 'status' to set the HTTP status code for the response """ + self.message = message self.response_args = response_args - - -class AccessViolationResponse(OutOfBandResponse): - """"Out of band response when an access requirement was not met. - """ - - def __init__(self, response): - """Constructor used to set response message \. - - Args: - response: The response that should be returned to the user. - """ - - self._response = response - - def response(self): - """Returns the response that was set in the constructor. - """ - - return self._response diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/helper/access.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/app/soc/views/helper/access.py Sun Oct 12 14:58:47 2008 +0000 @@ -0,0 +1,173 @@ +#!/usr/bin/python2.5 +# +# Copyright 2008 the Melange authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Access control helper. + +The functions in this module can be used to check access control +related requirements. When the specified required conditions are not +met, an exception is raised. This exception contains a views that +either prompts for authentication, or informs the user that they +do not meet the required criteria. +""" + +__authors__ = [ + '"Todd Larsen" ', + '"Sverre Rabbelier" ', + '"Pawel Solyga" ', + ] + + +from google.appengine.api import users +from django.utils.translation import ugettext_lazy + +import soc.logic.host +import soc.logic.out_of_band + +from soc.views.simple import requestLogin +from soc.logic.site import id_user + + +DEF_LOGIN_TMPL = 'soc/login.html' + +DEF_LOGIN_MSG_FMT = ugettext_lazy( + 'Please sign in to continue.') + +DEF_NO_USER_LOGIN_MSG_FMT = ugettext_lazy( + 'Please create User Profile' + ' in order to view this page.') + +DEF_DEV_LOGOUT_LOGIN_MSG_FMT = ( + 'Please sign out' + ' and sign in' + ' again as %(role)s to view this page.') + + +def checkIsLoggedIn(request): + """Returns an alternate HTTP response if Google Account is not logged in. + + Args: + request: A Django HTTP request + + Raises: + AccessViolationResponse: If the required authorization is not met. + + Returns: + None if the user is logged in, or a subclass of + django.http.HttpResponse which contains the alternate response + that should be returned by the calling view. + """ + + if users.get_current_user(): + return + + login_request = requestLogin(request, DEF_LOGIN_TMPL, + login_message_fmt=DEF_LOGIN_MSG_FMT) + + raise soc.logic.out_of_band.AccessViolationResponse(login_request) + + +def checkIsUser(request): + """Returns an alternate HTTP response if Google Account has no User entity. + + Args: + request: A Django HTTP request + + Raises: + AccessViolationResponse: If the required authorization is not met. + + Returns: + None if User exists for id, or a subclass of + django.http.HttpResponse which contains the alternate response + should be returned by the calling view. + """ + + checkIsLoggedIn(request) + + id = users.get_current_user() + user = soc.logic.user_logic.getFromFields(email=id) + + if user: + return + + login_request = requestLogin(request, DEF_LOGIN_TMPL, + login_message_fmt=DEF_NO_USER_LOGIN_MSG_FMT) + + raise soc.logic.out_of_band.AccessViolationResponse(login_request) + + +def checkIsDeveloper(request): + """Returns an alternate HTTP response if Google Account is not a Developer. + + Args: + request: A Django HTTP request + + Raises: + AccessViolationResponse: If the required authorization is not met. + + Returns: + None if id is logged in and logged-in user is a Developer, or a + subclass of django.http.HttpResponse which contains the alternate + response should be returned by the calling view. + """ + + checkIsUser(request) + + id = users.get_current_user() + + if id_user.isIdDeveloper(id=id): + return None + + login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { + 'role' : 'a site developer ', + } + + login_request = requestLogin(request, DEF_LOGIN_TMPL, + login_message_fmt=login_message_fmt) + + raise soc.logic.out_of_band.AccessViolationResponse(login_request) + + +def checkIsHost(request, program): + """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. + + Args: + request: A Django HTTP request + + Raises: + AccessViolationResponse: If the required authorization is not met. + + Returns: + None if Host exists for the specified program, or a subclass of + django.http.HttpResponse which contains the alternate response + should be returned by the calling view. + """ + + checkIsUser(request) + + id = users.get_current_user() + host = soc.logic.host.getHostFromProgram(id, program) + + if host: + return + + login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { + 'role' : 'a host for this program', + } + + login_request = requestLogin(request, DEF_LOGIN_TMPL, + login_message_fmt=login_message_fmt) + + raise soc.logic.out_of_band.AccessViolationResponse(login_request) diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/out_of_band.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/app/soc/views/out_of_band.py Sun Oct 12 14:58:47 2008 +0000 @@ -0,0 +1,49 @@ +#!/usr/bin/python2.5 +# +# Copyright 2008 the Melange authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Out-of-band responses to render instead of the usual HTTP response. +""" + +__authors__ = [ + '"Sverre Rabbelier" ', + ] + + +class OutOfBandResponse(Exception): + """Base exception for out-of-band responses raised by views. + """ + + pass + + +class AccessViolationResponse(OutOfBandResponse): + """"Out of band response when an access requirement was not met. + """ + + def __init__(self, response): + """Constructor used to set response message. + + Args: + response: The response that should be returned to the user. + """ + + self._response = response + + def response(self): + """Returns the response that was set in the constructor. + """ + + return self._response diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/docs/edit.py --- a/app/soc/views/site/docs/edit.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/docs/edit.py Sun Oct 12 14:58:47 2008 +0000 @@ -31,17 +31,17 @@ import soc.logic from soc.logic import out_of_band from soc.logic import path_link_name -from soc.logic.helper import access from soc.logic.site import id_user +import soc.models.document from soc.views import helper +from soc.views.helper import access import soc.views.helper.forms import soc.views.helper.requests import soc.views.helper.responses import soc.views.helper.widgets from soc.views import simple from soc.views.user import profile - -import soc.models.document +import soc.views.out_of_band class EditForm(helper.forms.DbModelForm): @@ -123,7 +123,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates @@ -245,7 +245,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/docs/list.py --- a/app/soc/views/site/docs/list.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/docs/list.py Sun Oct 12 14:58:47 2008 +0000 @@ -23,17 +23,18 @@ import soc.logic -from soc.logic.helper import access +import soc.models.document from soc.views import simple from soc.views import helper +from soc.views.helper import access import soc.views.helper.lists import soc.views.helper.responses - -import soc.models.document +import soc.views.out_of_band DEF_SITE_DOCS_LIST_ALL_TMPL = 'soc/site/docs/list/all.html' + def all(request, template=DEF_SITE_DOCS_LIST_ALL_TMPL): """Show a list of all Documents (limit rows per page). @@ -49,7 +50,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/home.py --- a/app/soc/views/site/home.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/home.py Sun Oct 12 14:58:47 2008 +0000 @@ -37,9 +37,10 @@ from soc.logic import out_of_band from soc.logic import validate from soc.logic.site import id_user -from soc.logic.helper import access from soc.views import simple from soc.views import helper +from soc.views.helper import access +import soc.views.out_of_band import soc.views.helper.forms import soc.views.helper.responses import soc.views.helper.templates @@ -134,7 +135,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/sponsor/list.py --- a/app/soc/views/site/sponsor/list.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/sponsor/list.py Sun Oct 12 14:58:47 2008 +0000 @@ -22,11 +22,12 @@ ] -from soc.logic.helper import access from soc.views import simple from soc.views import helper +from soc.views.helper import access import soc.views.helper.lists import soc.views.helper.responses +import soc.views.out_of_band DEF_SITE_SPONSOR_LIST_ALL_TMPL = 'soc/group/list/all.html' @@ -37,7 +38,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/sponsor/profile.py --- a/app/soc/views/site/sponsor/profile.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/sponsor/profile.py Sun Oct 12 14:58:47 2008 +0000 @@ -30,18 +30,17 @@ import soc.logic from soc.logic import validate from soc.logic import out_of_band -from soc.logic.helper import access from soc.logic.site import id_user +import soc.models.sponsor from soc.views import helper +from soc.views.helper import access import soc.views.helper.forms import soc.views.helper.requests import soc.views.helper.responses import soc.views.helper.widgets from soc.views import simple from soc.views.user import profile - -import soc.models.sponsor - +import soc.views.out_of_band class CreateForm(helper.forms.DbModelForm): """Django form displayed when creating a Sponsor. @@ -99,7 +98,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates @@ -212,7 +211,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/user/list.py --- a/app/soc/views/site/user/list.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/user/list.py Sun Oct 12 14:58:47 2008 +0000 @@ -23,18 +23,19 @@ import soc.logic -from soc.logic.helper import access from soc.logic.site import id_user +import soc.models.user from soc.views import simple from soc.views import helper +from soc.views.helper import access import soc.views.helper.lists import soc.views.helper.responses - -import soc.models.user +import soc.views.out_of_band DEF_SITE_USER_LIST_ALL_TMPL = 'soc/site/user/list/all.html' + def all(request, template=DEF_SITE_USER_LIST_ALL_TMPL): """Show a list of all Users (limit rows per page). @@ -50,7 +51,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates diff -r 3b9c52170f46 -r 4f1bb54ddae5 app/soc/views/site/user/profile.py --- a/app/soc/views/site/user/profile.py Sun Oct 12 08:46:05 2008 +0000 +++ b/app/soc/views/site/user/profile.py Sun Oct 12 14:58:47 2008 +0000 @@ -31,10 +31,10 @@ import soc.logic from soc.logic import validate from soc.logic import out_of_band -from soc.logic.helper import access from soc.logic.site import id_user from soc.views import simple from soc.views import helper +from soc.views.helper import access import soc.views.helper.forms import soc.views.helper.lists import soc.views.helper.requests @@ -108,7 +108,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates @@ -256,7 +256,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates @@ -398,7 +398,7 @@ try: access.checkIsDeveloper(request) - except soc.logic.out_of_band.AccessViolationResponse, alt_response: + except soc.views.out_of_band.AccessViolationResponse, alt_response: return alt_response.response() # create default template context for use with any templates