# HG changeset patch # User Sverre Rabbelier # Date 1235667495 0 # Node ID 5c31184594a55cde1fb32d581aa8a84896e05034 # Parent fe906cdbf0e94190ac1f33f86d6283c00f318799 Convert everything to use the new access methods Patch by: Sverre Rabbelier diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/helper/responses.py --- a/app/soc/views/helper/responses.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/helper/responses.py Thu Feb 26 16:58:15 2009 +0000 @@ -32,13 +32,13 @@ from soc.logic import accounts from soc.logic import system from soc.logic.models import site +from soc.logic.models.user import logic as user_logic from soc.views import helper from soc.views.helper import redirects from soc.views.helper import templates from soc.views.sitemap import sidebar import soc.logic -import soc.logic.models.user import soc.views.helper.requests @@ -114,8 +114,8 @@ context['request'] = request if account: - user = soc.logic.models.user.logic.getForCurrentAccount() - is_admin = accounts.isDeveloper(account=account) + user = user_logic.getForAccount(account) + is_admin = user_logic.isDeveloper(account=account, user=user) context['account'] = account context['user'] = user diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/models/club.py --- a/app/soc/views/models/club.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/models/club.py Thu Feb 26 16:58:15 2009 +0000 @@ -58,15 +58,15 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasActiveRoleForScope', [club_admin_logic.logic, 'link_id']), - ('checkIsActive', [club_logic.logic, None])] + rights['edit'] = [('checkHasActiveRoleForLinkId', club_admin_logic.logic), + ('checkGroupIsActiveForLinkId', club_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['home'] = ['allow'] rights['list'] = ['checkIsDeveloper'] rights['apply_member'] = ['checkIsUser', - ('checkIsActive', club_logic.logic)] - rights['list_requests'] = [('checkHasActiveRoleForScope', [club_admin_logic.logic, 'link_id'])] - rights['list_roles'] = [('checkHasActiveRoleForScope', [club_admin_logic.logic, 'link_id'])] + ('checkGroupIsActiveForScopeAndLinkId', club_logic.logic)] + rights['list_requests'] = [('checkHasActiveRoleForLinkId', club_admin_logic.logic)] + rights['list_roles'] = [('checkHasActiveRoleForLinkId', club_admin_logic.logic)] rights['applicant'] = [('checkIsApplicationAccepted', club_app_logic.logic)] diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/models/mentor.py --- a/app/soc/views/models/mentor.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/models/mentor.py Thu Feb 26 16:58:15 2009 +0000 @@ -55,7 +55,7 @@ rights['create'] = ['checkIsDeveloper'] rights['edit'] = [('checkHasActiveRoleForScope', soc.logic.models.mentor.logic)] rights['delete'] = ['checkIsDeveloper'] - rights['invite'] = [('checkHasActiveRoleForScope', + rights['invite'] = [('checkHasActiveRoleForScope', soc.logic.models.org_admin.logic)] rights['accept_invite'] = [('checkCanCreateFromRequest', 'mentor'), 'checkIsNotStudentForProgramOfOrg'] diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/models/org_admin.py --- a/app/soc/views/models/org_admin.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/models/org_admin.py Thu Feb 26 16:58:15 2009 +0000 @@ -60,7 +60,7 @@ rights['create'] = ['checkIsDeveloper'] rights['edit'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] - rights['invite'] = [('checkHasActiveRoleForScope', + rights['invite'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)] rights['accept_invite'] = [('checkCanCreateFromRequest', 'org_admin'), 'checkIsNotStudentForProgramOfOrg'] diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/models/organization.py --- a/app/soc/views/models/organization.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/models/organization.py Thu Feb 26 16:58:15 2009 +0000 @@ -23,6 +23,8 @@ ] +from google.appengine.api import users + from django import forms from soc.logic import cleaning @@ -32,6 +34,7 @@ from soc.logic.models import organization as org_logic from soc.logic.models import org_admin as org_admin_logic from soc.logic.models import org_app as org_app_logic +from soc.logic.models import user as user_logic from soc.views.helper import access from soc.views.helper import decorators from soc.views.helper import dynaform @@ -56,28 +59,26 @@ original_params: a dict with params for this View """ - all = "%(scope_path)s/%(link_id)s" - rights = access.Checker(params) rights['any_access'] = ['allow'] rights['show'] = ['allow'] rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasActiveRoleForScope', - [org_admin_logic.logic, all]), - ('checkIsActive', [org_logic.logic, None])] + rights['edit'] = [('checkHasActiveRoleForKeyFieldsAsScope', + org_admin_logic.logic,), + ('checkGroupIsActiveForLinkId', org_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['home'] = ['allow'] rights['public_list'] = ['allow'] rights['apply_mentor'] = ['checkIsUser'] - rights['list_requests'] = [('checkHasActiveRoleForScope', - [org_admin_logic.logic, all])] - rights['list_roles'] = [('checkHasActiveRoleForScope', - [org_admin_logic.logic, all])] + rights['list_requests'] = [('checkHasActiveRoleForKeyFieldsAsScope', + org_admin_logic.logic)] + rights['list_roles'] = [('checkHasActiveRoleForKeyFieldsAsScope', + org_admin_logic.logic)] rights['applicant'] = [('checkIsApplicationAccepted', org_app_logic.logic)] rights['list_proposals'] = [('checkHasAny', [ - [('checkHasActiveRoleForScope', [org_admin_logic.logic, all]), - ('checkHasActiveRoleForScope', [mentor_logic.logic, all])] + [('checkHasActiveRoleForKeyFieldsAsScope', org_admin_logic.logic), + ('checkHasActiveRoleForKeyFieldsAsScope', mentor_logic.logic)] ])] new_params = {} @@ -197,8 +198,18 @@ """See base.View.list. """ - new_params = {} - if accounts.isDeveloper(): + account = users.get_current_user() + user = user_logic.getForAccount(account) if account else None + + try: + rights = self._params['rights'] + rights.setCurrentUser(account, user) + rights.checkIsHost() + is_host = True + except out_of_band.Error: + is_host = False + + if is_host: new_params['list_action'] = (redirects.getAdminRedirect, params) else: new_params['list_action'] = (redirects.getPublicRedirect, params) diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/models/site.py --- a/app/soc/views/models/site.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/models/site.py Thu Feb 26 16:58:15 2009 +0000 @@ -28,6 +28,7 @@ from soc.logic import accounts from soc.logic import cleaning from soc.logic import dicts +from soc.views import out_of_band from soc.views.helper import access from soc.views.helper import redirects from soc.views.helper import widgets @@ -118,7 +119,16 @@ if entity: submenus += document_view.view.getMenusForScope(entity, self._params) - if user and accounts.isDeveloper(id, user): + + try: + rights = self._params['rights'] + rights.setCurrentUser(id, user) + rights.checkIsHost() + is_host = True + except out_of_band.Error: + is_host = False + + if is_host: submenus += [(redirects.getCreateDocumentRedirect(entity, 'site'), "Create a New Document", 'any_access')] diff -r fe906cdbf0e9 -r 5c31184594a5 app/soc/views/models/sponsor.py --- a/app/soc/views/models/sponsor.py Thu Feb 26 16:57:13 2009 +0000 +++ b/app/soc/views/models/sponsor.py Thu Feb 26 16:58:15 2009 +0000 @@ -51,7 +51,7 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] rights['edit'] = [('checkHasActiveRoleForScope', [host_logic, 'link_id']), - ('checkIsActive', [sponsor_logic, None, 'link_id'])] + ('checkGroupIsActiveForLinkId', sponsor_logic)] rights['delete'] = ['checkIsDeveloper'] rights['home'] = [('checkHasActiveRoleForScope', host_logic)] rights['list'] = ['checkIsDeveloper']