# HG changeset patch # User Lennard de Rijk # Date 1232710373 0 # Node ID 6ec8dd2a73b3b6f280129302f44bf93f7916d9ba # Parent db38e7680d1ceb2b89935b05e515599bb1057cce Added various access methods in preperation for the new request system. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r db38e7680d1c -r 6ec8dd2a73b3 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Fri Jan 23 09:08:26 2009 +0000 +++ b/app/soc/views/helper/access.py Fri Jan 23 11:32:53 2009 +0000 @@ -38,6 +38,7 @@ from soc.logic import accounts from soc.logic import dicts +from soc.logic.models.club_admin import logic as club_admin_logic from soc.logic.models.host import logic as host_logic from soc.logic.models.notification import logic as notification_logic from soc.logic.models.request import logic as request_logic @@ -236,8 +237,87 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) +def checkCanCreateFromRequest(role_name): + """Raises an alternate HTTP response if the specified invite does not exist + or if it has not been group_accepted. + """ + def wrapper(request, args, kwargs): + checkAgreesToSiteToS(request, args, kwargs) + + user_entity = user_logic.getForCurrentAccount() + + if user_entity.link_id != kwargs['link_id']: + deny(request, args, kwargs) + + fields = {'link_id' : kwargs['link_id'], + 'scope_path' : kwargs['scope_path'], + 'role' : role_name} + + request_entity = request_logic.getFromFieldsOr404(**fields) + + if not request_entity.group_accepted: + # TODO tell the user that this request has not been accepted yet + deny(request, args, kwargs) + + return + return wrapper + +def checkIsMyUncompletedRequest(request, args, kwargs): + """Raises an alternate HTTP response if the specified Request has been completed. + """ + checkAgreesToSiteToS(request, args, kwargs) + + user_entity = user_logic.getForCurrentAccount() + + if user_entity.link_id != kwargs['link_id']: + # not the current user's request + return deny(request, args, kwargs) + + fields = {'link_id' : kwargs['link_id'], + 'scope_path' : kwargs['scope_path'], + 'role' : kwargs['role'], + 'completed' : False} + + request_entity = request_logic.getForFields(fields, unique=True) + + if not request_entity: + # TODO return 404 + return deny(request, args, kwargs) + + return def checkIsHost(request, args, kwargs): + """Raises an alternate HTTP response if Google Account has no Host entity. + + Args: + request: a Django HTTP request + + Raises: + AccessViolationResponse: + * if User is not already a Host, or + * if User has not agreed to the site-wide ToS, or + * if no User exists for the logged-in Google Account, or + * if the user is not even logged in + """ + checkAgreesToSiteToS(request, args, kwargs) + + user = user_logic.getForFields({'account': users.get_current_user()}, + unique=True) + + fields = {'user' : user, + 'active' : True} + + host = host_logic.getForFields(fields, unique=True) + + if host: + return + + login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { + 'role': 'a Program Administrator '} + + raise out_of_band.LoginRequest(message_fmt=login_message_fmt) + +def checkIsHostForProgram(request, args, kwargs): """Raises an alternate HTTP response if Google Account has no Host entity for the specified program. @@ -246,25 +326,21 @@ Raises: AccessViolationResponse: - * if User has not been invited to be a Host, or - * if User is not already a Host, or + * if User is not already a Host for the specified program, or * if User has not agreed to the site-wide ToS, or * if no User exists for the logged-in Google Account, or * if the user is not even logged in """ checkAgreesToSiteToS(request, args, kwargs) - try: - # if the current user is invited to create a host profile we allow access - checkIsInvited(request, args, kwargs) - return - except out_of_band.Error: - pass - user = user_logic.getForFields({'account': users.get_current_user()}, unique=True) - host = host_logic.getForFields({'user': user}, unique=True) + fields = {'user' : user, + 'scope_path' : kwargs['scope_path'], + 'active' : True} + + host = host_logic.getForFields(fields, unique=True) if host: return @@ -300,7 +376,16 @@ checkAgreesToSiteToS(request, args, kwargs) - # TODO(srabbelier) implement this + user = user_logic.getForCurrentAccount() + + fields = {'user' : user, + 'scope_path' : kwargs['link_id'], + 'state' : 'active'} + + club_admin_entity = club_admin_logic.getForFields(fields, unique=True) + + if club_admin_entity: + return login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { 'role': 'a Club Admin for this Club'} @@ -501,6 +586,50 @@ return wrapper +def checkIsMyActiveRole(role_logic): + """Returns an alternate HTTP response if there is no active role found for + the current user using the given role_logic. + + Raises: + AccessViolationResponse: if the required authorization is not met + + Returns: + None if the current User has no active role for the given role_logic. + """ + + def wrapper(request, args, kwargs): + try: + # if the current user is a developer we allow access + checkIsDeveloper(request, args, kwargs) + return + except out_of_band.Error: + pass + + user = user_logic.getForCurrentAccount() + + if not user or user.link_id != kwargs['link_id']: + # not my role + deny(request, args, kwargs) + + fields = {'link_id' : kwargs['link_id'], + 'scope_path' : kwargs['scope_path'] + } + + role_entity = role_logic.logic.getForFields(fields, unique=True) + + if not role_entity: + # no role found + deny(request, args, kwargs) + + if role_entity.state == 'active': + # this role exist and is active + return + else: + # this role is not active + deny(request, args, kwargs) + + return wrapper + def checkCanInvite(request, args, kwargs): """Checks to see if the current user can create an invite.