# HG changeset patch # User Sverre Rabbelier # Date 1232554307 0 # Node ID 70e0b6d8ff73d3a30aa2be59f60266ae56d8076d # Parent 0ec74865eb5eea83d167a7c6dddf0a821900b08b Prepare access to receive args and kwargs as argument Also use two "magic values" when the sidebar is doing the access checks, this might be useful later. Patch by: Sverre Rabbelier diff -r 0ec74865eb5e -r 70e0b6d8ff73 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Wed Jan 21 15:35:10 2009 +0000 +++ b/app/soc/views/helper/access.py Wed Jan 21 16:11:47 2009 +0000 @@ -63,7 +63,7 @@ 'Please sign out in order to view this page') -def checkAccess(access_type, request, rights): +def checkAccess(access_type, request, rights, args=None, kwargs=None): """Runs all the defined checks for the specified type. Args: @@ -89,19 +89,19 @@ # Call each access checker for check in rights['any_access']: - check(request) + check(request, args, kwargs) if access_type not in rights: for check in rights['unspecified']: # No checks defined, so do the 'generic' checks and bail out - check(request) + check(request, args, kwargs) return for check in rights[access_type]: - check(request) + check(request, args, kwargs) -def allow(request): +def allow(request, args, kwargs): """Never returns an alternate HTTP response. Args: @@ -110,7 +110,8 @@ return -def deny(request): + +def deny(request, args, kwargs): """Returns an alternate HTTP response. Args: @@ -127,7 +128,7 @@ raise out_of_band.AccessViolation(DEF_PAGE_DENIED_MSG, context=context) -def checkIsLoggedIn(request): +def checkIsLoggedIn(request, args, kwargs): """Returns an alternate HTTP response if Google Account is not logged in. Args: @@ -148,7 +149,7 @@ raise out_of_band.LoginRequest() -def checkNotLoggedIn(request): +def checkNotLoggedIn(request, args, kwargs): """Returns an alternate HTTP response if Google Account is not logged in. Args: @@ -169,7 +170,7 @@ raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT) -def checkIsUser(request): +def checkIsUser(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no User entity. Args: @@ -184,7 +185,7 @@ should be returned by the calling view. """ - checkIsLoggedIn(request) + checkIsLoggedIn(request, args, kwargs) user = user_logic.logic.getForFields( {'account': users.get_current_user()}, unique=True) @@ -195,7 +196,7 @@ raise out_of_band.LoginRequest(message_fmt=DEF_NO_USER_LOGIN_MSG_FMT) -def checkIsDeveloper(request): +def checkIsDeveloper(request, args, kwargs): """Returns an alternate HTTP response if Google Account is not a Developer. Args: @@ -210,7 +211,7 @@ response should be returned by the calling view. """ - checkIsUser(request) + checkIsUser(request, args, kwargs) if accounts.isDeveloper(account=users.get_current_user()): return @@ -221,7 +222,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsHost(request): +def checkIsHost(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. @@ -239,12 +240,12 @@ try: # if the current user is invited to create a host profile we allow access - checkIsInvited(request) + checkIsInvited(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) user = user_logic.logic.getForFields( {'account': users.get_current_user()}, unique=True) @@ -261,7 +262,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsClubAdminForClub(request): +def checkIsClubAdminForClub(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Club Admin entity for the specified club. @@ -279,12 +280,12 @@ try: # if the current user is invited to create a host profile we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) # TODO(srabbelier) implement this @@ -294,7 +295,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsInvited(request): +def checkIsInvited(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Host entity for the specified program. @@ -312,12 +313,12 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) login_message_fmt = DEF_DEV_LOGOUT_LOGIN_MSG_FMT % { 'role': 'a Program Administrator for this Program'} @@ -327,7 +328,7 @@ if len(splitpath) < 4: # TODO: perhaps this needs a better explanation? - deny(request) + deny(request, args, kwargs) role = splitpath[0] group_id = splitpath[2] @@ -338,7 +339,7 @@ if user_id != user.link_id: # TODO: perhaps this needs a better explanation? - deny(request) + deny(request, args, kwargs) properties = { 'link_id': user_id, @@ -355,7 +356,7 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) -def checkIsClubAppAccepted(request): +def checkIsClubAppAccepted(request, args, kwargs): """Returns an alternate HTTP response if Google Account has no Club App entity for the specified Club. @@ -373,12 +374,12 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) user = user_logic.logic.getForCurrentAccount() @@ -395,10 +396,10 @@ return # TODO(srabbelier) Make this give a proper error message - deny(request) + deny(request, args, kwargs) -def checkIsMyNotification(request): +def checkIsMyNotification(request, args, kwargs): """Returns an alternate HTTP response if this request is for a Notification belonging to the current user. @@ -414,18 +415,18 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) # Mine the url for params try: callback, args, kwargs = urlresolvers.resolve(request.path) except Exception: - deny(request) + deny(request, args, kwargs) properties = dicts.filter(kwargs, ['link_id', 'scope_path']) @@ -439,9 +440,10 @@ return None # TODO(ljvderijk) Make this give a proper error message - deny(request) + deny(request, args, kwargs) -def checkIsMyApplication(request): + +def checkIsMyApplication(request, args, kwargs): """Returns an alternate HTTP response if this request is for a Application belonging to the current user. @@ -457,18 +459,18 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass - checkIsUser(request) + checkIsUser(request, args, kwargs) # Mine the url for params try: callback, args, kwargs = urlresolvers.resolve(request.path) except Exception: - deny(request) + deny(request, args, kwargs) properties = dicts.filter(kwargs, ['link_id']) @@ -482,10 +484,10 @@ return None # TODO(srabbelier) Make this give a proper error message - deny(request) + deny(request, args, kwargs) -def checkCanInvite(request): +def checkCanInvite(request, args, kwargs): """Checks to see if the current user can create an invite. Note that if the current url is not in the default 'request' form @@ -497,7 +499,7 @@ try: # if the current user is a developer we allow access - checkIsDeveloper(request) + checkIsDeveloper(request, args, kwargs) return except out_of_band.Error: pass @@ -506,7 +508,7 @@ try: callback, args, kwargs = urlresolvers.resolve(request.path) except Exception: - deny(request) + deny(request, args, kwargs) # Construct a new url by reshufling the kwargs order = ['role', 'access_type', 'scope_path', 'link_id'] @@ -517,16 +519,17 @@ try: callback, args, kwargs = urlresolvers.resolve(url) except Exception: - deny(request) + deny(request, args, kwargs) # Get the everything we need for the access check params = callback.im_self.getParams() access_type = kwargs['access_type'] # Perform the access check - helper.access.checkAccess(access_type, request, rights=params['rights']) + checkAccess(access_type, request, rights=params['rights']) -def checkIsDocumentPublic(request): + +def checkIsDocumentPublic(request, args, kwargs): """Checks whether a document is public. Args: @@ -535,4 +538,4 @@ # TODO(srabbelier): A proper check needs to be done to see if the document # is public or not, probably involving analysing it's scope or such. - allow(request) + allow(request, args, kwargs) diff -r 0ec74865eb5e -r 70e0b6d8ff73 app/soc/views/sitemap/sidebar.py --- a/app/soc/views/sitemap/sidebar.py Wed Jan 21 15:35:10 2009 +0000 +++ b/app/soc/views/sitemap/sidebar.py Wed Jan 21 16:11:47 2009 +0000 @@ -27,6 +27,8 @@ SIDEBAR = [] +SIDEBAR_ACCESS_ARGS = ['SIDEBAR_CALLING'] +SIDEBAR_ACCESS_KWARGS = {'SIDEBAR_CALLING': True} def addMenu(callback): @@ -130,9 +132,12 @@ submenus = [] + args = SIDEBAR_ACCESS_ARGS + kwargs = SIDEBAR_ACCESS_KWARGS + for url, menu_text, access_type in items: try: - access.checkAccess(access_type, request, rights) + access.checkAccess(access_type, request, rights, args, kwargs) submenus.append({'url': url, 'title': menu_text}) except out_of_band.Error: pass