# HG changeset patch # User Lennard de Rijk # Date 1237838700 0 # Node ID 768f533d91e3c7d47c09cd5c376820ba54475240 # Parent bf64992d08c4bf3e5a7ed1803e87aa6d306aa601 Added check to prevent students from submitting more proposals then allowed by the program settings. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r bf64992d08c4 -r 768f533d91e3 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Mon Mar 23 08:44:29 2009 +0000 +++ b/app/soc/views/helper/access.py Mon Mar 23 20:05:00 2009 +0000 @@ -124,6 +124,10 @@ DEF_SIGN_UP_AS_STUDENT_MSG = ugettext( 'You need to sign up as a Student first.') +DEF_MAX_PROPOSALS_REACHED = ugettext( + 'You have reached the maximum number of Proposals allowed ' + 'for this program.') + DEF_NO_LIST_ACCESS_MSG = ugettext('You do not have the required rights to ' 'list documents for this scope and prefix.') @@ -1286,13 +1290,15 @@ message_fmt=DEF_NEED_ROLE_MSG) @allowDeveloper - def checkCanStudentPropose(self, django_args, key_location): + def checkCanStudentPropose(self, django_args, key_location, check_limit): """Checks if the program for this student accepts proposals. Args: django_args: a dictionary with django's arguments key_location: the key for django_args in which the key_name from the student is stored + check_limit: iff true checks if the student reached the apps_tasks_limit + for the given program. """ self.checkIsUser(django_args) @@ -1314,6 +1320,15 @@ 'student_signup'): raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG) + if check_limit: + # count all studentproposals by the student + fields = {'scope': student_entity} + proposal_query = student_proposal_logic.getQueryForFields(fields) + + if proposal_query.count() >= program_entity.apps_tasks_limit: + # too many proposals access denied + raise out_of_band.AccessViolation(message_fmt=DEF_MAX_PROPOSALS_REACHED) + return @allowDeveloper diff -r bf64992d08c4 -r 768f533d91e3 app/soc/views/models/student_proposal.py --- a/app/soc/views/models/student_proposal.py Mon Mar 23 08:44:29 2009 +0000 +++ b/app/soc/views/models/student_proposal.py Mon Mar 23 20:05:00 2009 +0000 @@ -64,7 +64,7 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkCanStudentPropose', 'scope_path'), + rights['edit'] = [('checkCanStudentPropose', ['scope_path', False]), ('checkRoleAndStatusForStudentProposal', [['proposer'], ['active'], ['new', 'pending']])] rights['delete'] = ['checkIsDeveloper'] @@ -76,12 +76,12 @@ rights['list'] = ['checkIsDeveloper'] rights['list_orgs'] = [ ('checkIsStudent', ['scope_path', ['active']]), - ('checkCanStudentPropose', 'scope_path')] + ('checkCanStudentPropose', ['scope_path', False])] rights['list_self'] = [ ('checkIsStudent', ['scope_path', ['active', 'inactive']])] rights['apply'] = [ ('checkIsStudent', ['scope_path', ['active']]), - ('checkCanStudentPropose', 'scope_path')] + ('checkCanStudentPropose', ['scope_path', True])] rights['review'] = [('checkRoleAndStatusForStudentProposal', [['org_admin', 'mentor', 'host'], ['active'], ['new', 'pending']])]