# HG changeset patch # User Lennard de Rijk # Date 1256521769 25200 # Node ID 7f922641ccc9e65c8cb3c916e436a24167c3b085 # Parent 6ca30967d1bb6ad58dbbacced66c694f6ec3d494 Edited the necessary access checks for all the Role views in Core and GHOP. Also removed unneccessary use of _acceptInvitePost. diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/modules/ghop/views/models/mentor.py --- a/app/soc/modules/ghop/views/models/mentor.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/modules/ghop/views/models/mentor.py Sun Oct 25 18:49:29 2009 -0700 @@ -56,16 +56,15 @@ rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', ghop_org_admin_logic.logic)] - rights['accept_invite'] = [('checkCanCreateFromRequest', 'ghop/mentor'), - ('checkIsNotStudentForProgramOfOrg', + rights['accept_invite'] = ['checkCanCreateFromRequest', + ('checkIsNotStudentForProgramOfOrgInRequest', [ghop_org_logic.logic, ghop_student_logic.logic])] rights['request'] = [ ('checkIsNotStudentForProgramOfOrg', [ghop_org_logic.logic, ghop_student_logic.logic]), ('checkCanMakeRequestToGroup', ghop_org_logic.logic)] rights['process_request'] = [ - ('checkHasActiveRoleForScope', ghop_org_admin_logic.logic), - ('checkCanProcessRequest', 'ghop/mentor')] + ('checkCanProcessRequest', [[ghop_org_admin_logic.logic]])] rights['manage'] = [ ('checkIsAllowedToManageRole', [ghop_mentor_logic.logic, ghop_org_admin_logic.logic])] diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/modules/ghop/views/models/org_admin.py --- a/app/soc/modules/ghop/views/models/org_admin.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/modules/ghop/views/models/org_admin.py Sun Oct 25 18:49:29 2009 -0700 @@ -54,12 +54,11 @@ rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', ghop_org_admin_logic.logic)] - rights['accept_invite'] = [('checkCanCreateFromRequest', 'ghop/org_admin'), - ('checkIsNotStudentForProgramOfOrg', + rights['accept_invite'] = ['checkCanCreateFromRequest', + ('checkIsNotStudentForProgramOfOrgInRequest', [ghop_org_logic.logic, ghop_student_logic.logic])] rights['process_request'] = [ - ('checkHasActiveRoleForScope', ghop_org_admin_logic.logic), - ('checkCanProcessRequest', 'ghop/org_admin')] + ('checkCanProcessRequest', [[ghop_org_admin_logic.logic]])] rights['manage'] = [ ('checkIsAllowedToManageRole', [ghop_org_admin_logic.logic, ghop_org_admin_logic.logic])] diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/views/models/club_admin.py --- a/app/soc/views/models/club_admin.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/views/models/club_admin.py Sun Oct 25 18:49:29 2009 -0700 @@ -55,10 +55,9 @@ rights['edit'] = [('checkIsMyActiveRole', club_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)] - rights['accept_invite'] = [('checkCanCreateFromRequest', 'club_admin')] - rights['process_request'] = [('checkHasActiveRoleForScope', - club_admin_logic.logic), - ('checkCanProcessRequest', 'club_admin')] + rights['accept_invite'] = ['checkCanCreateFromRequest'] + rights['process_request'] = [('checkCanProcessRequest', + [[club_admin_logic.logic]])] rights['manage'] = [('checkIsAllowedToManageRole', [club_admin_logic.logic, club_admin_logic.logic])] @@ -106,15 +105,6 @@ super(View, self)._editPost(request, entity, fields) - def _acceptInvitePost(self, fields, request, context, params, **kwargs): - """Fills in the fields that were missing in the invited_created_form. - - For params see base.View._acceptInvitePost() - """ - # fill in the appropriate fields that were missing in the form - fields['user'] = fields['link_id'] - fields['link_id'] = fields['user'].link_id - view = View() diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/views/models/club_member.py --- a/app/soc/views/models/club_member.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/views/models/club_member.py Sun Oct 25 18:49:29 2009 -0700 @@ -56,12 +56,11 @@ rights['edit'] = [('checkIsMyActiveRole', club_member_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)] - rights['accept_invite'] = [('checkCanCreateFromRequest','club_member')] + rights['accept_invite'] = ['checkCanCreateFromRequest'] rights['request'] = ['checkIsUser', ('checkCanMakeRequestToGroup', club_logic.logic)] - rights['process_request'] = [('checkHasActiveRoleForScope', - club_admin_logic.logic), - ('checkCanProcessRequest','club_member')] + rights['process_request'] = [('checkCanProcessRequest', + [[club_admin_logic.logic]])] rights['manage'] = [('checkIsAllowedToManageRole', [soc.logic.models.club_member.logic, club_admin_logic.logic])] @@ -110,15 +109,6 @@ super(View, self)._editPost(request, entity, fields) - def _acceptInvitePost(self, fields, request, context, params, **kwargs): - """Fills in the fields that were missing in the invited_created_form. - - For params see base.View._acceptInvitePost() - """ - # fill in the appropriate fields that were missing in the form - fields['user'] = fields['link_id'] - fields['link_id'] = fields['user'].link_id - view = View() diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/views/models/group.py --- a/app/soc/views/models/group.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/views/models/group.py Sun Oct 25 18:49:29 2009 -0700 @@ -267,7 +267,7 @@ # list all incoming requests filter = { - 'scope': group_entity, + 'group': group_entity, 'role': role_names, 'status': 'new' } @@ -285,7 +285,7 @@ # list all outstanding invites filter = { - 'scope': group_entity, + 'group': group_entity, 'role': role_names, 'status': 'group_accepted' } @@ -303,7 +303,7 @@ # list all ignored requests filter = { - 'scope': group_entity, + 'group': group_entity, 'role': role_names, 'status': 'ignored' } diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/views/models/host.py --- a/app/soc/views/models/host.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/views/models/host.py Sun Oct 25 18:49:29 2009 -0700 @@ -59,10 +59,9 @@ rights['edit'] = [('checkIsMyActiveRole', host_logic.logic)] rights['invite'] = [('checkHasActiveRoleForScope', host_logic.logic)] rights['list'] = ['checkIsDeveloper'] - rights['accept_invite'] = [('checkCanCreateFromRequest','host')] - rights['process_request'] = [('checkHasActiveRoleForScope', - host_logic.logic), - ('checkCanProcessRequest','host')] + rights['accept_invite'] = ['checkCanCreateFromRequest'] + rights['process_request'] = [('checkCanProcessRequest', + [[host_logic.logic]])] rights['manage'] = [('checkIsAllowedToManageRole', [host_logic.logic, host_logic.logic])] @@ -118,15 +117,6 @@ super(View, self)._editPost(request, entity, fields) - def _acceptInvitePost(self, fields, request, context, params, **kwargs): - """Fills in the fields that were missing in the invited_created_form. - - For params see base.View._acceptInvitePost() - """ - # fill in the appropriate fields that were missing in the form - fields['user'] = fields['link_id'] - fields['link_id'] = fields['link_id'].link_id - view = View() diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/views/models/mentor.py --- a/app/soc/views/models/mentor.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/views/models/mentor.py Sun Oct 25 18:49:29 2009 -0700 @@ -60,16 +60,15 @@ rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', soc.logic.models.org_admin.logic)] - rights['accept_invite'] = [('checkCanCreateFromRequest', 'mentor'), - ('checkIsNotStudentForProgramOfOrg', [org_logic.logic, - student_logic.logic])] + rights['accept_invite'] = ['checkCanCreateFromRequest', + ('checkIsNotStudentForProgramOfOrgInRequest',[org_logic.logic, + student_logic.logic])] rights['request'] = [ ('checkIsNotStudentForProgramOfOrg', [org_logic.logic, student_logic.logic]), ('checkCanMakeRequestToGroup', org_logic.logic)] rights['process_request'] = [ - ('checkHasActiveRoleForScope', soc.logic.models.org_admin.logic), - ('checkCanProcessRequest', 'mentor')] + ('checkCanProcessRequest', [[soc.logic.models.org_admin.logic]])] rights['manage'] = [ ('checkIsAllowedToManageRole', [soc.logic.models.mentor.logic, soc.logic.models.org_admin.logic])] @@ -161,13 +160,11 @@ def _acceptInvitePost(self, fields, request, context, params, **kwargs): """Fills in the fields that were missing in the invited_created_form. - + For params see base.View._acceptInvitePost() """ # fill in the appropriate fields that were missing in the form - fields['user'] = fields['link_id'] - fields['link_id'] = fields['user'].link_id fields['agreed_to_tos'] = fields['agreed_to_mentor_agreement'] group_logic = params['group_logic'] diff -r 6ca30967d1bb -r 7f922641ccc9 app/soc/views/models/org_admin.py --- a/app/soc/views/models/org_admin.py Sun Oct 25 18:48:22 2009 -0700 +++ b/app/soc/views/models/org_admin.py Sun Oct 25 18:49:29 2009 -0700 @@ -65,12 +65,11 @@ rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)] - rights['accept_invite'] = [('checkCanCreateFromRequest', 'org_admin'), - ('checkIsNotStudentForProgramOfOrg', [org_logic.logic, + rights['accept_invite'] = ['checkCanCreateFromRequest', + ('checkIsNotStudentForProgramOfOrgInRequest', [org_logic.logic, student_logic.logic])] rights['process_request'] = [ - ('checkHasActiveRoleForScope', org_admin_logic.logic), - ('checkCanProcessRequest', 'org_admin')] + ('checkCanProcessRequest', [[org_admin_logic.logic]])] rights['manage'] = [ ('checkIsAllowedToManageRole', [org_admin_logic.logic, org_admin_logic.logic])] @@ -165,8 +164,6 @@ """ # fill in the appropriate fields that were missing in the form - fields['user'] = fields['link_id'] - fields['link_id'] = fields['user'].link_id fields['agreed_to_tos'] = fields['agreed_to_admin_agreement'] group_logic = params['group_logic']