# HG changeset patch # User Sverre Rabbelier # Date 1229172551 0 # Node ID 7fe218e3d3595e068677f030ddf52f6c634d1975 # Parent 602c2b2f4d8b73ed597f000081e16b0326eec2c3 Make checkIsMyInvitation use Django to parse the URL Using django is more reliable and makes the code easier to read as there is no knowledge of the url layout required. Patch by: Sverre Rabbelier diff -r 602c2b2f4d8b -r 7fe218e3d359 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Sat Dec 13 12:48:49 2008 +0000 +++ b/app/soc/views/helper/access.py Sat Dec 13 12:49:11 2008 +0000 @@ -342,31 +342,26 @@ pass checkIsUser(request) - - splitpath = request.path.split('/') - splitpath = splitpath[1:] # cut off leading '' - - # get the notification scope (user link_id) from the request path - user_link_id = splitpath[2] - # get the notification link_id from the request path - notification_link_id = splitpath[3] - - properties = { - 'link_id': notification_link_id, - 'scope_path': user_link_id, - } - + + # Mine the url for params + try: + callback, args, kwargs = urlresolvers.resolve(request.path) + except Exception: + deny(request) + + properties = dicts.filter(kwargs, ['link_id', 'scope_path']) + notification = notification_logic.logic.getForFields(properties, unique=True) - user = user_logic.logic.getForCurrentAccount() - - # check if the key of the current user matches the key from the scope of the message + + # We need to check to see if the key's are equal since the User + # objects are different and the default __eq__ method does not check + # if the keys are equal (which is what we want). if user.key() == notification.scope.key(): - # access granted return None - else: - # access denied - deny(request) + + # TODO(ljvderijk) Make this give a proper error message + deny(request) def checkCanInvite(request): """Checks to see if the current user can create an invite