# HG changeset patch # User Sverre Rabbelier # Date 1234620705 0 # Node ID 9836cfc0bb31c33c9c7393e07e3e6fb75206aeb5 # Parent a3f654f30fbc00996dda7120aa962d0e202f8cc8 Add cleaning methods for document ACL Patch by: Sverre Rabbelier diff -r a3f654f30fbc -r 9836cfc0bb31 app/soc/logic/cleaning.py --- a/app/soc/logic/cleaning.py Sat Feb 14 14:11:18 2009 +0000 +++ b/app/soc/logic/cleaning.py Sat Feb 14 14:11:45 2009 +0000 @@ -31,13 +31,18 @@ from django.utils.translation import ugettext from soc.logic import validate +from soc.logic import rights as rights_logic from soc.logic.models import site as site_logic from soc.logic.models import user as user_logic +from soc.models import document as document_model DEF_LINK_ID_IN_USE_MSG = ugettext( 'This link ID is already in use, please specify another one') +DEF_NO_RIGHTS_FOR_ACL_MSG = ugettext( + 'You do not have the required rights for that ACL.') + def check_field_is_empty(field_name): """Returns decorator that bypasses cleaning for empty fields. @@ -328,3 +333,50 @@ return cleaned_data return wrapper + + +def validate_document_acl(view): + """Validates that the document ACL settings are correct. + """ + + def wrapper(self): + cleaned_data = self.cleaned_data + read_access = cleaned_data.get('read_access') + write_access = cleaned_data.get('write_access') + + if not (read_access and write_access and ('prefix' in cleaned_data)): + return cleaned_data + + if read_access != 'public': + ordening = document_model.Document.DOCUMENT_ACCESS + if ordening.index(read_access) < ordening.index(write_access): + raise forms.ValidationError( + "Read access should be less strict than write access.") + + validate_access(self, view, 'read_access') + validate_access(self, view, 'write_access') + + return cleaned_data + + return wrapper + +def validate_access(self, view, field): + """Validates that the user has access to the ACL for the specified fields. + """ + + access_level = self.cleaned_data[field] + prefix = self.cleaned_data['prefix'] + + params = view.getParams() + rights = params['rights'] + + user = user_logic.logic.getForCurrentAccount() + + rights.setCurrentUser(user.account, user) + checker = rights_logic.Checker(prefix) + + roles = checker.getMembership(access_level) + + if not rights.hasMembership(roles, {}): + self._errors[field] = ErrorList([DEF_NO_RIGHTS_FOR_ACL_MSG]) + del self.cleaned_data[field] diff -r a3f654f30fbc -r 9836cfc0bb31 app/soc/views/models/document.py --- a/app/soc/views/models/document.py Sat Feb 14 14:11:18 2009 +0000 +++ b/app/soc/views/models/document.py Sat Feb 14 14:11:45 2009 +0000 @@ -95,6 +95,7 @@ 'clean_link_id': cleaning.clean_link_id('link_id'), 'clean_scope_path': cleaning.clean_scope_path('scope_path'), + 'clean': cleaning.validate_document_acl(self), } new_params['extra_dynaexclude'] = ['author', 'created', 'modified_by', 'modified']