# HG changeset patch # User Sverre Rabbelier # Date 1229028862 0 # Node ID 9eb2522dfa8348f5b05126e54c05c433513f902c # Parent 2e635755713a3bf60938acd2bc39138161582283 Make it possible to invite another Host as Host We do this by asking Django to resolve the current url for us, then reshufle that url and ask Django (again) to resolve that new url. From that resolved url we know the appropriate view, and as such we know which rights dictioanry to pass to access.checkAccess. Patch by: Sverre Rabbelier diff -r 2e635755713a -r 9eb2522dfa83 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Thu Dec 11 20:53:57 2008 +0000 +++ b/app/soc/views/helper/access.py Thu Dec 11 20:54:22 2008 +0000 @@ -33,8 +33,10 @@ from google.appengine.api import users from django.utils.translation import ugettext_lazy +from django.core import urlresolvers from soc.logic import accounts +from soc.logic import dicts from soc.logic.models import host as host_logic from soc.logic.models import user as user_logic from soc.logic.models import request as request_logic @@ -233,7 +235,7 @@ """ try: - # if the current user is a developer we allow access + # if the current user is invited to create a host profile we allow access checkIsInvited(request) return except out_of_band.Error: @@ -317,6 +319,48 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) +def checkCanInvite(request): + """Checks to see if the current user can create an invite + + Note that if the current url is not in the default 'request' form + this method either deny()s or performs the wrong access check. + + Args: + request: a Django HTTP request + """ + + try: + # if the current user is a developer we allow access + checkIsDeveloper(request) + return + except out_of_band.Error: + pass + + # Mine the url for params + try: + callback, args, kwargs = urlresolvers.resolve(request.path) + except Exception: + deny(request) + + # Construct a new url by reshufling the kwargs + order = ['role', 'access_type', 'scope_path', 'link_id'] + url_params = dicts.unzip(kwargs, order) + url = '/'.join([''] + list(url_params)) + + # Mine the reshufled url + try: + callback, args, kwargs = urlresolvers.resolve(url) + except Exception: + deny(request) + + # Get the everything we need for the access check + params = callback.im_self.getParams() + access_type = kwargs['access_type'] + + # Perform the access check + helper.access.checkAccess(access_type, request, rights=params['rights']) + + def checkIsDocumentPublic(request): """Checks whether a document is public. diff -r 2e635755713a -r 9eb2522dfa83 app/soc/views/models/request.py --- a/app/soc/views/models/request.py Thu Dec 11 20:53:57 2008 +0000 +++ b/app/soc/views/models/request.py Thu Dec 11 20:54:22 2008 +0000 @@ -103,6 +103,7 @@ rights = {} rights['listSelf'] = [access.checkIsUser] + rights['create'] = [access.checkCanInvite] new_params = {} new_params['rights'] = rights