# HG changeset patch # User Lennard de Rijk # Date 1232754127 0 # Node ID a40056afef83287cec7c3ef4b0a1dba45a53982d # Parent b341698bf3b18e999ae639ef90bd879e5fd272e6 Changed the access checks to comply with state in request. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r b341698bf3b1 -r a40056afef83 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Fri Jan 23 22:57:10 2009 +0000 +++ b/app/soc/views/helper/access.py Fri Jan 23 23:42:07 2009 +0000 @@ -245,8 +245,8 @@ raise out_of_band.LoginRequest(message_fmt=login_message_fmt) def checkCanCreateFromRequest(role_name): - """Raises an alternate HTTP response if the specified invite does not exist - or if it has not been group_accepted. + """Raises an alternate HTTP response if the specified request does not exist + or if it's state is not group_accepted. """ def wrapper(request, args, kwargs): checkAgreesToSiteToS(request, args, kwargs) @@ -262,15 +262,16 @@ request_entity = request_logic.getFromFieldsOr404(**fields) - if not request_entity.group_accepted: + if request_entity.state != 'group_accepted': # TODO tell the user that this request has not been accepted yet deny(request, args, kwargs) return return wrapper -def checkIsMyUncompletedRequest(request, args, kwargs): - """Raises an alternate HTTP response if the specified Request has been completed. +def checkIsMyGroupAcceptedRequest(request, args, kwargs): + """Raises an alternate HTTP response if the specified request does not exist + or if it's state is not group_accepted """ checkAgreesToSiteToS(request, args, kwargs) @@ -282,8 +283,7 @@ fields = {'link_id' : kwargs['link_id'], 'scope_path' : kwargs['scope_path'], - 'role' : kwargs['role'], - 'completed' : False} + 'role' : kwargs['role']} request_entity = request_logic.getForFields(fields, unique=True) @@ -291,6 +291,9 @@ # TODO return 404 return deny(request, args, kwargs) + if request_entity.state != 'group_accepted': + return deny(request, args, kwargs) + return def checkIsHost(request, args, kwargs): @@ -306,6 +309,14 @@ * if no User exists for the logged-in Google Account, or * if the user is not even logged in """ + + try: + # if the current user is invited to create a host profile we allow access + checkIsDeveloper(request, args, kwargs) + return + except out_of_band.Error: + pass + checkAgreesToSiteToS(request, args, kwargs) user = user_logic.getForFields({'account': users.get_current_user()}, diff -r b341698bf3b1 -r a40056afef83 app/soc/views/helper/redirects.py --- a/app/soc/views/helper/redirects.py Fri Jan 23 22:57:10 2009 +0000 +++ b/app/soc/views/helper/redirects.py Fri Jan 23 23:42:07 2009 +0000 @@ -123,7 +123,7 @@ return wrapped -def inviteAcceptedRedirect(entity, _): +def getInviteAcceptedRedirect(entity, _): """Returns the redirect for accepting an invite. """ diff -r b341698bf3b1 -r a40056afef83 app/soc/views/models/request.py --- a/app/soc/views/models/request.py Fri Jan 23 22:57:10 2009 +0000 +++ b/app/soc/views/models/request.py Fri Jan 23 23:42:07 2009 +0000 @@ -68,7 +68,7 @@ rights['listSelf'] = [access.checkAgreesToSiteToS] rights['create'] = [access.allow] # TODO(ljvderijk) Set to deny once host has been converted rights['edit'] = [access.checkIsDeveloper] - rights['process_invite'] = [access.checkIsMyUncompletedRequest] + rights['process_invite'] = [access.checkIsMyGroupAcceptedRequest] rights['list'] = [access.checkIsDeveloper] rights['delete'] = [access.checkIsDeveloper] @@ -150,7 +150,7 @@ context['entity'] = request_entity context['module_name'] = params['module_name'] context['invite_accepted_redirect'] = ( - redirects.getInviteAcceptedRedirect(entity, self._params)) + redirects.getInviteAcceptedRedirect(request_entity, self._params)) #display the invite processing page using the appropriate template template = params['invite_processing_template']