# HG changeset patch # User Lennard de Rijk # Date 1233871992 0 # Node ID aca77e2cc8f751a01072d14ffd09549f11b17bd2 # Parent bea3987b2040f481022841fe08f122e484ca144f Added new access checks to deal with timeline for programs. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r bea3987b2040 -r aca77e2cc8f7 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Thu Feb 05 21:29:55 2009 +0000 +++ b/app/soc/views/helper/access.py Thu Feb 05 22:13:12 2009 +0000 @@ -40,6 +40,7 @@ from soc.logic import accounts from soc.logic import dicts from soc.logic import rights as rights_logic +from soc.logic.helper import timeline as timeline_helper from soc.logic.models.club_admin import logic as club_admin_logic from soc.logic.models.club_member import logic as club_member_logic from soc.logic.models.document import logic as document_logic @@ -104,6 +105,9 @@ DEF_PAGE_DENIED_MSG = ugettext( 'Access to this page has been restricted') +DEF_PAGE_INACTIVE_MSG = ugettext( + 'This page is inactive at this time') + DEF_LOGOUT_MSG_FMT = ugettext( 'Please sign out in order to view this page') @@ -677,6 +681,48 @@ @allowDeveloper + @denySidebar + def checkIsActivePeriod(self, django_args, period_name, key_name_arg): + """Checks if the given period is active for the given program. + + Args: + django_args: a dictionary with django's arguments. + period_name: the name of the period which is checked. + key_name_arg: the entry in django_args that specifies the given program + keyname. If none is given the key_name is constructed from django_args + itself. + + Raises: + AccessViolationResponse: + * if no active Program is found + * if the period is not active + """ + + if key_name_arg and key_name_arg in django_args: + key_name = django_args[key_name_arg] + else: + key_name = program_logic.getKeyNameFromFields(fields) + + program_entity = program_logic.getFromKeyName(key_name) + + if not program_entity or ( + program_entity.status in ['inactive', 'invalid']): + raise out_of_band.AccessViolation(message_fmt=DEF_SCOPE_INACTIVE_MSG) + + if timeline_helper.isActivePeriod(program_entity.timeline, period_name): + return + + raise out_of_band.AccessViolation(message_fmt=DEF_PAGE_INACTIVE_MSG) + + def checkCanCreateOrgApp(self, django_args, period_name): + if 'seed' in django_args: + return self.checkIsActivePeriod(django_args['seed'], + period_name, 'scope_path') + else: + return + + + @allowDeveloper def checkCanEditGroupApp(self, django_args, group_app_logic): """Checks if the group_app in args is valid to be edited by the current user.