# HG changeset patch # User Todd Larsen # Date 1232574096 0 # Node ID b3bf833c4580dbd58403f0494899a1f4ae2e5fba # Parent 5f3136a5eb4c83ff5c995fb4656fc0414ebf83e6 Tighten more checkIsUser() access to checkAgreesToSiteToS() instead. Update the checkIsHost() comment. Patch by: Todd Larsen Review by: to-be-reviewed diff -r 5f3136a5eb4c -r b3bf833c4580 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Wed Jan 21 21:32:51 2009 +0000 +++ b/app/soc/views/helper/access.py Wed Jan 21 21:41:36 2009 +0000 @@ -236,20 +236,21 @@ def checkIsHost(request, args, kwargs): - """Returns an alternate HTTP response if Google Account has no Host entity + """Raises an alternate HTTP response if Google Account has no Host entity for the specified program. Args: request: a Django HTTP request - Raises: - AccessViolationResponse: if the required authorization is not met - - Returns: - None if Host exists for the specified program, or a subclass of - django.http.HttpResponse which contains the alternate response - should be returned by the calling view. + Raises: + AccessViolationResponse: + * if User has not been invited to be a Host, or + * if User is not already a Host, or + * if User has not agreed to the site-wide ToS, or + * if no User exists for the logged-in Google Account, or + * if the user is not even logged in """ + checkAgreesToSiteToS(request, args, kwargs) try: # if the current user is invited to create a host profile we allow access @@ -258,8 +259,6 @@ except out_of_band.Error: pass - checkAgreesToSiteToS(request, args, kwargs) - user = user_logic.getForFields({'account': users.get_current_user()}, unique=True) diff -r 5f3136a5eb4c -r b3bf833c4580 app/soc/views/helper/params.py --- a/app/soc/views/helper/params.py Wed Jan 21 21:32:51 2009 +0000 +++ b/app/soc/views/helper/params.py Wed Jan 21 21:41:36 2009 +0000 @@ -73,7 +73,7 @@ rights = {} rights['unspecified'] = [] rights['any_access'] = [access.checkIsLoggedIn] - rights['show'] = [access.checkIsUser] + rights['show'] = [access.checkAgreesToSiteToS] rights['create'] = [access.checkIsDeveloper] rights['edit'] = [access.checkIsDeveloper] rights['delete'] = [access.checkIsDeveloper] diff -r 5f3136a5eb4c -r b3bf833c4580 app/soc/views/models/club_app.py --- a/app/soc/views/models/club_app.py Wed Jan 21 21:32:51 2009 +0000 +++ b/app/soc/views/models/club_app.py Wed Jan 21 21:41:36 2009 +0000 @@ -56,10 +56,10 @@ """ rights = {} - rights['create'] = [access.checkIsUser] + rights['create'] = [access.checkAgreesToSiteToS] rights['delete'] = [access.checkIsMyApplication(club_app_logic)] rights['edit'] = [access.checkIsMyApplication(club_app_logic)] - rights['list'] = [access.checkIsUser] + rights['list'] = [access.checkAgreesToSiteToS] rights['public'] = [access.checkIsMyApplication(club_app_logic)] rights['review'] = [access.checkIsDeveloper] diff -r 5f3136a5eb4c -r b3bf833c4580 app/soc/views/models/notification.py --- a/app/soc/views/models/notification.py Wed Jan 21 21:32:51 2009 +0000 +++ b/app/soc/views/models/notification.py Wed Jan 21 21:41:36 2009 +0000 @@ -87,7 +87,7 @@ rights['edit'] = [access.deny] rights['show'] = [access.checkIsMyNotification] rights['delete'] = [access.checkIsMyNotification] - rights['list'] = [access.checkIsUser] + rights['list'] = [access.checkAgreesToSiteToS] # create is developer only for the time being to test functionality rights['create'] = [access.checkIsDeveloper] diff -r 5f3136a5eb4c -r b3bf833c4580 app/soc/views/models/request.py --- a/app/soc/views/models/request.py Wed Jan 21 21:32:51 2009 +0000 +++ b/app/soc/views/models/request.py Wed Jan 21 21:41:36 2009 +0000 @@ -103,7 +103,7 @@ """ rights = {} - rights['listSelf'] = [access.checkIsUser] + rights['listSelf'] = [access.checkAgreesToSiteToS] rights['create'] = [access.checkCanInvite] new_params = {} diff -r 5f3136a5eb4c -r b3bf833c4580 app/soc/views/models/user_self.py --- a/app/soc/views/models/user_self.py Wed Jan 21 21:32:51 2009 +0000 +++ b/app/soc/views/models/user_self.py Wed Jan 21 21:41:36 2009 +0000 @@ -116,9 +116,9 @@ rights['unspecified'] = [access.deny] rights['any_access'] = [access.allow] rights['edit'] = [access.checkIsLoggedIn] - rights['roles'] = [access.checkIsUser] + rights['roles'] = [access.checkAgreesToSiteToS] rights['signIn'] = [access.checkNotLoggedIn] - rights['notification'] = [access.checkIsUser] + rights['notification'] = [access.checkAgreesToSiteToS] new_params = {} new_params['rights'] = rights