# HG changeset patch # User Lennard de Rijk # Date 1238147485 0 # Node ID c584eb2f57db719969dae4f9e3510c644d5bda13 # Parent bde6efa3df3f8c63ae493ef2b2c47682c6d5a8eb Added missing access checks to various roles. Addresses Issue 454. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r bde6efa3df3f -r c584eb2f57db app/soc/views/models/club_admin.py --- a/app/soc/views/models/club_admin.py Thu Mar 26 14:11:06 2009 +0000 +++ b/app/soc/views/models/club_admin.py Fri Mar 27 09:51:25 2009 +0000 @@ -52,7 +52,8 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)] + rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic), + ('checkIsMyEntity', club_admin.logic)] rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)] rights['accept_invite'] = [('checkCanCreateFromRequest', 'club_admin')] diff -r bde6efa3df3f -r c584eb2f57db app/soc/views/models/club_member.py --- a/app/soc/views/models/club_member.py Thu Mar 26 14:11:06 2009 +0000 +++ b/app/soc/views/models/club_member.py Fri Mar 27 09:51:25 2009 +0000 @@ -52,7 +52,8 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)] + rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic), + ('checkIsMyEntity', club_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)] rights['accept_invite'] = [('checkCanCreateFromRequest','club_member')] diff -r bde6efa3df3f -r c584eb2f57db app/soc/views/models/host.py --- a/app/soc/views/models/host.py Thu Mar 26 14:11:06 2009 +0000 +++ b/app/soc/views/models/host.py Fri Mar 27 09:51:25 2009 +0000 @@ -56,7 +56,8 @@ rights = access.Checker(params) rights['create'] = [('checkHasActiveRoleForScope', host_logic.logic)] - rights['edit'] = [('checkHasActiveRoleForScope', host_logic.logic)] + rights['edit'] = [('checkHasActiveRoleForScope', host_logic.logic), + ('checkIsMyEntity', host_logic.logic)] rights['invite'] = [('checkHasActiveRoleForScope', host_logic.logic)] rights['list'] = ['checkIsDeveloper'] rights['accept_invite'] = [('checkCanCreateFromRequest','host')] diff -r bde6efa3df3f -r c584eb2f57db app/soc/views/models/mentor.py --- a/app/soc/views/models/mentor.py Thu Mar 26 14:11:06 2009 +0000 +++ b/app/soc/views/models/mentor.py Fri Mar 27 09:51:25 2009 +0000 @@ -56,7 +56,8 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] rights['edit'] = [('checkHasActiveRoleForScope', - soc.logic.models.mentor.logic)] + soc.logic.models.mentor.logic), + ('checkIsMyEntity', soc.logic.models.mentor.logic)] rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', soc.logic.models.org_admin.logic)] diff -r bde6efa3df3f -r c584eb2f57db app/soc/views/models/org_admin.py --- a/app/soc/views/models/org_admin.py Thu Mar 26 14:11:06 2009 +0000 +++ b/app/soc/views/models/org_admin.py Fri Mar 27 09:51:25 2009 +0000 @@ -60,7 +60,8 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)] + rights['edit'] = [('checkHasActiveRoleForScope', org_admin_logic.logic), + ('checkIsMyEntity', org_admin_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['invite'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)] diff -r bde6efa3df3f -r c584eb2f57db app/soc/views/models/student.py --- a/app/soc/views/models/student.py Thu Mar 26 14:11:06 2009 +0000 +++ b/app/soc/views/models/student.py Fri Mar 27 09:51:25 2009 +0000 @@ -56,7 +56,8 @@ rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['edit'] = [('checkHasActiveRoleForScope', student_logic.logic)] + rights['edit'] = [('checkHasActiveRoleForScope', student_logic.logic), + ('checkIsMyEntity', student_logic.logic)] rights['delete'] = ['checkIsDeveloper'] rights['apply'] = [ 'checkIsUser',