# HG changeset patch # User Lennard de Rijk # Date 1233667672 0 # Node ID e68fd70ba0768388d4c1a5dd4f2c4ecfc1c9f410 # Parent 4e69a5f30a9a31b2e7a49b491ce03c08a198d16a Added checkCanEditGroupApp to access.py. Group Applications can now only be edited if they are either rejected or still in need of review. Also fixed a bug in checkIsMyEntity. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed diff -r 4e69a5f30a9a -r e68fd70ba076 app/soc/views/helper/access.py --- a/app/soc/views/helper/access.py Tue Feb 03 13:26:34 2009 +0000 +++ b/app/soc/views/helper/access.py Tue Feb 03 13:27:52 2009 +0000 @@ -658,6 +658,34 @@ new_args = {'scope_path': program.scope_path } self.checkHasRole(new_args, host_logic) + + @allowDeveloper + def checkCanEditGroupApp(self, django_args, group_app_logic): + """Checks if the group_app in args is valid to be edited. + + Args: + group_app_logic: A logic instance for the Group Application + """ + + self.checkIsUser(django_args) + + fields = { + 'link_id': django_args['link_id'], + 'applicant': self.user, + 'status' : ['needs review', 'rejected'] + } + + if 'scope_path' in django_args: + fields['scope_path'] = django_args['scope_path'] + + entity = group_app_logic.getForFields(fields) + + if entity: + return + + raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG) + + @allowDeveloper def checkIsApplicationAccepted(self, django_args, app_logic): """Returns an alternate HTTP response if Google Account has no Club App @@ -702,6 +730,9 @@ field_name: self.user if user else self.user.key().name() } + if 'scope_path' in django_args: + fields['scope_path'] = django_args['scope_path'] + entity = logic.getForFields(fields) if entity: diff -r 4e69a5f30a9a -r e68fd70ba076 app/soc/views/models/club_app.py --- a/app/soc/views/models/club_app.py Tue Feb 03 13:26:34 2009 +0000 +++ b/app/soc/views/models/club_app.py Tue Feb 03 13:27:52 2009 +0000 @@ -50,13 +50,13 @@ rights = access.Checker(params) rights['create'] = ['checkIsUser'] - rights['delete'] = [('checkIsMyEntity', - [club_app_logic.logic, 'applicant', True])] - rights['edit'] = [('checkIsMyEntity', - [club_app_logic.logic, 'applicant', True])] + rights['delete'] = [('checkCanEditGroupApp', + [club_app_logic.logic])] + rights['edit'] = [('checkCanEditGroupApp', + [club_app_logic.logic])] rights['list'] = ['checkIsUser'] - rights['public'] = [('checkIsMyEntity', - [club_app_logic.logic, 'applicant', True])] + rights['public'] = [('checkCanEditGroupApp', + [club_app_logic.logic])] rights['review'] = [('checkHasRole', host_logic.logic)] new_params = {} diff -r 4e69a5f30a9a -r e68fd70ba076 app/soc/views/models/org_app.py --- a/app/soc/views/models/org_app.py Tue Feb 03 13:26:34 2009 +0000 +++ b/app/soc/views/models/org_app.py Tue Feb 03 13:27:52 2009 +0000 @@ -49,13 +49,13 @@ #TODO(ljvderijk) do the right rights check rights = access.Checker(params) rights['create'] = ['checkIsDeveloper'] - rights['delete'] = [('checkIsMyEntity', - [org_app_logic.logic, 'applicant', True])] - rights['edit'] = [('checkIsMyEntity', - [org_app_logic.logic, 'applicant', True])] + rights['delete'] = [('checkCanEditGroupApp', + [org_app_logic.logic])] + rights['edit'] = [('checkCanEditGroupApp', + [org_app_logic.logic])] rights['list'] = ['checkIsDeveloper'] - rights['public'] = [('checkIsMyEntity', - [org_app_logic.logic, 'applicant', True])] + rights['public'] = [('checkCanEditGroupApp', + [org_app_logic.logic])] rights['review'] = ['checkIsDeveloper'] new_params = {}