Mercurial Mercurial > py_tasks_melange / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix access bug due to forgotten normalization
authorSverre Rabbelier <srabbelier@gmail.com>
Tue, 03 Mar 2009 19:27:55 +0000
changeset 1600 0aa3de1b2acc
parent 1599 b56976cac36b
child 1601 172e7de6c004
Fix access bug due to forgotten normalization Prevent this from happening again by wrapping all occurences of users.get_current_account with accounts.getCurrentAccount, which will always normalize (unless explicitly told not to). Patch by: Sverre Rabbelier
app/soc/cache/home.py file | annotate | diff | comparison | revisions
app/soc/cache/sidebar.py file | annotate | diff | comparison | revisions
app/soc/logic/accounts.py file | annotate | diff | comparison | revisions
app/soc/logic/mail_dispatcher.py file | annotate | diff | comparison | revisions
app/soc/logic/models/user.py file | annotate | diff | comparison | revisions
app/soc/views/helper/responses.py file | annotate | diff | comparison | revisions
app/soc/views/models/organization.py file | annotate | diff | comparison | revisions 
--- a/app/soc/cache/home.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/cache/home.py	Tue Mar 03 19:27:55 2009 +0000
@@ -25,7 +25,8 @@
 import logging
 
 from google.appengine.api import memcache
-from google.appengine.api import users
+
+from soc.logic import accounts
 
 import soc.cache.base
 
@@ -43,7 +44,8 @@
 
   # only cache the page for non-logged-in users
   # TODO: figure out how to cache everything but the sidebar
-  if users.get_current_user():
+  # also, no need to normalize as we don't use it anyway
+  if accounts.getCurrentAccount(normalize=False):
     return (None, None)
 
   entity = self._logic.getFromKeyFields(kwargs)
@@ -64,7 +66,8 @@
   """
 
   # no sense in storing anything if we won't query it later on
-  if users.get_current_user():
+  # also, no need to normalize as we don't use it anyway
+  if accounts.getCurrentAccount(normalize=False):
     return
 
   # Store sidebar for just ten minutes to force a refresh every so often
--- a/app/soc/cache/sidebar.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/cache/sidebar.py	Tue Mar 03 19:27:55 2009 +0000
@@ -23,10 +23,10 @@
 
 
 from google.appengine.api import memcache
-from google.appengine.api import users
 
 import soc.cache.base
 import soc.cache.rights
+import soc.logic.accounts
 
 
 def key(id):
@@ -67,7 +67,7 @@
   """
 
   if not id:
-    id = users.get_current_user()
+    id = soc.logic.accounts.getCurrentAccount()
 
   memcache_key = key(id)
   memcache.delete(memcache_key)
--- a/app/soc/logic/accounts.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/logic/accounts.py	Tue Mar 03 19:27:55 2009 +0000
@@ -27,6 +27,14 @@
 from google.appengine.api import users
 
 
+def getCurrentAccount(normalize=True):
+  """Returns an optionally normalized version of the current account.
+  """
+
+  account = users.get_current_user()
+  return normalizeAccount(account) if (account and normalize) else account
+
+
 def normalizeAccount(account):
   """Returns a normalized version of the specified account.
   """
@@ -68,7 +76,7 @@
   """
 
   # Get the currently logged in user
-  current = users.get_current_user()
+  current = getCurrentAccount()
 
   if current and (not account):
     # default to the current user
--- a/app/soc/logic/mail_dispatcher.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/logic/mail_dispatcher.py	Tue Mar 03 19:27:55 2009 +0000
@@ -67,7 +67,6 @@
 from django.template import loader
 
 from google.appengine.api import mail
-from google.appengine.api import users
 
 from soc.logic import dicts
 
@@ -147,7 +146,7 @@
     return (site_entity.site_name, site_entity.noreply_email)
 
   # use the email address of the current logged in user
-  account = users.get_current_user()
+  account = accounts.getCurrentAccount(normalize=False)
 
   # we need to retrieve account seperately, as user_logic normalizes it
   # and the GAE admin API is case sensitive
--- a/app/soc/logic/models/user.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/logic/models/user.py	Tue Mar 03 19:27:55 2009 +0000
@@ -68,7 +68,7 @@
     entity, None is returned.
     """
 
-    account = users.get_current_user()
+    account = accounts.getCurrentAccount()
 
     if not account:
       return None
@@ -102,9 +102,11 @@
       user: if not specified, defaults to the current user
     """
 
+    current = accounts.getCurrentAccount()
+
     if not account:
       # default account to the current logged in account
-      account = users.get_current_user()
+      account = current
 
     if account and (not user):
       # default user to the current logged in user
@@ -113,7 +115,7 @@
     if user and user.is_developer:
       return True
 
-    if account and (account == users.get_current_user()):
+    if account and (account == current):
       return users.is_current_user_admin()
 
   def agreesToSiteToS(self, entity):
--- a/app/soc/views/helper/responses.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/views/helper/responses.py	Tue Mar 03 19:27:55 2009 +0000
@@ -107,7 +107,7 @@
     }
   """
 
-  account = users.get_current_user()
+  account = accounts.getCurrentAccount()
   user = None
   is_admin = False
 
--- a/app/soc/views/models/organization.py	Tue Mar 03 03:37:16 2009 +0000
+++ b/app/soc/views/models/organization.py	Tue Mar 03 19:27:55 2009 +0000
@@ -204,7 +204,7 @@
     """See base.View.list.
     """
 
-    account = users.get_current_user()
+    account = accounts.getCurrentAccount()
     user = user_logic.logic.getForAccount(account) if account else None
 
     try:
py_tasks_melange