Created a seperate module for editSelf things
This improves the coherency in the user module, while at the same
time making it easier to set proper access control for the editSelf
related pages.
Patch by: Sverre Rabbelier
--- a/app/soc/views/helper/access.py Wed Nov 26 16:33:36 2008 +0000
+++ b/app/soc/views/helper/access.py Wed Nov 26 20:50:56 2008 +0000
@@ -53,6 +53,9 @@
DEF_PAGE_DENIED_MSG = ugettext_lazy(
'Access to this page has been restricted')
+DEF_LOGOUT_MSG_FMT = ugettext_lazy(
+ 'Please <a href="%(sign_out)s">sign out</a> in order to view this page')
+
def allow(request):
"""Never returns an alternate HTTP response
@@ -100,6 +103,27 @@
raise out_of_band.LoginRequest()
+def checkNotLoggedIn(request):
+ """Returns an alternate HTTP response if Google Account is not logged in.
+
+ Args:
+ request: a Django HTTP request
+
+ Raises:
+ AccessViolationResponse: If the required authorization is not met.
+
+ Returns:
+ None if the user is logged in, or a subclass of
+ django.http.HttpResponse which contains the alternate response
+ that should be returned by the calling view.
+ """
+
+ if not users.get_current_user():
+ return
+
+ raise out_of_band.LoginRequest(message_fmt=DEF_LOGOUT_MSG_FMT)
+
+
def checkIsUser(request):
"""Returns an alternate HTTP response if Google Account has no User entity.
--- a/app/soc/views/models/user.py Wed Nov 26 16:33:36 2008 +0000
+++ b/app/soc/views/models/user.py Wed Nov 26 20:50:56 2008 +0000
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-"""Views for Host profiles.
+"""Views for User profiles.
"""
__authors__ = [
@@ -110,49 +110,10 @@
key_name = forms.CharField(widget=forms.HiddenInput)
-class UserForm(helper.forms.BaseForm):
- """Django form displayed when creating or editing a User.
- """
- class Meta:
- """Inner Meta class that defines some behavior for the form.
- """
- #: db.Model subclass for which the form will gather information
- model = soc.models.user.User
-
- #: list of model fields which will *not* be gathered by the form
- exclude = ['account', 'former_accounts', 'is_developer']
-
- def clean_link_id(self):
- link_id = self.cleaned_data.get('link_id')
- if not validate.isLinkIdFormatValid(link_id):
- raise forms.ValidationError("This link ID is in wrong format.")
-
- user = soc.logic.models.user.logic.getForFields({'link_id': link_id},
- unique=True)
-
- # Get the currently logged in user account
- current_account = users.get_current_user()
-
- if user:
- if current_account != user.account:
- raise forms.ValidationError("This link ID is already in use.")
-
- return link_id
-
-
class View(base.View):
"""View methods for the User model.
"""
- DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext_lazy(
- 'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
- ' one or more of the following reasons:'
- '<ul>'
- ' <li>the account is invalid</li>'
- ' <li>the account is already attached to a User profile and cannot be'
- ' used to create another one</li>'
- ' <li>the account is a former account that cannot be used again</li>'
- '</ul>')
def __init__(self, original_params=None):
"""Defines the fields and methods required for the base View class
@@ -164,12 +125,7 @@
self._logic = soc.logic.models.user.logic
- rights = {}
- rights['editSelf'] = [access.allow]
- rights['roles'] = [access.checkIsUser]
-
params = {}
- params['rights'] = rights
params['name'] = "User"
params['name_short'] = "User"
@@ -188,96 +144,7 @@
base.View.__init__(self, params=params)
- EDIT_SELF_TMPL = 'soc/user/edit_self.html'
- def editSelf(self, request, page_name=None, params=None, **kwargs):
- """Displays User self edit page for the entity specified by **kwargs.
-
- Args:
- request: the standard Django HTTP request object
- page_name: the page name displayed in templates as page and header title
- params: a dict with params for this View
- kwargs: The Key Fields for the specified entity
- """
-
- try:
- self.checkAccess('editSelf', request)
- except out_of_band.Error, error:
- return error.response(request, template=self.EDIT_SELF_TMPL)
-
- new_params = {}
- new_params['edit_template'] = self.EDIT_SELF_TMPL
-
- params = dicts.merge(params, new_params)
- params = dicts.merge(params, self._params)
-
- account = users.get_current_user()
- properties = {'account': account}
-
- user = soc.logic.models.user.logic.getForFields(properties, unique=True)
-
- # create default template context for use with any templates
- context = helper.responses.getUniversalContext(request)
-
- if request.method == 'POST':
- form = UserForm(request.POST)
-
- if form.is_valid():
- new_link_id = form.cleaned_data.get('link_id')
- properties = {
- 'link_id': new_link_id,
- 'name': form.cleaned_data.get("name"),
- 'account': account,
- }
-
- # check if user account is not in former_accounts
- # if it is show error message that account is invalid
- if soc.logic.models.user.logic.isFormerAccount(account):
- msg = self.DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
- 'email': account.email()}
- error = out_of_band.Error(msg)
- return error.response(request, template=self.EDIT_SELF_TMPL,
- context=context)
-
- user = soc.logic.models.user.logic.updateOrCreateFromFields(
- properties, {'link_id': new_link_id})
-
- # redirect to /user/profile?s=0
- # (causes 'Profile saved' message to be displayed)
- return helper.responses.redirectToChangedSuffix(
- request, None, params=params['edit_params'])
- else: # request.method == 'GET'
- if user:
- # is 'Profile saved' parameter present, but referrer was not ourself?
- # (e.g. someone bookmarked the GET that followed the POST submit)
- if (request.GET.get(self.DEF_SUBMIT_MSG_PARAM_NAME)
- and (not helper.requests.isReferrerSelf(request))):
- # redirect to aggressively remove 'Profile saved' query parameter
- return http.HttpResponseRedirect(request.path)
-
- # referrer was us, so select which submit message to display
- # (may display no message if ?s=0 parameter is not present)
- context['notice'] = (
- helper.requests.getSingleIndexedParamValue(
- request, self.DEF_SUBMIT_MSG_PARAM_NAME,
- values=params['save_message']))
-
- # populate form with the existing User entity
- form = UserForm(instance=user)
- else:
- if request.GET.get(self.DEF_SUBMIT_MSG_PARAM_NAME):
- # redirect to aggressively remove 'Profile saved' query parameter
- return http.HttpResponseRedirect(request.path)
-
- # no User entity exists for this Google Account, so show a blank form
- form = UserForm()
-
- context['form'] = form
-
- template = params['edit_template']
-
- return helper.responses.respond(request, template, context)
-
def _editGet(self, request, entity, form):
"""See base.View._editGet().
"""
@@ -290,33 +157,6 @@
# fill in the account field with the user created from email
fields['account'] = users.User(fields['email'])
- def getUserSidebar(self, request):
- """Returns an dictionary with the user sidebar entry.
- """
-
- params = {}
- params['sidebar_heading'] = "User (self)"
- params['sidebar'] = [
- ('/' + self._params['url_name'] + '/edit', 'Profile', 'editSelf'),
- ('/' + self._params['url_name'] + '/roles', 'Roles', 'roles'),
- ]
- return self.getSidebarLinks(request, params)
-
- def getDjangoURLPatterns(self):
- """See base.View.getDjangoURLPatterns().
- """
-
- patterns = super(View, self).getDjangoURLPatterns()
- patterns += [(r'^' + self._params['url_name'] + '/edit$',
- 'soc.views.models.user.edit_self')]
-
- page_name = "Requests Overview"
- patterns += [(r'^' + self._params['url_name'] + '/roles$',
- 'soc.views.models.request.list_self',
- {'page_name': page_name}, page_name)]
-
- return patterns
-
view = View()
@@ -325,4 +165,3 @@
edit = view.edit
list = view.list
public = view.public
-edit_self = view.editSelf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/app/soc/views/models/user_self.py Wed Nov 26 20:50:56 2008 +0000
@@ -0,0 +1,255 @@
+#!/usr/bin/python2.5
+#
+# Copyright 2008 the Melange authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Views for the User's own profiles.
+"""
+
+__authors__ = [
+ '"Sverre Rabbelier" <sverre@rabbelier.nl>',
+ '"Pawel Solyga" <pawel.solyga@gmail.com>',
+ ]
+
+
+from google.appengine.api import users
+
+from django import forms
+from django.utils.translation import ugettext_lazy
+
+from soc.logic import dicts
+from soc.logic import validate
+from soc.logic.models import user as user_logic
+from soc.views import helper
+from soc.views import out_of_band
+from soc.views.helper import access
+from soc.views.models import base
+
+import soc.models.linkable
+import soc.models.user
+import soc.logic.models.user
+import soc.views.helper
+
+
+class UserForm(helper.forms.BaseForm):
+ """Django form displayed when creating or editing a User.
+ """
+ class Meta:
+ """Inner Meta class that defines some behavior for the form.
+ """
+ #: db.Model subclass for which the form will gather information
+ model = soc.models.user.User
+
+ #: list of model fields which will *not* be gathered by the form
+ exclude = ['account', 'former_accounts', 'is_developer']
+
+ def clean_link_id(self):
+ link_id = self.cleaned_data.get('link_id')
+ if not validate.isLinkIdFormatValid(link_id):
+ raise forms.ValidationError("This link ID is in wrong format.")
+
+ user = soc.logic.models.user.logic.getForFields({'link_id': link_id},
+ unique=True)
+
+ # Get the currently logged in user account
+ current_account = users.get_current_user()
+
+ if user:
+ if current_account != user.account:
+ raise forms.ValidationError("This link ID is already in use.")
+
+ return link_id
+
+
+class View(base.View):
+ """View methods for the User model.
+ """
+
+ DEF_USER_ACCOUNT_INVALID_MSG_FMT = ugettext_lazy(
+ 'The <b><i>%(email)s</i></b> account cannot be used with this site, for'
+ ' one or more of the following reasons:'
+ '<ul>'
+ ' <li>the account is invalid</li>'
+ ' <li>the account is already attached to a User profile and cannot be'
+ ' used to create another one</li>'
+ ' <li>the account is a former account that cannot be used again</li>'
+ '</ul>')
+
+ def __init__(self, original_params=None):
+ """Defines the fields and methods required for the base View class
+ to provide the user with list, public, create, edit and delete views.
+
+ Params:
+ original_params: a dict with params for this View
+ """
+
+ self._logic = soc.logic.models.user.logic
+
+ rights = {}
+ rights['unspecified'] = [access.deny]
+ rights['any_access'] = [access.allow]
+ rights['editSelf'] = [access.checkIsLoggedIn]
+ rights['roles'] = [access.checkIsUser]
+ rights['signIn'] = [access.checkNotLoggedIn]
+
+ params = {}
+ params['rights'] = rights
+
+ params['name'] = "User"
+ params['name_short'] = "User"
+ params['name_plural'] = "Users"
+ params['url_name'] = "user"
+ params['module_name'] = "user_self"
+
+ params['sidebar_heading'] = 'Users'
+
+ params = dicts.merge(original_params, params)
+
+ base.View.__init__(self, params=params)
+
+ EDIT_SELF_TMPL = 'soc/user/edit_self.html'
+
+ def edit(self, request, page_name=None, params=None, **kwargs):
+ """Displays User self edit page for the entity specified by **kwargs.
+
+ Args:
+ request: the standard Django HTTP request object
+ page_name: the page name displayed in templates as page and header title
+ params: a dict with params for this View
+ kwargs: The Key Fields for the specified entity
+ """
+
+ try:
+ self.checkAccess('editSelf', request)
+ except out_of_band.Error, error:
+ return error.response(request, template=self.EDIT_SELF_TMPL)
+
+ new_params = {}
+ new_params['edit_template'] = self.EDIT_SELF_TMPL
+
+ params = dicts.merge(params, new_params)
+ params = dicts.merge(params, self._params)
+
+ account = users.get_current_user()
+ properties = {'account': account}
+
+ user = soc.logic.models.user.logic.getForFields(properties, unique=True)
+
+ # create default template context for use with any templates
+ context = helper.responses.getUniversalContext(request)
+
+ if request.method == 'POST':
+ form = UserForm(request.POST)
+
+ if form.is_valid():
+ new_link_id = form.cleaned_data.get('link_id')
+ properties = {
+ 'link_id': new_link_id,
+ 'name': form.cleaned_data.get("name"),
+ 'account': account,
+ }
+
+ # check if user account is not in former_accounts
+ # if it is show error message that account is invalid
+ if soc.logic.models.user.logic.isFormerAccount(account):
+ msg = self.DEF_USER_ACCOUNT_INVALID_MSG_FMT % {
+ 'email': account.email()}
+ error = out_of_band.Error(msg)
+ return error.response(request, template=self.EDIT_SELF_TMPL,
+ context=context)
+
+ user = soc.logic.models.user.logic.updateOrCreateFromFields(
+ properties, {'link_id': new_link_id})
+
+ # redirect to /user/profile?s=0
+ # (causes 'Profile saved' message to be displayed)
+ return helper.responses.redirectToChangedSuffix(
+ request, None, params=params['edit_params'])
+ else: # request.method == 'GET'
+ if user:
+ # is 'Profile saved' parameter present, but referrer was not ourself?
+ # (e.g. someone bookmarked the GET that followed the POST submit)
+ if (request.GET.get(self.DEF_SUBMIT_MSG_PARAM_NAME)
+ and (not helper.requests.isReferrerSelf(request))):
+ # redirect to aggressively remove 'Profile saved' query parameter
+ return http.HttpResponseRedirect(request.path)
+
+ # referrer was us, so select which submit message to display
+ # (may display no message if ?s=0 parameter is not present)
+ context['notice'] = (
+ helper.requests.getSingleIndexedParamValue(
+ request, self.DEF_SUBMIT_MSG_PARAM_NAME,
+ values=params['save_message']))
+
+ # populate form with the existing User entity
+ form = UserForm(instance=user)
+ else:
+ if request.GET.get(self.DEF_SUBMIT_MSG_PARAM_NAME):
+ # redirect to aggressively remove 'Profile saved' query parameter
+ return http.HttpResponseRedirect(request.path)
+
+ # no User entity exists for this Google Account, so show a blank form
+ form = UserForm()
+
+ context['form'] = form
+
+ template = params['edit_template']
+
+ return helper.responses.respond(request, template, context)
+
+ def _editGet(self, request, entity, form):
+ """See base.View._editGet().
+ """
+ # fill in the email field with the data from the entity
+ form.fields['email'].initial = entity.account.email()
+
+ def _editPost(self, request, entity, fields):
+ """See base.View._editPost().
+ """
+ # fill in the account field with the user created from email
+ fields['account'] = users.User(fields['email'])
+
+ def getSidebarLinks(self, request):
+ """Returns an dictionary with the user sidebar entry.
+ """
+
+ params = {}
+ params['sidebar_heading'] = "User (self)"
+ params['sidebar'] = [
+ (users.create_login_url(request.path), 'Sign In', 'signIn'),
+ ('/' + self._params['url_name'] + '/edit', 'Profile', 'editSelf'),
+ ('/' + self._params['url_name'] + '/roles', 'Roles', 'roles'),
+ ]
+
+ return super(View, self).getSidebarLinks(request, params)
+
+ def getDjangoURLPatterns(self):
+ """See base.View.getDjangoURLPatterns().
+ """
+
+ patterns = []
+ patterns += [(r'^' + self._params['url_name'] + '/edit$',
+ 'soc.views.models.user_self.edit')]
+
+ page_name = "Requests Overview"
+ patterns += [(r'^' + self._params['url_name'] + '/roles$',
+ 'soc.views.models.request.list_self',
+ {'page_name': page_name}, page_name)]
+
+ return patterns
+
+
+view = View()
+
+edit = view.edit
--- a/app/soc/views/sitemap/build.py Wed Nov 26 16:33:36 2008 +0000
+++ b/app/soc/views/sitemap/build.py Wed Nov 26 20:50:56 2008 +0000
@@ -29,6 +29,7 @@
from soc.views.models import host
from soc.views.models import request
from soc.views.models import user
+from soc.views.models import user_self
from soc.views.models import site
from soc.views.models import sponsor
@@ -36,7 +37,7 @@
from soc.views.sitemap import sitemap
-sidebar.addMenu(user.view.getUserSidebar)
+sidebar.addMenu(user_self.view.getSidebarLinks)
sidebar.addMenu(presence.view.getSidebarLinks)
sidebar.addMenu(site.view.getSidebarLinks)
sidebar.addMenu(user.view.getSidebarLinks)
@@ -48,6 +49,7 @@
sitemap.addPages(presence.view.getDjangoURLPatterns())
sitemap.addPages(site.view.getDjangoURLPatterns())
sitemap.addPages(user.view.getDjangoURLPatterns())
+sitemap.addPages(user_self.view.getDjangoURLPatterns())
sitemap.addPages(document.view.getDjangoURLPatterns())
sitemap.addPages(sponsor.view.getDjangoURLPatterns())
sitemap.addPages(host.view.getDjangoURLPatterns())