Mercurial Mercurial > py_tasks_melange / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add custom access check for document listing
authorSverre Rabbelier <srabbelier@gmail.com>
Sat, 14 Feb 2009 16:43:20 +0000
changeset 1318 3f41f33a4ad2
parent 1317 fad74cf4e5da
child 1319 042347748c45
Add custom access check for document listing Patch by: Sverre Rabbelier
app/soc/logic/rights.py file | annotate | diff | comparison | revisions
app/soc/views/helper/access.py file | annotate | diff | comparison | revisions
app/soc/views/models/document.py file | annotate | diff | comparison | revisions 
--- a/app/soc/logic/rights.py	Sat Feb 14 15:57:53 2009 +0000
+++ b/app/soc/logic/rights.py	Sat Feb 14 16:43:20 2009 +0000
@@ -32,36 +32,42 @@
       'admin': [],
       'restricted': ['host'],
       'member': ['user'],
+      'list': [],
       }
 
   CLUB_MEMBERSHIP = {
       'admin': ['host', 'club_admin'],
       'restricted': ['host', 'club_admin'],
       'member': ['host', 'club_admin', 'club_member'],
+      'list': ['host', 'club_admin', 'club_member'],
       }
 
   SPONSOR_MEMBERSHIP = {
       'admin': ['host'],
       'restricted': ['host'],
       'member': ['host'],
+      'list': ['host'],
       }
 
   PROGRAM_MEMBERSHIP = {
       'admin': ['host'],
       'restricted': ['host', 'org_admin'],
       'member': ['host', 'org_admin', 'org_mentor', 'org_student'],
+      'list': ['host', 'org_admin', 'org_mentor'],
       }
 
   ORGANIZATION_MEMBERSHIP = {
       'admin': ['host', 'org_admin'],
       'restricted': ['host', 'org_admin', 'org_mentor'],
       'member': ['host', 'org_admin', 'org_mentor', 'org_student'],
+      'list': ['host', 'org_admin', 'org_mentor'],
       }
 
   USER_MEMBERSHIP = {
       'admin': ['user_self'],
       'restricted': ['user_self'], # ,'friends'
       'member': ['user'],
+      'list': ['user_self'],
       }
 
   RIGHTS = {
@@ -96,4 +102,10 @@
     """Returns all memberships for the configured prefix.
     """
 
-    return dicts.merge(self.rights, {'user': ['user'], 'public': ['anyone']})
+    extra_rights = {
+        'user': ['user'],
+        'public': ['anyone'],
+        'list': [],
+        }
+
+    return dicts.merge(extra_rights, self.rights)
--- a/app/soc/views/helper/access.py	Sat Feb 14 15:57:53 2009 +0000
+++ b/app/soc/views/helper/access.py	Sat Feb 14 16:43:20 2009 +0000
@@ -111,6 +111,9 @@
 DEF_SCOPE_INACTIVE_MSG = ugettext(
     'The scope for this request is not active.')
 
+DEF_NO_LIST_ACCESS_MSG = ugettext(
+    'You do not have the required rights to list documents for this scope and prefix.')
+
 DEF_PAGE_DENIED_MSG = ugettext(
     'Access to this page has been restricted')
 
@@ -949,6 +952,22 @@
                          document.write_access, django_args)
 
   @allowDeveloper
+  def checkDocumentList(self, django_args):
+    """Checks whether the user is allowed to list documents.
+    """
+
+    filter = django_args['filter']
+
+    prefix = filter['prefix']
+    scope_path = filter['scope_path']
+
+    checker = rights_logic.Checker(prefix)
+    roles = checker.getMembership('list')
+
+    if not self.hasMembership(roles, filter):
+      raise out_of_band.AccessViolation(message_fmt=DEF_NO_LIST_ACCESS_MSG)
+
+  @allowDeveloper
   def checkDocumentPick(self, django_args):
     """Checks whether the user has access to the specified pick url.
 
--- a/app/soc/views/models/document.py	Sat Feb 14 15:57:53 2009 +0000
+++ b/app/soc/views/models/document.py	Sat Feb 14 16:43:20 2009 +0000
@@ -65,6 +65,7 @@
     rights['create'] = ['checkIsUser']
     rights['edit'] = ['checkIsDocumentWritable']
     rights['delete'] = ['checkIsDocumentWritable']
+    rights['list'] = ['checkDocumentList']
     rights['pick'] = ['checkDocumentPick']
 
     new_params = {}
py_tasks_melange