Added access check to student_proposal review.
Hosts and Developers can comment but not score an proposal (unless of course they are an org_admin/mentor).
Fixed the initial scoring being set to -4, which is annoying if you just want to comment.
Patch by: Lennard de Rijk
Reviewed by: to-be-reviewed
--- a/app/soc/views/models/student_proposal.py Wed Mar 04 16:47:59 2009 +0000
+++ b/app/soc/views/models/student_proposal.py Wed Mar 04 16:48:10 2009 +0000
@@ -81,8 +81,9 @@
rights['apply'] = [
('checkIsStudent', ['scope_path', ['active']]),
('checkCanStudentPropose', 'scope_path')]
- # TODO(ljvderijk) access check for review view
- rights['review'] = ['checkIsDeveloper']
+ rights['review'] = [('checkRoleAndStatusForStudentProposal',
+ [['org_admin', 'mentor', 'host'],
+ ['active'], ['new', 'pending']])]
new_params = {}
new_params['logic'] = soc.logic.models.student_proposal.logic
@@ -408,7 +409,7 @@
# get the roles important for reviewing an application
filter = {'user': user_logic.logic.getForCurrentAccount(),
'scope': entity.org,
- 'status': 'active',}
+ 'status': 'active'}
org_admin_entity = org_admin_logic.logic.getForFields(filter, unique=True)
mentor_entity = mentor_logic.logic.getForFields(filter, unique=True)
@@ -475,13 +476,11 @@
comment = fields['comment']
given_score = int(fields['score'])
- if not is_public and given_score is not 0:
- # if it is not a public comment we use the score and display
- # an additional message in the comment
+ if (org_admin or mentor) and (not is_public) and (given_score is not 0):
+ # if it is not a public comment and it's made by a member of the
+ # organization we score and display an additional message in the comment
new_score = given_score + entity.score
- name = 'Someone'
-
if org_admin:
name = org_admin.name()
elif mentor:
@@ -490,8 +489,14 @@
# TODO(ljvderijk) hook up comments
comment = '%s has given %i points \n %s' %(name, given_score, comment)
+ properties = {'score': new_score}
+
+ # if the proposal is new we change it status to pending
+ if entity.status == 'new':
+ properties['status'] = 'pending'
+
# update the proposal with the new score
- self._logic.updateEntityProperties(entity, {'score': new_score})
+ self._logic.updateEntityProperties(entity, properties)
# redirect to the same page
return http.HttpResponseRedirect('')
@@ -508,9 +513,11 @@
rest: see base.View.public()
"""
- initial = {}
+ # set the initial score since the default is ignored
+ initial = {'score': 0}
if org_admin and entity.mentor:
+ # set the mentor field to the current mentor
initial['mentor'] = entity.mentor.link_id
context['form'] = form(initial)