--- a/app/soc/views/helper/responses.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/helper/responses.py	Thu Feb 26 16:58:15 2009 +0000
@@ -32,13 +32,13 @@
 from soc.logic import accounts
 from soc.logic import system
 from soc.logic.models import site
+from soc.logic.models.user import logic as user_logic
 from soc.views import helper
 from soc.views.helper import redirects
 from soc.views.helper import templates
 from soc.views.sitemap import sidebar
 
 import soc.logic
-import soc.logic.models.user
 import soc.views.helper.requests
 
 
@@ -114,8 +114,8 @@
   context['request'] = request
 
   if account:
-    user = soc.logic.models.user.logic.getForCurrentAccount()
-    is_admin = accounts.isDeveloper(account=account)
+    user = user_logic.getForAccount(account)
+    is_admin = user_logic.isDeveloper(account=account, user=user)
 
   context['account'] = account
   context['user'] = user

--- a/app/soc/views/models/club.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/models/club.py	Thu Feb 26 16:58:15 2009 +0000
@@ -58,15 +58,15 @@
 
     rights = access.Checker(params)
     rights['create'] = ['checkIsDeveloper']
-    rights['edit'] = [('checkHasActiveRoleForScope', [club_admin_logic.logic, 'link_id']),
-                      ('checkIsActive', [club_logic.logic, None])]
+    rights['edit'] = [('checkHasActiveRoleForLinkId', club_admin_logic.logic),
+                      ('checkGroupIsActiveForLinkId', club_logic.logic)]
     rights['delete'] = ['checkIsDeveloper']
     rights['home'] = ['allow']
     rights['list'] = ['checkIsDeveloper']
     rights['apply_member'] = ['checkIsUser',
-                              ('checkIsActive', club_logic.logic)]
-    rights['list_requests'] = [('checkHasActiveRoleForScope', [club_admin_logic.logic, 'link_id'])]
-    rights['list_roles'] = [('checkHasActiveRoleForScope', [club_admin_logic.logic, 'link_id'])]
+                              ('checkGroupIsActiveForScopeAndLinkId', club_logic.logic)]
+    rights['list_requests'] = [('checkHasActiveRoleForLinkId', club_admin_logic.logic)]
+    rights['list_roles'] = [('checkHasActiveRoleForLinkId', club_admin_logic.logic)]
     rights['applicant'] = [('checkIsApplicationAccepted',
                             club_app_logic.logic)]
 

--- a/app/soc/views/models/mentor.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/models/mentor.py	Thu Feb 26 16:58:15 2009 +0000
@@ -55,7 +55,7 @@
     rights['create'] = ['checkIsDeveloper']
     rights['edit'] = [('checkHasActiveRoleForScope', soc.logic.models.mentor.logic)]
     rights['delete'] = ['checkIsDeveloper']
-    rights['invite'] = [('checkHasActiveRoleForScope', 
+    rights['invite'] = [('checkHasActiveRoleForScope',
                          soc.logic.models.org_admin.logic)]
     rights['accept_invite'] = [('checkCanCreateFromRequest', 'mentor'),
         'checkIsNotStudentForProgramOfOrg']

--- a/app/soc/views/models/org_admin.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/models/org_admin.py	Thu Feb 26 16:58:15 2009 +0000
@@ -60,7 +60,7 @@
     rights['create'] = ['checkIsDeveloper']
     rights['edit'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)]
     rights['delete'] = ['checkIsDeveloper']
-    rights['invite'] = [('checkHasActiveRoleForScope', 
+    rights['invite'] = [('checkHasActiveRoleForScope',
                          org_admin_logic.logic)]
     rights['accept_invite'] = [('checkCanCreateFromRequest', 'org_admin'),
         'checkIsNotStudentForProgramOfOrg']

--- a/app/soc/views/models/organization.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/models/organization.py	Thu Feb 26 16:58:15 2009 +0000
@@ -23,6 +23,8 @@
   ]
 
 
+from google.appengine.api import users
+
 from django import forms
 
 from soc.logic import cleaning
@@ -32,6 +34,7 @@
 from soc.logic.models import organization as org_logic
 from soc.logic.models import org_admin as org_admin_logic
 from soc.logic.models import org_app as org_app_logic
+from soc.logic.models import user as user_logic
 from soc.views.helper import access
 from soc.views.helper import decorators
 from soc.views.helper import dynaform
@@ -56,28 +59,26 @@
       original_params: a dict with params for this View
     """
 
-    all = "%(scope_path)s/%(link_id)s"
-
     rights = access.Checker(params)
     rights['any_access'] = ['allow']
     rights['show'] = ['allow']
     rights['create'] = ['checkIsDeveloper']
-    rights['edit'] = [('checkHasActiveRoleForScope',
-                           [org_admin_logic.logic, all]),
-                      ('checkIsActive', [org_logic.logic, None])]
+    rights['edit'] = [('checkHasActiveRoleForKeyFieldsAsScope',
+                           org_admin_logic.logic,),
+                      ('checkGroupIsActiveForLinkId', org_logic.logic)]
     rights['delete'] = ['checkIsDeveloper']
     rights['home'] = ['allow']
     rights['public_list'] = ['allow']
     rights['apply_mentor'] = ['checkIsUser']
-    rights['list_requests'] = [('checkHasActiveRoleForScope', 
-                                [org_admin_logic.logic, all])]
-    rights['list_roles'] = [('checkHasActiveRoleForScope', 
-                             [org_admin_logic.logic, all])]
+    rights['list_requests'] = [('checkHasActiveRoleForKeyFieldsAsScope',
+                                org_admin_logic.logic)]
+    rights['list_roles'] = [('checkHasActiveRoleForKeyFieldsAsScope',
+                             org_admin_logic.logic)]
     rights['applicant'] = [('checkIsApplicationAccepted',
                             org_app_logic.logic)]
     rights['list_proposals'] = [('checkHasAny', [
-        [('checkHasActiveRoleForScope', [org_admin_logic.logic, all]),
-        ('checkHasActiveRoleForScope', [mentor_logic.logic, all])]
+        [('checkHasActiveRoleForKeyFieldsAsScope', org_admin_logic.logic),
+         ('checkHasActiveRoleForKeyFieldsAsScope', mentor_logic.logic)]
         ])]
 
     new_params = {}
@@ -197,8 +198,18 @@
     """See base.View.list.
     """
 
-    new_params = {}
-    if accounts.isDeveloper():
+    account = users.get_current_user()
+    user = user_logic.getForAccount(account) if account else None
+
+    try:
+      rights = self._params['rights']
+      rights.setCurrentUser(account, user)
+      rights.checkIsHost()
+      is_host = True
+    except out_of_band.Error:
+      is_host = False
+
+    if is_host:
       new_params['list_action'] = (redirects.getAdminRedirect, params)
     else:
       new_params['list_action'] = (redirects.getPublicRedirect, params)

--- a/app/soc/views/models/site.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/models/site.py	Thu Feb 26 16:58:15 2009 +0000
@@ -28,6 +28,7 @@
 from soc.logic import accounts
 from soc.logic import cleaning
 from soc.logic import dicts
+from soc.views import out_of_band
 from soc.views.helper import access
 from soc.views.helper import redirects
 from soc.views.helper import widgets
@@ -118,7 +119,16 @@
 
     if entity:
       submenus += document_view.view.getMenusForScope(entity, self._params)
-      if user and accounts.isDeveloper(id, user):
+
+      try:
+        rights = self._params['rights']
+        rights.setCurrentUser(id, user)
+        rights.checkIsHost()
+        is_host = True
+      except out_of_band.Error:
+        is_host = False
+
+      if is_host:
         submenus += [(redirects.getCreateDocumentRedirect(entity, 'site'),
             "Create a New Document", 'any_access')]
 

--- a/app/soc/views/models/sponsor.py	Thu Feb 26 16:57:13 2009 +0000
+++ b/app/soc/views/models/sponsor.py	Thu Feb 26 16:58:15 2009 +0000
@@ -51,7 +51,7 @@
     rights = access.Checker(params)
     rights['create'] = ['checkIsDeveloper']
     rights['edit'] = [('checkHasActiveRoleForScope', [host_logic, 'link_id']),
-                      ('checkIsActive', [sponsor_logic, None, 'link_id'])]
+                      ('checkGroupIsActiveForLinkId', sponsor_logic)]
     rights['delete'] = ['checkIsDeveloper']
     rights['home'] = [('checkHasActiveRoleForScope', host_logic)]
     rights['list'] = ['checkIsDeveloper']