Changed the access checks to comply with state in request.
authorLennard de Rijk <ljvderijk@gmail.com>
Fri, 23 Jan 2009 23:42:07 +0000
changeset 940 a40056afef83
parent 939 b341698bf3b1
child 941 6eac584ce14c
Changed the access checks to comply with state in request. Patch by: Lennard de Rijk Reviewed by: to-be-reviewed
app/soc/views/helper/access.py
app/soc/views/helper/redirects.py
app/soc/views/models/request.py
--- a/app/soc/views/helper/access.py	Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/helper/access.py	Fri Jan 23 23:42:07 2009 +0000
@@ -245,8 +245,8 @@
   raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
 
 def checkCanCreateFromRequest(role_name):
-  """Raises an alternate HTTP response if the specified invite does not exist
-     or if it has not been group_accepted. 
+  """Raises an alternate HTTP response if the specified request does not exist
+     or if it's state is not group_accepted. 
   """
   def wrapper(request, args, kwargs):
     checkAgreesToSiteToS(request, args, kwargs)
@@ -262,15 +262,16 @@
 
     request_entity = request_logic.getFromFieldsOr404(**fields)
 
-    if not request_entity.group_accepted:
+    if request_entity.state != 'group_accepted':
       # TODO tell the user that this request has not been accepted yet
       deny(request, args, kwargs)
 
     return
   return wrapper
 
-def checkIsMyUncompletedRequest(request, args, kwargs):
-  """Raises an alternate HTTP response if the specified Request has been completed.
+def checkIsMyGroupAcceptedRequest(request, args, kwargs):
+  """Raises an alternate HTTP response if the specified request does not exist
+     or if it's state is not group_accepted
   """
   checkAgreesToSiteToS(request, args, kwargs)
 
@@ -282,8 +283,7 @@
 
   fields = {'link_id' : kwargs['link_id'],
             'scope_path' : kwargs['scope_path'],
-            'role' : kwargs['role'],
-            'completed' : False}
+            'role' : kwargs['role']}
 
   request_entity = request_logic.getForFields(fields, unique=True)
 
@@ -291,6 +291,9 @@
     # TODO return 404
     return deny(request, args, kwargs)
 
+  if request_entity.state != 'group_accepted':
+    return deny(request, args, kwargs)
+
   return
 
 def checkIsHost(request, args, kwargs):
@@ -306,6 +309,14 @@
     * if no User exists for the logged-in Google Account, or
     * if the user is not even logged in
   """
+
+  try:
+    # if the current user is invited to create a host profile we allow access
+    checkIsDeveloper(request, args, kwargs)
+    return
+  except out_of_band.Error:
+    pass
+
   checkAgreesToSiteToS(request, args, kwargs)
 
   user = user_logic.getForFields({'account': users.get_current_user()},
--- a/app/soc/views/helper/redirects.py	Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/helper/redirects.py	Fri Jan 23 23:42:07 2009 +0000
@@ -123,7 +123,7 @@
 
   return wrapped
 
-def inviteAcceptedRedirect(entity, _):
+def getInviteAcceptedRedirect(entity, _):
   """Returns the redirect for accepting an invite.
   """
 
--- a/app/soc/views/models/request.py	Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/models/request.py	Fri Jan 23 23:42:07 2009 +0000
@@ -68,7 +68,7 @@
     rights['listSelf'] = [access.checkAgreesToSiteToS]
     rights['create'] = [access.allow] # TODO(ljvderijk) Set to deny once host has been converted
     rights['edit'] = [access.checkIsDeveloper]
-    rights['process_invite'] = [access.checkIsMyUncompletedRequest]
+    rights['process_invite'] = [access.checkIsMyGroupAcceptedRequest]
     rights['list'] = [access.checkIsDeveloper]
     rights['delete'] = [access.checkIsDeveloper]
 
@@ -150,7 +150,7 @@
     context['entity'] = request_entity
     context['module_name'] = params['module_name']
     context['invite_accepted_redirect'] = (
-        redirects.getInviteAcceptedRedirect(entity, self._params))
+        redirects.getInviteAcceptedRedirect(request_entity, self._params))
 
     #display the invite processing page using the appropriate template
     template = params['invite_processing_template']