Changed the access checks to comply with state in request.
Patch by: Lennard de Rijk
Reviewed by: to-be-reviewed
--- a/app/soc/views/helper/access.py Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/helper/access.py Fri Jan 23 23:42:07 2009 +0000
@@ -245,8 +245,8 @@
raise out_of_band.LoginRequest(message_fmt=login_message_fmt)
def checkCanCreateFromRequest(role_name):
- """Raises an alternate HTTP response if the specified invite does not exist
- or if it has not been group_accepted.
+ """Raises an alternate HTTP response if the specified request does not exist
+ or if it's state is not group_accepted.
"""
def wrapper(request, args, kwargs):
checkAgreesToSiteToS(request, args, kwargs)
@@ -262,15 +262,16 @@
request_entity = request_logic.getFromFieldsOr404(**fields)
- if not request_entity.group_accepted:
+ if request_entity.state != 'group_accepted':
# TODO tell the user that this request has not been accepted yet
deny(request, args, kwargs)
return
return wrapper
-def checkIsMyUncompletedRequest(request, args, kwargs):
- """Raises an alternate HTTP response if the specified Request has been completed.
+def checkIsMyGroupAcceptedRequest(request, args, kwargs):
+ """Raises an alternate HTTP response if the specified request does not exist
+ or if it's state is not group_accepted
"""
checkAgreesToSiteToS(request, args, kwargs)
@@ -282,8 +283,7 @@
fields = {'link_id' : kwargs['link_id'],
'scope_path' : kwargs['scope_path'],
- 'role' : kwargs['role'],
- 'completed' : False}
+ 'role' : kwargs['role']}
request_entity = request_logic.getForFields(fields, unique=True)
@@ -291,6 +291,9 @@
# TODO return 404
return deny(request, args, kwargs)
+ if request_entity.state != 'group_accepted':
+ return deny(request, args, kwargs)
+
return
def checkIsHost(request, args, kwargs):
@@ -306,6 +309,14 @@
* if no User exists for the logged-in Google Account, or
* if the user is not even logged in
"""
+
+ try:
+ # if the current user is invited to create a host profile we allow access
+ checkIsDeveloper(request, args, kwargs)
+ return
+ except out_of_band.Error:
+ pass
+
checkAgreesToSiteToS(request, args, kwargs)
user = user_logic.getForFields({'account': users.get_current_user()},
--- a/app/soc/views/helper/redirects.py Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/helper/redirects.py Fri Jan 23 23:42:07 2009 +0000
@@ -123,7 +123,7 @@
return wrapped
-def inviteAcceptedRedirect(entity, _):
+def getInviteAcceptedRedirect(entity, _):
"""Returns the redirect for accepting an invite.
"""
--- a/app/soc/views/models/request.py Fri Jan 23 22:57:10 2009 +0000
+++ b/app/soc/views/models/request.py Fri Jan 23 23:42:07 2009 +0000
@@ -68,7 +68,7 @@
rights['listSelf'] = [access.checkAgreesToSiteToS]
rights['create'] = [access.allow] # TODO(ljvderijk) Set to deny once host has been converted
rights['edit'] = [access.checkIsDeveloper]
- rights['process_invite'] = [access.checkIsMyUncompletedRequest]
+ rights['process_invite'] = [access.checkIsMyGroupAcceptedRequest]
rights['list'] = [access.checkIsDeveloper]
rights['delete'] = [access.checkIsDeveloper]
@@ -150,7 +150,7 @@
context['entity'] = request_entity
context['module_name'] = params['module_name']
context['invite_accepted_redirect'] = (
- redirects.getInviteAcceptedRedirect(entity, self._params))
+ redirects.getInviteAcceptedRedirect(request_entity, self._params))
#display the invite processing page using the appropriate template
template = params['invite_processing_template']