Tighten more checkIsUser() access to checkAgreesToSiteToS() instead.
Update the checkIsHost() comment.
Patch by: Todd Larsen
Review by: to-be-reviewed
--- a/app/soc/views/helper/access.py Wed Jan 21 21:32:51 2009 +0000
+++ b/app/soc/views/helper/access.py Wed Jan 21 21:41:36 2009 +0000
@@ -236,20 +236,21 @@
def checkIsHost(request, args, kwargs):
- """Returns an alternate HTTP response if Google Account has no Host entity
+ """Raises an alternate HTTP response if Google Account has no Host entity
for the specified program.
Args:
request: a Django HTTP request
- Raises:
- AccessViolationResponse: if the required authorization is not met
-
- Returns:
- None if Host exists for the specified program, or a subclass of
- django.http.HttpResponse which contains the alternate response
- should be returned by the calling view.
+ Raises:
+ AccessViolationResponse:
+ * if User has not been invited to be a Host, or
+ * if User is not already a Host, or
+ * if User has not agreed to the site-wide ToS, or
+ * if no User exists for the logged-in Google Account, or
+ * if the user is not even logged in
"""
+ checkAgreesToSiteToS(request, args, kwargs)
try:
# if the current user is invited to create a host profile we allow access
@@ -258,8 +259,6 @@
except out_of_band.Error:
pass
- checkAgreesToSiteToS(request, args, kwargs)
-
user = user_logic.getForFields({'account': users.get_current_user()},
unique=True)
--- a/app/soc/views/helper/params.py Wed Jan 21 21:32:51 2009 +0000
+++ b/app/soc/views/helper/params.py Wed Jan 21 21:41:36 2009 +0000
@@ -73,7 +73,7 @@
rights = {}
rights['unspecified'] = []
rights['any_access'] = [access.checkIsLoggedIn]
- rights['show'] = [access.checkIsUser]
+ rights['show'] = [access.checkAgreesToSiteToS]
rights['create'] = [access.checkIsDeveloper]
rights['edit'] = [access.checkIsDeveloper]
rights['delete'] = [access.checkIsDeveloper]
--- a/app/soc/views/models/club_app.py Wed Jan 21 21:32:51 2009 +0000
+++ b/app/soc/views/models/club_app.py Wed Jan 21 21:41:36 2009 +0000
@@ -56,10 +56,10 @@
"""
rights = {}
- rights['create'] = [access.checkIsUser]
+ rights['create'] = [access.checkAgreesToSiteToS]
rights['delete'] = [access.checkIsMyApplication(club_app_logic)]
rights['edit'] = [access.checkIsMyApplication(club_app_logic)]
- rights['list'] = [access.checkIsUser]
+ rights['list'] = [access.checkAgreesToSiteToS]
rights['public'] = [access.checkIsMyApplication(club_app_logic)]
rights['review'] = [access.checkIsDeveloper]
--- a/app/soc/views/models/notification.py Wed Jan 21 21:32:51 2009 +0000
+++ b/app/soc/views/models/notification.py Wed Jan 21 21:41:36 2009 +0000
@@ -87,7 +87,7 @@
rights['edit'] = [access.deny]
rights['show'] = [access.checkIsMyNotification]
rights['delete'] = [access.checkIsMyNotification]
- rights['list'] = [access.checkIsUser]
+ rights['list'] = [access.checkAgreesToSiteToS]
# create is developer only for the time being to test functionality
rights['create'] = [access.checkIsDeveloper]
--- a/app/soc/views/models/request.py Wed Jan 21 21:32:51 2009 +0000
+++ b/app/soc/views/models/request.py Wed Jan 21 21:41:36 2009 +0000
@@ -103,7 +103,7 @@
"""
rights = {}
- rights['listSelf'] = [access.checkIsUser]
+ rights['listSelf'] = [access.checkAgreesToSiteToS]
rights['create'] = [access.checkCanInvite]
new_params = {}
--- a/app/soc/views/models/user_self.py Wed Jan 21 21:32:51 2009 +0000
+++ b/app/soc/views/models/user_self.py Wed Jan 21 21:41:36 2009 +0000
@@ -116,9 +116,9 @@
rights['unspecified'] = [access.deny]
rights['any_access'] = [access.allow]
rights['edit'] = [access.checkIsLoggedIn]
- rights['roles'] = [access.checkIsUser]
+ rights['roles'] = [access.checkAgreesToSiteToS]
rights['signIn'] = [access.checkNotLoggedIn]
- rights['notification'] = [access.checkIsUser]
+ rights['notification'] = [access.checkAgreesToSiteToS]
new_params = {}
new_params['rights'] = rights