Added missing access checks to various roles.
Addresses Issue 454.
Patch by: Lennard de Rijk
Reviewed by: to-be-reviewed
--- a/app/soc/views/models/club_admin.py Thu Mar 26 14:11:06 2009 +0000
+++ b/app/soc/views/models/club_admin.py Fri Mar 27 09:51:25 2009 +0000
@@ -52,7 +52,8 @@
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
- rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)]
+ rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic),
+ ('checkIsMyEntity', club_admin.logic)]
rights['delete'] = ['checkIsDeveloper']
rights['invite'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)]
rights['accept_invite'] = [('checkCanCreateFromRequest', 'club_admin')]
--- a/app/soc/views/models/club_member.py Thu Mar 26 14:11:06 2009 +0000
+++ b/app/soc/views/models/club_member.py Fri Mar 27 09:51:25 2009 +0000
@@ -52,7 +52,8 @@
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
- rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)]
+ rights['edit'] = [('checkHasActiveRoleForScope', club_admin_logic.logic),
+ ('checkIsMyEntity', club_admin_logic.logic)]
rights['delete'] = ['checkIsDeveloper']
rights['invite'] = [('checkHasActiveRoleForScope', club_admin_logic.logic)]
rights['accept_invite'] = [('checkCanCreateFromRequest','club_member')]
--- a/app/soc/views/models/host.py Thu Mar 26 14:11:06 2009 +0000
+++ b/app/soc/views/models/host.py Fri Mar 27 09:51:25 2009 +0000
@@ -56,7 +56,8 @@
rights = access.Checker(params)
rights['create'] = [('checkHasActiveRoleForScope', host_logic.logic)]
- rights['edit'] = [('checkHasActiveRoleForScope', host_logic.logic)]
+ rights['edit'] = [('checkHasActiveRoleForScope', host_logic.logic),
+ ('checkIsMyEntity', host_logic.logic)]
rights['invite'] = [('checkHasActiveRoleForScope', host_logic.logic)]
rights['list'] = ['checkIsDeveloper']
rights['accept_invite'] = [('checkCanCreateFromRequest','host')]
--- a/app/soc/views/models/mentor.py Thu Mar 26 14:11:06 2009 +0000
+++ b/app/soc/views/models/mentor.py Fri Mar 27 09:51:25 2009 +0000
@@ -56,7 +56,8 @@
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
rights['edit'] = [('checkHasActiveRoleForScope',
- soc.logic.models.mentor.logic)]
+ soc.logic.models.mentor.logic),
+ ('checkIsMyEntity', soc.logic.models.mentor.logic)]
rights['delete'] = ['checkIsDeveloper']
rights['invite'] = [('checkHasActiveRoleForScope',
soc.logic.models.org_admin.logic)]
--- a/app/soc/views/models/org_admin.py Thu Mar 26 14:11:06 2009 +0000
+++ b/app/soc/views/models/org_admin.py Fri Mar 27 09:51:25 2009 +0000
@@ -60,7 +60,8 @@
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
- rights['edit'] = [('checkHasActiveRoleForScope', org_admin_logic.logic)]
+ rights['edit'] = [('checkHasActiveRoleForScope', org_admin_logic.logic),
+ ('checkIsMyEntity', org_admin_logic.logic)]
rights['delete'] = ['checkIsDeveloper']
rights['invite'] = [('checkHasActiveRoleForScope',
org_admin_logic.logic)]
--- a/app/soc/views/models/student.py Thu Mar 26 14:11:06 2009 +0000
+++ b/app/soc/views/models/student.py Fri Mar 27 09:51:25 2009 +0000
@@ -56,7 +56,8 @@
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
- rights['edit'] = [('checkHasActiveRoleForScope', student_logic.logic)]
+ rights['edit'] = [('checkHasActiveRoleForScope', student_logic.logic),
+ ('checkIsMyEntity', student_logic.logic)]
rights['delete'] = ['checkIsDeveloper']
rights['apply'] = [
'checkIsUser',