Changed the access checks in student_proposal view to use the newly created checks.
Patch by: Lennard de Rijk
Reviewed by: to-be-reviewed
--- a/app/soc/views/models/student_proposal.py Sun Feb 22 20:42:05 2009 +0000
+++ b/app/soc/views/models/student_proposal.py Sun Feb 22 20:44:30 2009 +0000
@@ -53,15 +53,20 @@
params: a dict with params for this View
"""
- # TODO(ljvderijk) Access checks for different views
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
- rights['edit'] = ['checkIsDeveloper']
+ rights['edit'] = [('checkCanStudentPropose', 'scope_path'),
+ ('checkRoleAndStatusForStudentProposal',
+ [['proposer'], ['active'], ['new', 'pending']])]
rights['delete'] = ['checkIsDeveloper']
- # TODO(ljvderijk) public should be host/org/student only
- rights['public'] = ['checkIsDeveloper']
+ rights['show'] = [
+ ('checkRoleAndStatusForStudentProposal',
+ [['proposer', 'org_admin', 'mentor', 'host'],
+ ['active', 'inactive'], ['new', 'pending', 'accepted', 'rejected']])]
rights['list'] = ['checkIsDeveloper']
- rights['apply'] = ['checkIsDeveloper']
+ rights['apply'] = [
+ ('checkIsStudent', ['scope_path', ['active']]),
+ ('checkCanStudentPropose', 'scope_path')]
new_params = {}
new_params['logic'] = soc.logic.models.student_proposal.logic
@@ -105,7 +110,7 @@
'link_id': forms.CharField(widget=forms.HiddenInput)
}
- # TODO(ljvderijk) students should be able to withdraw their proposal
+ # TODO(ljvderijk) students should be able to withdraw their proposals
params = dicts.merge(params, new_params)