Added checkCanEditGroupApp to access.py.
Group Applications can now only be edited if they are either rejected or still in need of review.
Also fixed a bug in checkIsMyEntity.
Patch by: Lennard de Rijk
Reviewed by: to-be-reviewed
--- a/app/soc/views/helper/access.py Tue Feb 03 13:26:34 2009 +0000
+++ b/app/soc/views/helper/access.py Tue Feb 03 13:27:52 2009 +0000
@@ -658,6 +658,34 @@
new_args = {'scope_path': program.scope_path }
self.checkHasRole(new_args, host_logic)
+
+ @allowDeveloper
+ def checkCanEditGroupApp(self, django_args, group_app_logic):
+ """Checks if the group_app in args is valid to be edited.
+
+ Args:
+ group_app_logic: A logic instance for the Group Application
+ """
+
+ self.checkIsUser(django_args)
+
+ fields = {
+ 'link_id': django_args['link_id'],
+ 'applicant': self.user,
+ 'status' : ['needs review', 'rejected']
+ }
+
+ if 'scope_path' in django_args:
+ fields['scope_path'] = django_args['scope_path']
+
+ entity = group_app_logic.getForFields(fields)
+
+ if entity:
+ return
+
+ raise out_of_band.AccessViolation(message_fmt=DEF_NOT_YOUR_ENTITY_MSG)
+
+
@allowDeveloper
def checkIsApplicationAccepted(self, django_args, app_logic):
"""Returns an alternate HTTP response if Google Account has no Club App
@@ -702,6 +730,9 @@
field_name: self.user if user else self.user.key().name()
}
+ if 'scope_path' in django_args:
+ fields['scope_path'] = django_args['scope_path']
+
entity = logic.getForFields(fields)
if entity:
--- a/app/soc/views/models/club_app.py Tue Feb 03 13:26:34 2009 +0000
+++ b/app/soc/views/models/club_app.py Tue Feb 03 13:27:52 2009 +0000
@@ -50,13 +50,13 @@
rights = access.Checker(params)
rights['create'] = ['checkIsUser']
- rights['delete'] = [('checkIsMyEntity',
- [club_app_logic.logic, 'applicant', True])]
- rights['edit'] = [('checkIsMyEntity',
- [club_app_logic.logic, 'applicant', True])]
+ rights['delete'] = [('checkCanEditGroupApp',
+ [club_app_logic.logic])]
+ rights['edit'] = [('checkCanEditGroupApp',
+ [club_app_logic.logic])]
rights['list'] = ['checkIsUser']
- rights['public'] = [('checkIsMyEntity',
- [club_app_logic.logic, 'applicant', True])]
+ rights['public'] = [('checkCanEditGroupApp',
+ [club_app_logic.logic])]
rights['review'] = [('checkHasRole', host_logic.logic)]
new_params = {}
--- a/app/soc/views/models/org_app.py Tue Feb 03 13:26:34 2009 +0000
+++ b/app/soc/views/models/org_app.py Tue Feb 03 13:27:52 2009 +0000
@@ -49,13 +49,13 @@
#TODO(ljvderijk) do the right rights check
rights = access.Checker(params)
rights['create'] = ['checkIsDeveloper']
- rights['delete'] = [('checkIsMyEntity',
- [org_app_logic.logic, 'applicant', True])]
- rights['edit'] = [('checkIsMyEntity',
- [org_app_logic.logic, 'applicant', True])]
+ rights['delete'] = [('checkCanEditGroupApp',
+ [org_app_logic.logic])]
+ rights['edit'] = [('checkCanEditGroupApp',
+ [org_app_logic.logic])]
rights['list'] = ['checkIsDeveloper']
- rights['public'] = [('checkIsMyEntity',
- [org_app_logic.logic, 'applicant', True])]
+ rights['public'] = [('checkCanEditGroupApp',
+ [org_app_logic.logic])]
rights['review'] = ['checkIsDeveloper']
new_params = {}