def test_viewer_has_access(self):
"""Test checking user access control permissions."""
user_1 = FakeUser("*****@*****.**")
user_2 = FakeUser("*****@*****.**")
profile_email_1 = util.get_safe_email(user_1)
profile_email_2 = util.get_safe_email(user_2)
user_info_1 = models.UserInfo()
user_info_1.email = user_1.email()
user_info_1.safe_email = util.get_safe_email(user_1)
user_info_1.is_reviewer = False
user_info_1.put()
user_info_2 = models.UserInfo()
user_info_2.email = user_2.email()
user_info_2.safe_email = util.get_safe_email(user_2)
user_info_2.is_reviewer = True
user_info_2.put()
self.assertTrue(
account_facade.viewer_has_access(user_1, user_1.email())
)
self.assertTrue(
account_facade.viewer_has_access(user_2, user_1.email())
)
self.assertFalse(
account_facade.viewer_has_access(user_1, user_2.email())
)
def get(self, profile_email):
"""
GET request handler that renders a profile overview page.
@param profile_email: The email address of the user whose profile's
overview page should be rendered.
@type profile_email: str
"""
cur_user = users.get_current_user()
if not account_facade.viewer_has_access(cur_user, profile_email):
self.redirect(constants.HOME_URL)
section_statuses = account_facade.get_updated_sections(
cur_user, profile_email)
sections = constants.PORTFOLIO_SECTIONS
account_facade.set_viewed(cur_user, profile_email, None)
template = jinja_environment.get_template("portfolio_overview.html")
template_vals = get_standard_template_dict()
owner_name = util.get_full_name_from_email(profile_email)
template_vals["profile_safe_email"] = util.sanitize_email(profile_email)
template_vals["cur_section"] = "overview"
template_vals["owner_name"] = " ".join(owner_name)
template_vals["owner_first_name"] = owner_name[0]
template_vals["owner_last_name"] = owner_name[1]
template_vals["sections"] = sections
template_vals["section_statuses"] = section_statuses
content = template.render(template_vals)
self.response.out.write(content)
def get(self, profile_email, section_name):
"""
GET request handler that renders the private comments for a section.
@param profile_email: The email address of the user whose portfolio's
comments should be displayed.
@type profile_email: str
@param section_name: The name of the portfolio section to render
comments for.
@type section_name: str
"""
cur_user = users.get_current_user()
if not account_facade.viewer_has_access(cur_user, profile_email):
self.redirect(constants.HOME_URL)
new_comments = account_facade.get_new_comments(
cur_user, profile_email, section_name)
old_comments = account_facade.get_old_comments(
cur_user, profile_email, section_name)
section_statuses = account_facade.get_updated_sections(
cur_user, profile_email)
sections = constants.PORTFOLIO_SECTIONS
account_facade.set_viewed(cur_user, profile_email, section_name)
template = jinja_environment.get_template("portfolio_section.html")
template_vals = get_standard_template_dict()
owner_name = util.get_full_name_from_email(profile_email)
template_vals["profile_safe_email"] = util.sanitize_email(profile_email)
template_vals["cur_section"] = section_name
template_vals["owner_name"] = " ".join(owner_name)
template_vals["owner_first_name"] = owner_name[0]
template_vals["owner_last_name"] = owner_name[1]
template_vals["sections"] = sections
template_vals["section_statuses"] = section_statuses
template_vals["new_comments"] = new_comments
template_vals["old_comments"] = old_comments
content = template.render(template_vals)
self.response.out.write(content)
def post(self, profile_email, section_name):
"""
POST handler for adding a priate comment to a portfolio section.
@param profile_email: The email address of the user whose portfolio
should recieve the new comment.
@type profile_email: str
@param section_name: The name of the portfolio section to add the new
comment to.
@type section_name: str
"""
cur_user = users.get_current_user()
if not account_facade.viewer_has_access(cur_user, profile_email):
self.redirect(constants.HOME_URL)
raw_comment_contents = self.request.get("comment-contents", "")
comment_contents = cgi.escape(raw_comment_contents)
comment_contents = "<br>".join(comment_contents.splitlines())
new_comment = models.Comment()
new_comment.author_email = cur_user.email()
new_comment.profile_email = profile_email
new_comment.section_name = section_name
new_comment.contents = comment_contents
new_comment.timestamp = datetime.datetime.now()
new_comment.put()
account_facade.set_viewed(cur_user, profile_email, section_name)
account_facade.set_flash_message(
cur_user.email(),
constants.FLASH_MSG_TYPE_CONFIRMATION,
constants.FLASH_MSG_ADDED_COMMENT
)
self.redirect(self.request.path)
