def editOrCreateRight(self, user, club): if ( (not club.is_saved() and isAccessible (user, "createClub")) #Create or (club.is_saved() and hasClubPrivilige(user, club, "edit")) ): #Edit return True else: errorPage( self.response, "Access Deny For club", users.create_login_url(self.request.uri))#Access Deny return False
def visit(self): if self.club and self.user: return True # Analyze req path first slug, pathuser = urlconf.analyze(self.request.path) # Get club club = Club.getClubBySlug(slug) if not club: return errorPage(self.response, "No such club " + slug, "/clubs", 404) # Check user status user = users.get_current_user() if not user: return errorPage( self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403 ) # That the one we modify is the path user. if omitted, user current user as target if pathuser: pathuser = users.User(pathuser) else: pathuser = user # @warning: I don't know is it correct to add access control code here if not hasClubPrivilige(user, club, "membership", pathuser.email()): return errorPage(self.response, "Can not access", "/", 403) self.user = user self.club = club self.member = Membership.between(pathuser, club) self.targetUser = pathuser return True
def visit(self): if (self.club and self.user): return True #Analyze req path first slug, pathuser = urlconf.analyze(self.request.path) #Get club club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No such club " + slug, '/clubs', 404) #Check user status user = users.get_current_user() if (not user): return errorPage(self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403) #That the one we modify is the path user. if omitted, user current user as target if (pathuser): pathuser = users.User(pathuser) else: pathuser = user #@warning: I don't know is it correct to add access control code here if (not hasClubPrivilige(user, club, 'membership', pathuser.email())): return errorPage(self.response, "Can not access", '/', 403) self.user = user self.club = club self.member = Membership.between(pathuser, club) self.targetUser = pathuser return True
def initRequest(self): urlconf = urldict[type(self).__name__] slug, useremail = urlconf.analyze(self.request.path) club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404) user = users.get_current_user() pathuser = user if (useremail): getuser = users.User(useremail) if (getuser): pathuser = getuser if (hasClubPrivilige(user, club, "privGrant", pathuser)): self.user = user self.target = Membership.between(pathuser, club) if (self.target): return True else: return errorPage( self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403) else: return errorPage( self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403)
def checkPrivilige(self): user = get_current_user() if (not user): errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasActPrivilige(user, self.actobj, self.actOperation)): errorPage ( self.response, "Not authorrized", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self): user = get_current_user() if (not user): errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasClubPrivilige(user, self.actobj.club, "newact")): errorPage ( self.response, "Not Authorized to edit", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self): user = get_current_user() if (not user): errorPage(self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasActPrivilige(user, self.actobj, self.actOperation)): errorPage(self.response, "Not authorrized", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self): user = get_current_user() if (not user): errorPage(self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasClubPrivilige(user, self.actobj.club, "newact")): errorPage(self.response, "Not Authorized to edit", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def get(self, *args): if (isAccessible('', 'listClubs')): clubs = Club.all() vars = dict (clubs=Club.all(), cluburl=viewurlconf.path('')[:-1]) if (isAccessible('', 'createClub')): nowdt = datetime.now() newslug = "newclb_%d%d%d%d%d%d%d" % (nowdt.year, nowdt.month, nowdt.day, nowdt.hour, nowdt.minute, nowdt.second, nowdt.microsecond) newcluburl = editurlconf.path(newslug) vars['newcluburl'] = newcluburl self.response.out.write (render(self.template, vars, self.request.url) ) else: errorPage( self.response, "Not Accessible", users.create_login_url(self.request.uri))
def post(self, *args): actobj = self.getActModel() if (actobj): self.actobj = actobj if (self.checkPrivilige()): if (self.request.get ('delete', False)): actobj.delete() return infoPage (self.response, "Successful deleted", "Deleted Activity %s" % actobj.name, "/") self.updateObject(actobj) key = actobj.put() if (key): return errorPage( self.response, "Successfully storing this Activity", urldict['ActivityView'].path(key.id()), 200) else: return errorPage( self.response, "Error while storing this Activity", urldict['ActivityEdit'].path(actobj.key().id()), 501) else: return errorPage( self.response, "No such Activity", urldict['ClubList'].path(), 404)
def post(self, *args): urlcfg = urldict['ActivityParticipate'] id, oper = urlcfg.analyze(self.request.path) id = int(id) actobj = self.getActModel(id) if (not actobj): return errorPage (self.response, urldict['ClubList'].path(), "No such activity", 404 ) user = get_current_user(); if (not user): return errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) target = self.request.get ('target') cluburl = urldict['ClubView'].path(actobj.club.slug) if (not hasActPrivilige(user, actobj, oper,target) ): return errorPage ( self.response, "Can not access", cluburl, 403) if (target): targetUser = User(target) if(not targetUser): return errorPage ( self.response, "Illegal access", cluburl, 403) else: #if target omitted, use current user as target targetUser = user mem = Membership.between (targetUser, actobj.club) if (not mem): return errorPage ( self.response, "Not a member", cluburl, 403) acturl = urldict['ActivityView'].path(id) if (oper == 'join'): actp = ActivityParticipator.between (mem, actobj) if (not actp): actp = ActivityParticipator(member = mem, activity = actobj) actp.put() return infoPage (self.response, "Successfully Joined", "%s has join activity %s" % (mem.name, actobj.name), acturl) elif (oper == 'quit'): actp = ActivityParticipator.between(mem, actobj) if (actp): if (actp.confirmed): return errorPage ( self.response, "Cannot delete confirmed participator", acturl, 403) else: actp.delete() return infoPage (self.response, "Successfully Quited", "%s success quit activity %s" % (mem.name, actobj.name), acturl) elif (oper == 'confirm'): actp = ActivityParticipator.between(mem, actobj) if (actp): actp.confirmed = not actp.confirmed actp.put() return infoPage (self.response, "Successfully Confirmed", "success confirmed %s join activity %s" % (mem.name, actobj.name), acturl) else: return errorPage ( self.response, "No Such a Member", acturl, 404) elif (oper == 'bill' or oper == "rebill"): billobj = ActivityBill.generateBill(actobj, oper == "rebill")#If in rebill operation, we could enable rebill if (billobj): billobj.put() billDict = dict(billobj = billobj) return infoPage (self.response, "Successfully Billded", str(billobj.memberBill), acturl) else: return errorPage (self.response, "Error Will Generate Bill", acturl, 501)
def get(self, *args): actobj = self.getActModel() if (actobj): self.actobj = actobj if (self.checkPrivilige()): self.response.out.write (self.makeResponseText(actobj)) else: return else: return errorPage( self.response, "No such Activity", urldict['ClubList'].path(), 404)
def get(self, *args): actobj = self.getActModel() if (actobj): self.actobj = actobj if (self.checkPrivilige()): self.response.out.write(self.makeResponseText(actobj)) else: return else: return errorPage(self.response, "No such Activity", urldict['ClubList'].path(), 404)
def get(self, *args): path = self.request.path slug = lastWordOfUrl(path) if (slug): club = Club.getClubBySlug(slug) if (club): templatevars = dict(club = club ) user = users.get_current_user() membership = Membership.between (user, club) if (membership): templatevars['membership'] = membership elif (user and hasClubPrivilige(user, club, 'join')): #Could Join templatevars['action'] = memberurlconf.path(club.slug, user.email()) templatevars['userName'] = user.nickname() templatevars['userEmail'] = user.email() else: templatevars['loginUrl'] = users.create_login_url(self.request.uri) if (membership and hasClubPrivilige(user, club, 'newAct')): templatevars['newAct'] = urldict['ActivityNew'].path(slug) if (hasClubPrivilige(user, club, "edit")): templatevars['editurl'] = urldict['ClubEdit'].path(club.slug) mq = Membership.all() mq.filter ('club = ', club) memset = [] for mem in mq: if (hasClubPrivilige(user, club, "privGrant")): mem.privEdit = urldict['ClubPrivilige'].path(slug, mem.user.email()) memset.append(mem) templatevars['members'] = memset aq = Activity.all() aq.filter ('club = ', club) avpath = urldict['ActivityView'].path actlist = [] for act in aq: act.linkpath = avpath (act.key().id()) actlist.append (act) templatevars['acts'] = actlist self.response.out.write (render(self.template, templatevars, self.request.url) ) else: self.response.set_status(404) errorPage( self.response, "Club Not Found", listurlconf.path())
def initRequest(self): urlconf = urldict[type(self).__name__] slug, useremail = urlconf.analyze(self.request.path) club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404) user = users.get_current_user() pathuser = user if (useremail): getuser = users.User(useremail) if (getuser): pathuser = getuser if (hasClubPrivilige(user, club, "privGrant", pathuser)): self.user = user self.target = Membership.between(pathuser, club) if (self.target): return True else: return errorPage(self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403 ) else: return errorPage(self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403 )
def get(self, *args): stat, user = self.accessControl() if (not stat): return errorPage( self.response, "User %s Not Log in" % user, users.create_login_url(self.request.uri)) if (self.clubmodel): clubmd=self.clubmodel else: clubmd = self.makeClubModel(self.analyzePath()) if (not clubmd.is_saved()): clubmd.owner = user if (self.editOrCreateRight(user, clubmd)): self.responseClub (clubmd, user.nickname())
def post(self, *args): actobj = self.getActModel() if (actobj): self.actobj = actobj if (self.checkPrivilige()): if (self.request.get('delete', False)): actobj.delete() return infoPage(self.response, "Successful deleted", "Deleted Activity %s" % actobj.name, "/") self.updateObject(actobj) key = actobj.put() if (key): return errorPage(self.response, "Successfully storing this Activity", urldict['ActivityView'].path(key.id()), 200) else: return errorPage( self.response, "Error while storing this Activity", urldict['ActivityEdit'].path(actobj.key().id()), 501) else: return errorPage(self.response, "No such Activity", urldict['ClubList'].path(), 404)
def post(self, *args): urlcfg = urldict['ActivityParticipate'] id, oper = urlcfg.analyze(self.request.path) id = int(id) actobj = self.getActModel(id) if (not actobj): return errorPage(self.response, urldict['ClubList'].path(), "No such activity", 404) user = get_current_user() if (not user): return errorPage(self.response, "Not login", create_login_url(self.request.url), 403) target = self.request.get('target') cluburl = urldict['ClubView'].path(actobj.club.slug) if (not hasActPrivilige(user, actobj, oper, target)): return errorPage(self.response, "Can not access", cluburl, 403) if (target): targetUser = User(target) if (not targetUser): return errorPage(self.response, "Illegal access", cluburl, 403) else: #if target omitted, use current user as target targetUser = user mem = Membership.between(targetUser, actobj.club) if (not mem): return errorPage(self.response, "Not a member", cluburl, 403) acturl = urldict['ActivityView'].path(id) if (oper == 'join'): actp = ActivityParticipator.between(mem, actobj) if (not actp): actp = ActivityParticipator(member=mem, activity=actobj) actp.put() return infoPage( self.response, "Successfully Joined", "%s has join activity %s" % (mem.name, actobj.name), acturl) elif (oper == 'quit'): actp = ActivityParticipator.between(mem, actobj) if (actp): if (actp.confirmed): return errorPage(self.response, "Cannot delete confirmed participator", acturl, 403) else: actp.delete() return infoPage( self.response, "Successfully Quited", "%s success quit activity %s" % (mem.name, actobj.name), acturl) elif (oper == 'confirm'): actp = ActivityParticipator.between(mem, actobj) if (actp): actp.confirmed = not actp.confirmed actp.put() return infoPage( self.response, "Successfully Confirmed", "success confirmed %s join activity %s" % (mem.name, actobj.name), acturl) else: return errorPage(self.response, "No Such a Member", acturl, 404) elif (oper == 'bill' or oper == "rebill"): billobj = ActivityBill.generateBill( actobj, oper == "rebill") #If in rebill operation, we could enable rebill if (billobj): billobj.put() billDict = dict(billobj=billobj) return infoPage(self.response, "Successfully Billded", str(billobj.memberBill), acturl) else: return errorPage(self.response, "Error Will Generate Bill", acturl, 501)