def checkAccess(self):
"""Checks whether this task is visible to the public and any other checks
if it is a POST request.
"""
self.mutator.taskFromKwargs(comments=True, work_submissions=True)
self.data.is_visible = self.check.isTaskVisible()
if task_logic.updateTaskStatus(self.data.task):
# The task logic updated the status of the task since the deadline passed
# and the GAE task was late to run. Reload the page.
raise RedirectRequest('')
if self.request.method == 'POST':
# Access checks for the different forms on this page. Note that there
# are no elif clauses because one could add multiple GET params :).
self.check.isProfileActive()
if 'reply' in self.data.GET:
# checks for posting comments
# valid tasks and profile are already checked.
self.check.isBeforeAllWorkStopped()
self.check.isCommentingAllowed()
if 'submit_work' in self.data.GET:
self.check.isBeforeAllWorkStopped()
if not task_logic.canSubmitWork(self.data.task, self.data.profile):
self.check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)
if 'button' in self.data.GET:
# check for any of the buttons
button_name = self._buttonName()
buttons = {}
TaskInformation(self.data).setButtonControls(buttons)
if not buttons.get(button_name):
self.check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)
if 'send_for_review' in self.data.GET:
self.check.isBeforeAllWorkStopped()
if not task_logic.isOwnerOfTask(self.data.task, self.data.profile) or \
not self.data.work_submissions:
self.check.fail(DEF_CANT_SEND_FOR_REVIEW)
if 'delete_submission' in self.data.GET:
self.check.isBeforeAllWorkStopped()
id = self._submissionId()
work = GCIWorkSubmission.get_by_id(id, parent=self.data.task)
if not work:
self.check.fail(DEF_NO_WORK_FOUND %id)
time_expired = work.submitted_on - datetime.datetime.now()
if work.user.key() != self.data.user.key() or \
time_expired > task_logic.DELETE_EXPIRATION:
self.check.fail(DEF_NOT_ALLOWED_TO_DELETE)
def get(self):
"""Attempts to download the blob in the worksubmission that is specified
in the GET argument.
"""
id_s = self.request.GET.get('id', '')
id = int(id_s) if id_s.isdigit() else -1
work = GCIWorkSubmission.get_by_id(id, self.data.task)
if not work or not work.upload_of_work:
return self.error(400, DEF_NO_WORK_FOUND %id)
upload = work.upload_of_work
self.response = bs_helper.sendBlob(upload)
def _postDeleteSubmission(self):
"""POST handler to delete a GCIWorkSubmission.
"""
id = self._submissionId()
work = GCIWorkSubmission.get_by_id(id, parent=self.data.task)
if not work:
return self.error(400, DEF_NO_WORK_FOUND %id)
# Deletion of blobs always runs separately from transaction so it has no
# added value to use it here.
upload = work.upload_of_work
work.delete()
if upload:
upload.delete()
self.redirect.id().to('gci_view_task')
