Beispiel #1
0
 def delete_folder(self, subject):
     folder_name = request.params['folder']
     if not subject.getFolder(folder_name).can_write(c.user):
         deny(_('You have no right to delete this folder.'), 403)
     else:
         self._delete_folder(subject)
         redirect(request.referrer)
Beispiel #2
0
    def request_join(self, group):
        if c.user is None:
            c.login_form_url = url(controller='home',
                                   action='login',
                                   came_from=group.url(action='request_join'),
                                   context_type='group_join')
            deny(_('You have to log in or register to request group membership.'), 401)

        pending_request = PendingRequest.get(c.user, group)
        if pending_request is None and not group.is_member(c.user):
            if (self._check_handshakes(group, c.user) == 'invitation'
                or not group.admins_approve_members):
                group.add_member(c.user)
                if c.user.location is None:
                    c.user.location = group.location
                self._clear_requests(group, c.user)
                h.flash(_('You are now a member of the group %s!') % group.title)
            else:
                group.request_join(c.user)
                group_request_email(group, c.user)
                h.flash(_("Your request to join the group has been forwarded to the group's administrators. Thanks!"))
            meta.Session.commit()
        elif group.is_member(c.user):
            h.flash(_("You already are a member of this group."))
        else:
            h.flash(_("Your request to join the group is still being processed."))

        redirect(url(controller='group', action='home', id=group.group_id))
Beispiel #3
0
    def fn(*args, **kwargs):
        if c.group is not None:
            if not c.group.forum_is_public and not check_crowds(['member', 'moderator']):
                deny("This forum is not public", 401)
            if c.group.mailinglist_enabled:
                flash(_('The web-based forum for this group has been disabled.'
                        ' Please use the mailing list instead.'))
                redirect(url(controller='mailinglist', action='index', id=c.group_id))

        return m(*args, **kwargs)
Beispiel #4
0
 def _protected_action(self, *args, **kwargs):
     if not check_crowds(['subject_accessor'], c.user, c.subject):
         location_link = ((c.subject.location.url(), ' '.join(c.subject.location.full_title_path))
                          if c.subject.visibility == 'department_members'
                          else (c.subject.location.root.url(), c.subject.location.root.title))
         deny(h.literal(_('Only %(location)s members can access see this subject.')
                        % dict(location=h.link_to(location_link[1], location_link[0]))), 401)
     c.user_can_edit_settings = c.user and (c.subject.edit_settings_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user))
     c.user_can_post_discussions = c.user and (c.subject.post_discussion_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user))
     return method(self, *args, **kwargs)
Beispiel #5
0
    def _profile_action(self, id):
        user = find_user(id)

        if user is None:
            abort(404)

        if not user.profile_is_public and not c.user:
            deny(_('This user profile is not public'), 401)

        c.user_info = user
        c.theme = user.location.get_theme()

        return method(self, user)
Beispiel #6
0
    def _profile_action(self, path, id):
        location = LocationTag.get(path)
        user = find_user(id)

        if user is None or not user.is_teacher or user.location != location:
            abort(404)

        if not user.profile_is_public and not c.user:
            deny(_('This user profile is not public'), 401)

        c.teacher = user
        c.location = user.location
        c.tabs = external_teacher_tabs(user)
        c.theme = None

        return method(self, user)
Beispiel #7
0
    def _blog_post_action(self, id, post_id):
        user = find_user(id)
        if user is None or not user.is_teacher:
            abort(404)

        post = meta.Session.query(TeacherBlogPost).filter_by(id=post_id, created=user).one()
        if not post:
            abort(404)

        if not user.profile_is_public and not c.user:
            deny(_('This user profile is not public'), 401)

        c.teacher = user
        c.tabs = teacher_tabs(user)
        c.current_tab = 'blog'
        c.theme = user.location.get_theme()
        return method(self, user, post)
Beispiel #8
0
    def get(self, id):
        if isinstance(id, basestring):
            id = re.search(r"\d*", id).group()

        if not id:
            abort(404)

        file = File.get(id)
        if file is None:
            abort(404)
        if file.parent is not None:
            redirect(file.url())
        elif is_root(c.user):
            return self._get(file)
        else:
            c.login_form_url = url(controller='home',
                                   action='login',
                                   came_from=file.url())
            deny(_('You have no right to download this file.'), 403)
Beispiel #9
0
    def _profile_action(self, path, id, post_id):
        location = LocationTag.get(path)
        user = find_user(id)

        if user is None or not user.is_teacher or user.location != location:
            abort(404)

        if not user.profile_is_public and not c.user:
            deny(_('This user profile is not public'), 401)

        post = meta.Session.query(TeacherBlogPost).filter_by(id=post_id, created=user).one()
        if not post:
            abort(404)

        c.teacher = user
        c.location = user.location
        c.tabs = external_teacher_tabs(user)
        c.current_tab = 'blog'
        c.theme = None

        return method(self, user, post)
Beispiel #10
0
 def fn(*args, **kwargs):
     if c.group is not None:
         if not check_crowds(['member', 'moderator']):
             deny("Only members can post", 401)
     return m(*args, **kwargs)
Beispiel #11
0
 def fn(*args, **kwargs):
     if not (c.group.forum_is_public or check_crowds(['member', 'admin'])):
         deny("This mailing list is not public", 401)
     return m(*args, **kwargs)