def delete_folder(self, subject): folder_name = request.params['folder'] if not subject.getFolder(folder_name).can_write(c.user): deny(_('You have no right to delete this folder.'), 403) else: self._delete_folder(subject) redirect(request.referrer)
def request_join(self, group): if c.user is None: c.login_form_url = url(controller='home', action='login', came_from=group.url(action='request_join'), context_type='group_join') deny(_('You have to log in or register to request group membership.'), 401) pending_request = PendingRequest.get(c.user, group) if pending_request is None and not group.is_member(c.user): if (self._check_handshakes(group, c.user) == 'invitation' or not group.admins_approve_members): group.add_member(c.user) if c.user.location is None: c.user.location = group.location self._clear_requests(group, c.user) h.flash(_('You are now a member of the group %s!') % group.title) else: group.request_join(c.user) group_request_email(group, c.user) h.flash(_("Your request to join the group has been forwarded to the group's administrators. Thanks!")) meta.Session.commit() elif group.is_member(c.user): h.flash(_("You already are a member of this group.")) else: h.flash(_("Your request to join the group is still being processed.")) redirect(url(controller='group', action='home', id=group.group_id))
def fn(*args, **kwargs): if c.group is not None: if not c.group.forum_is_public and not check_crowds(['member', 'moderator']): deny("This forum is not public", 401) if c.group.mailinglist_enabled: flash(_('The web-based forum for this group has been disabled.' ' Please use the mailing list instead.')) redirect(url(controller='mailinglist', action='index', id=c.group_id)) return m(*args, **kwargs)
def _protected_action(self, *args, **kwargs): if not check_crowds(['subject_accessor'], c.user, c.subject): location_link = ((c.subject.location.url(), ' '.join(c.subject.location.full_title_path)) if c.subject.visibility == 'department_members' else (c.subject.location.root.url(), c.subject.location.root.title)) deny(h.literal(_('Only %(location)s members can access see this subject.') % dict(location=h.link_to(location_link[1], location_link[0]))), 401) c.user_can_edit_settings = c.user and (c.subject.edit_settings_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user)) c.user_can_post_discussions = c.user and (c.subject.post_discussion_perm == 'everyone' or check_crowds(['teacher', 'moderator'], c.user)) return method(self, *args, **kwargs)
def _profile_action(self, id): user = find_user(id) if user is None: abort(404) if not user.profile_is_public and not c.user: deny(_('This user profile is not public'), 401) c.user_info = user c.theme = user.location.get_theme() return method(self, user)
def _profile_action(self, path, id): location = LocationTag.get(path) user = find_user(id) if user is None or not user.is_teacher or user.location != location: abort(404) if not user.profile_is_public and not c.user: deny(_('This user profile is not public'), 401) c.teacher = user c.location = user.location c.tabs = external_teacher_tabs(user) c.theme = None return method(self, user)
def _blog_post_action(self, id, post_id): user = find_user(id) if user is None or not user.is_teacher: abort(404) post = meta.Session.query(TeacherBlogPost).filter_by(id=post_id, created=user).one() if not post: abort(404) if not user.profile_is_public and not c.user: deny(_('This user profile is not public'), 401) c.teacher = user c.tabs = teacher_tabs(user) c.current_tab = 'blog' c.theme = user.location.get_theme() return method(self, user, post)
def get(self, id): if isinstance(id, basestring): id = re.search(r"\d*", id).group() if not id: abort(404) file = File.get(id) if file is None: abort(404) if file.parent is not None: redirect(file.url()) elif is_root(c.user): return self._get(file) else: c.login_form_url = url(controller='home', action='login', came_from=file.url()) deny(_('You have no right to download this file.'), 403)
def _profile_action(self, path, id, post_id): location = LocationTag.get(path) user = find_user(id) if user is None or not user.is_teacher or user.location != location: abort(404) if not user.profile_is_public and not c.user: deny(_('This user profile is not public'), 401) post = meta.Session.query(TeacherBlogPost).filter_by(id=post_id, created=user).one() if not post: abort(404) c.teacher = user c.location = user.location c.tabs = external_teacher_tabs(user) c.current_tab = 'blog' c.theme = None return method(self, user, post)
def fn(*args, **kwargs): if c.group is not None: if not check_crowds(['member', 'moderator']): deny("Only members can post", 401) return m(*args, **kwargs)
def fn(*args, **kwargs): if not (c.group.forum_is_public or check_crowds(['member', 'admin'])): deny("This mailing list is not public", 401) return m(*args, **kwargs)