def _check_access(self):
RHDisplayEventBase._check_access(self)
# Only let abstract managers access the management versions.
if self.management and not self.event.can_manage(
session.user, permission='abstracts'):
raise Forbidden
check_event_locked(self, self.event)
def _check_access(self):
RHDisplayEventBase._check_access(self)
published = contribution_settings.get(self.event, 'published')
if not self.contrib.can_access(session.user):
raise Forbidden
if not published:
raise NotFound(_("The contributions of this event have not been published yet."))
def _check_access(self):
try:
RHDisplayEventBase._check_access(self)
except RegistrationRequired:
self.is_restricted_access = True
if not self.ALLOW_PROTECTED_EVENT or not self._check_restricted_event_access():
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
published = contribution_settings.get(self.event, 'published')
if not published:
raise NotFound(
_("The contributions of this event have not been published yet"
))
def _check_access(self):
RHDisplayEventBase._check_access(self)
published = contribution_settings.get(self.event, 'published')
if not published and not self.event.can_manage(session.user):
raise NotFound(
_('The contributions of this event have not been published yet'
))
def _check_access(self):
RHDisplayEventBase._check_access(self)
published = contribution_settings.get(self.event, 'published')
if not published:
raise NotFound(_("The contributions of this event have not been published yet."))
if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event):
self._forbidden_if_not_admin()
def _check_access(self):
if not self.contrib.can_access(session.user):
# perform event access check since it may send the user to the access key or registration page
RHDisplayEventBase._check_access(self)
raise Forbidden
published = contribution_settings.get(self.event, 'published')
if not published and not self._can_view_unpublished():
raise NotFound(
_('The contributions of this event have not been published yet.'
))
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not self.subcontrib.can_access(session.user):
raise Forbidden
published = contribution_settings.get(self.event, 'published')
if (not published and not self.event.can_manage(session.user)
and not self.contrib.is_user_associated(session.user)):
raise NotFound(
_("The contributions of this event have not been published yet."
))
def _check_access(self):
RHDisplayEventBase._check_access(self)
published = contribution_settings.get(self.event, 'published')
if not published and not has_contributions_with_user_as_submitter(
self.event, session.user):
raise NotFound(
_('The contributions of this event have not been published yet.'
))
if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event):
self._forbidden_if_not_admin()
def _check_access(self):
if not self.subcontrib.can_access(session.user):
# perform event access check since it may send the user to the access key or registration page
RHDisplayEventBase._check_access(self)
raise Forbidden
published = contribution_settings.get(self.event, 'published')
if (not published and not self.event.can_manage(session.user)
and not self.subcontrib.is_user_associated(session.user)):
raise NotFound(
_("The contributions of this event have not been published yet."
))
def _check_access(self):
try:
DownloadAttachmentMixin._check_access(self)
except Forbidden:
# if we get here the user has no access to the attachment itself so we
# trigger the event access check since it may show the access key form
# or registration required message
RHDisplayEventBase._check_access(self)
# the user may have access to the event but not the material so if we
# are here we need to re-raise the original exception
raise
def test_event_key_access(create_user, create_event):
"""
Ensure the event doesn't reject the user if an access key is required.
"""
rh = RHDisplayEventBase()
rh.event = create_event(2,
protection_mode=ProtectionMode.protected,
access_key='abc')
with pytest.raises(AccessKeyRequired):
rh._check_access()
user = create_user(1)
rh.event.update_principal(user, read_access=True)
session.set_session_user(user)
rh._check_access()
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not self.contrib.can_access(session.user):
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
if (self.page.menu_entry.registered_only
and not self.event.is_user_registered(session.user)
and not self.event.can_manage(session.user)):
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
print(session.user)
if not session.user and request.method != 'GET':
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
DownloadAttachmentMixin._check_access(self)
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not self.entry.can_view(session.user):
raise Forbidden
def _check_access(self):
if not session.user:
raise Forbidden
RHDisplayEventBase._check_access(self)
def _check_access(self):
try:
RHDisplayEventBase._check_access(self)
except RegistrationRequired:
# in case registrants need to register they should be able to see the css
pass
def _check_access(self):
if not self.folder.can_access(session.user):
# basically the same logic as in RHDownloadEventAttachment. see the comments
# there for a more detailed explanation.
RHDisplayEventBase._check_access(self)
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event):
self._forbidden_if_not_admin()
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not self.contrib.can_access(session.user):
raise Forbidden
def _check_access(self):
self.is_service_call = TokenAccessMixin._token_can_access(self)
if not self.is_service_call:
RHDisplayEventBase._check_access(self)
RequireUserMixin._check_access(self)
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not self.page.menu_entry.can_access(session.user):
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
# Only let managers access the management versions.
if self.management and not self.event.cfp.is_manager(session.user):
raise Forbidden
def _check_access(self):
RHDisplayEventBase._check_access(self)
# Only let event managers access the management versions.
if self.management and not self.event.can_manage(session.user):
raise Forbidden
check_event_locked(self, self.event)
def _check_access(self):
RHDisplayEventBase._check_access(self)
# Only let managers access the management versions.
if self.management and not self.event.cfp.is_manager(session.user):
raise Forbidden
def _check_access(self):
if not TokenAccessMixin._token_can_access(self):
RHDisplayEventBase._check_access(self)
RequireUserMixin._check_access(self)
def _check_access(self):
if not session.user:
raise Forbidden
RHDisplayEventBase._check_access(self)
def _check_access(self):
RHDisplayEventBase._check_access(self)
RequireUserMixin._check_access(self)
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event):
self._forbidden_if_not_admin()
def _check_access(self):
RHDisplayEventBase._check_access(self)
if not self.entry.can_view(session.user):
raise Forbidden