def approve(self, user, token):
"""Add user to approval list if user is admin and token verifies."""
try:
if self.approval_state[user._id]['approval_token'] != token:
raise InvalidSanctionApprovalToken(
self.APPROVAL_INVALID_TOKEN_MESSAGE.format(
DISPLAY_NAME=self.DISPLAY_NAME))
except KeyError:
raise PermissionsError(self.APPROVAL_NOT_AUTHORIZED_MESSAGE.format(
DISPLAY_NAME=self.DISPLAY_NAME))
self.approval_state[user._id]['has_approved'] = True
self._on_approve(user, token)
self.save()
def _validate_trigger(self, event_data):
'''Verify that an approve/accept/reject call meets all preconditions.'''
action = event_data.event.name
user = event_data.kwargs.get('user')
if user is None and event_data.args:
user = event_data.args[0]
# Allow certain 'accept' calls with no user for OSF admin use
if not user and action != 'accept':
raise ValueError('All state trigger functions must specify a user')
if not self._verify_user_role(user, action):
raise PermissionsError(
self.ACTION_NOT_AUTHORIZED_MESSAGE.format(
ACTION=action, DISPLAY_NAME=self.DISPLAY_NAME))
# Moderator auth is validated by API, no token to check
# user is None and no prior exception -> OSF-internal accept call
if self.approval_stage is ApprovalStates.PENDING_MODERATION or user is None:
return True
token = event_data.kwargs.get('token')
if token is None:
try:
token = event_data.args[1]
except IndexError:
raise ValueError('Admin actions require a token')
if action == 'approve' and self.approval_state[
user._id]['approval_token'] != token:
raise InvalidSanctionApprovalToken(
self.APPROVAL_INVALID_TOKEN_MESSAGE.format(
DISPLAY_NAME=self.DISPLAY_NAME))
elif action == 'reject' and self.approval_state[
user._id]['rejection_token'] != token:
raise InvalidSanctionRejectionToken(
self.REJECTION_INVALID_TOKEN_MESSAGE.format(
DISPLAY_NAME=self.DISPLAY_NAME))
return True