def _checkProtection(self):
if isinstance(self._file.getOwner(), Reviewing):
selfcopy = copy(self)
selfcopy._target = self._file.getOwner().getContribution()
if not (RCContributionPaperReviewingStaff.hasRights(selfcopy) or \
selfcopy._target.canUserSubmit(self.getAW().getUser()) or \
self._target.canModify( self.getAW() )):
raise AccessError()
elif isinstance(self._file.getOwner(), Registrant) and \
not self._file.getOwner().canUserModify(self.getAW().getUser()):
raise AccessError(_("Access to this resource is forbidden."))
else:
RHDisplayBaseProtected._checkProtection(self)
def _checkParams(self, params):
RHRegistrationFormDisplayBase._checkParams(self, params)
self._registrant=None
regId=params.get("registrantId",None)
self._authkey=params.get("authkey","")
if regId is not None:
self._registrant=self._conf.getRegistrantById(regId)
if self._registrant.getRandomId() != self._authkey or self._authkey == "":
raise AccessError("You are not authorized to access this web page")
def _checkProtection( self ):
if isinstance(self._file.getOwner(), Reviewing):
selfcopy = copy(self)
selfcopy._target = self._file.getOwner().getContribution()
if not (RCContributionPaperReviewingStaff.hasRights(selfcopy) or \
selfcopy._target.canUserSubmit(self.getAW().getUser()) or \
self._target.canModify( self.getAW() )):
raise AccessError()
else:
RHDisplayBaseProtected._checkProtection( self )
def _checkSessionUser(self):
user = self._getUser()
if user == None:
self._redirect(self._getLoginURL())
self._doProcess = False
else:
try:
if PluginsHolder().getPluginType("RoomBooking").isActive():
if not rb_check_user_access(user):
raise AccessError()
except KeyError:
pass
def _checkProtection(self):
if isinstance(self._target, Conference):
event = self._target.as_event
can_access = event.can_access(session.user)
if not can_access and event.access_key:
raise KeyAccessError()
else:
can_access = self._target.canAccess(self.getAW())
if can_access:
return
elif self._getUser() is None:
self._checkSessionUser()
else:
raise AccessError()
def _checkParams(self, params):
RHRegistrationFormDisplayBase._checkParams(self, params)
self._registrant = None
self._registrant_id = params.get('registrantId', None)
self._authkey = None
if self._registrant_id:
self._registrant = self._conf.getRegistrantById(self._registrant_id)
if self._registrant is None:
raise NotFoundError(_("The registrant with id {} does not exist or has been deleted")
.format(self._registrant_id))
self._authkey = params.get('authkey', '')
if self._registrant.getRandomId() != self._authkey or self._authkey == '':
raise AccessError()
elif session.avatar:
self._registrant = session.avatar.getRegistrantById(self._conf.getId())
def _checkProtection(self):
if not self._target.canAccess(self.getAW()):
from MaKaC.conference import Link, LocalFile, Category
if isinstance(self._target, Link) or isinstance(
self._target, LocalFile):
target = self._target.getOwner()
else:
target = self._target
if not isinstance(self._target, Category) and target.isProtected():
if target.getAccessKey() != "" or target.getConference(
) and target.getConference().getAccessKey() != "":
raise KeyAccessError()
if self._getUser() == None:
self._checkSessionUser()
else:
raise AccessError()
def _checkProtection(self):
if self._getUser() == None:
self._checkSessionUser()
categNoAccess = []
for item in self._categList:
if not item.canAccess(self.getAW()):
categNoAccess.append(item)
self._categList.remove(item)
if len(self._categList) > 0:
self._target = self._categList
self._categ = self._categList[0]
else:
# 'categNoAccess' is necessary in order to be able to retrieve the
# 'Contact Info' from all categs the user has no access (see WAccessError)
self._target = categNoAccess
raise AccessError()
def _checkProtection(self):
if not self._target.canAccess(self.getAW()):
from MaKaC.conference import Resource, Category
if isinstance(self._target, Resource):
target = self._target.getOwner()
else:
target = self._target
if not isinstance(self._target, Category) and target.isProtected():
if target.getAccessKey() != "" or target.getConference() and \
target.getConference().getAccessKey() != "":
raise KeyAccessError()
elif target.getModifKey() != "" or target.getConference() and \
target.getConference().getModifKey() != "":
raise ModificationError()
if self._getUser() is None:
self._checkSessionUser()
else:
raise AccessError()
def _checkSessionUser(self):
user = self._getUser()
if user == None:
self._redirect(self._getLoginURL())
self._doProcess = False
else:
try:
if PluginsHolder().getPluginType("RoomBooking").isActive():
if not AdminList.getInstance().isAdmin(
user) and PluginsHolder().getPluginType(
"RoomBooking").getOption(
"AuthorisedUsersGroups").getValue() != []:
authenticatedUser = False
for entity in PluginsHolder().getPluginType(
"RoomBooking").getOption(
"AuthorisedUsersGroups").getValue():
if isinstance(entity, Group) and entity.containsUser(user) or \
isinstance(entity, Avatar) and entity == user:
authenticatedUser = True
break
if not authenticatedUser:
raise AccessError()
except KeyError:
pass
def _checkParams(self, params):
RHRegistrationFormRegistrantBase._checkParams(self, params)
self._authkey = params.get("authkey", "")
if self._registrant.getRandomId(
) != self._authkey or self._authkey == "":
raise AccessError("You are not authorized to access this web page")
def _checkProtection(self):
if session.user is None:
self._checkSessionUser()
elif not rb_is_admin(session.user):
raise AccessError("You are not authorized to take this action.")
def _checkProtection(self):
if self._getUser() is None:
self._checkSessionUser()
elif not self._getUser().isRBAdmin():
raise AccessError("You are not authorized to take this action.")
def _checkProtection(self):
RHUserBase._checkProtection(self)
if not self._getUser().isAdmin():
raise AccessError()
def _checkProtection(self):
RHUserBase._checkProtection(self)
ak = self._avatar.getAPIKey()
if ak and ak.isBlocked():
raise AccessError()
def _checkProtection( self ):
if self._getUser() is None or self._registrant is None or (self._registrant.getAvatar().getId() != self._getUser().getId()):
raise AccessError("Indico cannot display epayment information without being logged in")