def _checkProtection(self): if isinstance(self._file.getOwner(), Reviewing): selfcopy = copy(self) selfcopy._target = self._file.getOwner().getContribution() if not (RCContributionPaperReviewingStaff.hasRights(selfcopy) or \ selfcopy._target.canUserSubmit(self.getAW().getUser()) or \ self._target.canModify( self.getAW() )): raise AccessError() elif isinstance(self._file.getOwner(), Registrant) and \ not self._file.getOwner().canUserModify(self.getAW().getUser()): raise AccessError(_("Access to this resource is forbidden.")) else: RHDisplayBaseProtected._checkProtection(self)
def _checkParams(self, params): RHRegistrationFormDisplayBase._checkParams(self, params) self._registrant=None regId=params.get("registrantId",None) self._authkey=params.get("authkey","") if regId is not None: self._registrant=self._conf.getRegistrantById(regId) if self._registrant.getRandomId() != self._authkey or self._authkey == "": raise AccessError("You are not authorized to access this web page")
def _checkProtection( self ): if isinstance(self._file.getOwner(), Reviewing): selfcopy = copy(self) selfcopy._target = self._file.getOwner().getContribution() if not (RCContributionPaperReviewingStaff.hasRights(selfcopy) or \ selfcopy._target.canUserSubmit(self.getAW().getUser()) or \ self._target.canModify( self.getAW() )): raise AccessError() else: RHDisplayBaseProtected._checkProtection( self )
def _checkSessionUser(self): user = self._getUser() if user == None: self._redirect(self._getLoginURL()) self._doProcess = False else: try: if PluginsHolder().getPluginType("RoomBooking").isActive(): if not rb_check_user_access(user): raise AccessError() except KeyError: pass
def _checkProtection(self): if isinstance(self._target, Conference): event = self._target.as_event can_access = event.can_access(session.user) if not can_access and event.access_key: raise KeyAccessError() else: can_access = self._target.canAccess(self.getAW()) if can_access: return elif self._getUser() is None: self._checkSessionUser() else: raise AccessError()
def _checkParams(self, params): RHRegistrationFormDisplayBase._checkParams(self, params) self._registrant = None self._registrant_id = params.get('registrantId', None) self._authkey = None if self._registrant_id: self._registrant = self._conf.getRegistrantById(self._registrant_id) if self._registrant is None: raise NotFoundError(_("The registrant with id {} does not exist or has been deleted") .format(self._registrant_id)) self._authkey = params.get('authkey', '') if self._registrant.getRandomId() != self._authkey or self._authkey == '': raise AccessError() elif session.avatar: self._registrant = session.avatar.getRegistrantById(self._conf.getId())
def _checkProtection(self): if not self._target.canAccess(self.getAW()): from MaKaC.conference import Link, LocalFile, Category if isinstance(self._target, Link) or isinstance( self._target, LocalFile): target = self._target.getOwner() else: target = self._target if not isinstance(self._target, Category) and target.isProtected(): if target.getAccessKey() != "" or target.getConference( ) and target.getConference().getAccessKey() != "": raise KeyAccessError() if self._getUser() == None: self._checkSessionUser() else: raise AccessError()
def _checkProtection(self): if self._getUser() == None: self._checkSessionUser() categNoAccess = [] for item in self._categList: if not item.canAccess(self.getAW()): categNoAccess.append(item) self._categList.remove(item) if len(self._categList) > 0: self._target = self._categList self._categ = self._categList[0] else: # 'categNoAccess' is necessary in order to be able to retrieve the # 'Contact Info' from all categs the user has no access (see WAccessError) self._target = categNoAccess raise AccessError()
def _checkProtection(self): if not self._target.canAccess(self.getAW()): from MaKaC.conference import Resource, Category if isinstance(self._target, Resource): target = self._target.getOwner() else: target = self._target if not isinstance(self._target, Category) and target.isProtected(): if target.getAccessKey() != "" or target.getConference() and \ target.getConference().getAccessKey() != "": raise KeyAccessError() elif target.getModifKey() != "" or target.getConference() and \ target.getConference().getModifKey() != "": raise ModificationError() if self._getUser() is None: self._checkSessionUser() else: raise AccessError()
def _checkSessionUser(self): user = self._getUser() if user == None: self._redirect(self._getLoginURL()) self._doProcess = False else: try: if PluginsHolder().getPluginType("RoomBooking").isActive(): if not AdminList.getInstance().isAdmin( user) and PluginsHolder().getPluginType( "RoomBooking").getOption( "AuthorisedUsersGroups").getValue() != []: authenticatedUser = False for entity in PluginsHolder().getPluginType( "RoomBooking").getOption( "AuthorisedUsersGroups").getValue(): if isinstance(entity, Group) and entity.containsUser(user) or \ isinstance(entity, Avatar) and entity == user: authenticatedUser = True break if not authenticatedUser: raise AccessError() except KeyError: pass
def _checkParams(self, params): RHRegistrationFormRegistrantBase._checkParams(self, params) self._authkey = params.get("authkey", "") if self._registrant.getRandomId( ) != self._authkey or self._authkey == "": raise AccessError("You are not authorized to access this web page")
def _checkProtection(self): if session.user is None: self._checkSessionUser() elif not rb_is_admin(session.user): raise AccessError("You are not authorized to take this action.")
def _checkProtection(self): if self._getUser() is None: self._checkSessionUser() elif not self._getUser().isRBAdmin(): raise AccessError("You are not authorized to take this action.")
def _checkProtection(self): RHUserBase._checkProtection(self) if not self._getUser().isAdmin(): raise AccessError()
def _checkProtection(self): RHUserBase._checkProtection(self) ak = self._avatar.getAPIKey() if ak and ak.isBlocked(): raise AccessError()
def _checkProtection( self ): if self._getUser() is None or self._registrant is None or (self._registrant.getAvatar().getId() != self._getUser().getId()): raise AccessError("Indico cannot display epayment information without being logged in")