def _extend_event_management_menu(sender, event, **kwargs):
if not can_manage_attachments(event, session.user):
return
return SideMenuItem('attachments',
_('Materials'),
url_for('attachments.management', event),
80,
section='organization')
def can_access(self, user, *args, **kwargs):
"""Check if the user is allowed to access the attachment.
This is the case if the user has access to see the attachment
or if the user can manage attachments for the linked object.
"""
return (super().can_access(user, *args, **kwargs)
or can_manage_attachments(self.folder.object, user))
def can_access(self, user, *args, **kwargs):
"""Checks if the user is allowed to access the attachment.
This is the case if the user has access to see the attachment
or if the user can manage attachments for the linked object.
"""
return (super(Attachment, self).can_access(user, *args, **kwargs) or
can_manage_attachments(self.folder.object, user))
def can_access(self, user, *args, **kwargs):
"""Checks if the user is allowed to access the folder.
This is the case if the user has access the folder or if the
user can manage attachments for the linked object.
"""
return (super(AttachmentFolder, self).can_access(
user, *args, **kwargs)
or can_manage_attachments(self.linked_object, user))
def can_access(self, user, *args, **kwargs):
"""Check if the user is allowed to access the folder.
This is the case if the user has access the folder or if the
user can manage attachments for the linked object.
"""
return (super().can_access(user, *args, **kwargs)
or can_manage_attachments(self.object,
user,
allow_admin=kwargs.get(
'allow_admin', True)))
def _get_event_management_url(event, **kwargs):
if can_manage_attachments(event, session.user):
return url_for('attachments.management', event)
def _check_access(self):
RHProtected._check_access(self)
if not can_manage_attachments(self.object, session.user):
raise Forbidden
check_event_locked(self, self.event)
def _check_access(self):
RHManageCategoryBase._check_access(self)
# This is already covered by CategModifBase, but if we ever add more
# checks to can_manage_attachments we are on the safe side...
if not can_manage_attachments(self.object, session.user):
raise Forbidden
def _checkProtection(self):
RHProtected._checkProtection(self)
if not can_manage_attachments(self.object, session.user):
raise Forbidden
def can_manage_attachments(self, user):
return can_manage_attachments(self, user)
def can_manage_attachments(self, user):
return can_manage_attachments(self, user)
def _checkProtection(self):
RHManageCategoryBase._checkProtection(self)
# This is already covered by CategModifBase, but if we ever add more
# checks to can_manage_attachments we are on the safe side...
if not can_manage_attachments(self.object, session.user):
raise Forbidden
def _get_event_management_url(event, **kwargs):
if can_manage_attachments(event, session.user):
return url_for('attachments.management', event)
def _extend_event_management_menu(sender, event, **kwargs):
if not can_manage_attachments(event, session.user):
return
return SideMenuItem('attachments', _('Materials'), url_for('attachments.management', event), 80,
section='organization')
def can_manage_attachments(self, user):
from indico.modules.attachments.util import can_manage_attachments
return can_manage_attachments(self, user)
def can_manage_attachments(self, user):
from indico.modules.attachments.util import can_manage_attachments
return can_manage_attachments(self, user)
def _checkProtection(self):
RHProtected._checkProtection(self)
if not can_manage_attachments(self.object, session.user):
raise Forbidden