def canStudentUpdateProject(self):
"""Checks if the student can edit the project details."""
assert access_checker.isSet(self.data.program)
assert access_checker.isSet(self.data.timeline)
self.isProjectInURLValid()
# check if the timeline allows updating project
self.isProgramVisible()
self.acceptedStudentsAnnounced()
# check if the current used is an active student
self.isActiveStudent()
# check if the project belongs to the current user
expected_profile_key = self.data.url_project.parent_key()
if expected_profile_key != self.data.ndb_profile.key.to_old_key():
error_msg = access_checker.DEF_ENTITY_DOES_NOT_BELONG_TO_YOU % {
'name': 'project'
}
raise exception.Forbidden(message=error_msg)
# check if the status allows the project to be updated
if self.data.url_project.status in ['invalid', 'withdrawn', 'failed']:
raise exception.Forbidden(
message=access_checker.DEF_CANNOT_UPDATE_ENTITY %
{'name': 'project'})
def isStudentForSurvey(self):
"""Checks if the student can take survey for the project.
"""
self.isProjectInURLValid()
# check if the project belongs to the current user and if so he
# can access the survey
expected_profile_key = self.data.url_project.parent_key()
if expected_profile_key != self.data.ndb_profile.key.to_old_key():
raise exception.Forbidden(
message=DEF_STUDENT_EVAL_DOES_NOT_BELONG_TO_YOU)
# check if the project is still ongoing
if self.data.url_project.status in ['invalid', 'withdrawn']:
raise exception.Forbidden(
message=DEF_EVAL_NOT_ACCESSIBLE_FOR_PROJECT)
# check if the project has failed in a previous evaluation
# TODO(Madhu): This still has a problem that when the project fails
# in the final evaluation, the users will not be able to access the
# midterm evaluation show page. Should be fixed.
if (self.data.url_project.status == 'failed'
and self.data.url_project.failed_evaluations):
failed_evals = db.get(self.data.url_project.failed_evaluations)
fe_keynames = [
f.grading_survey_group.grading_survey.key().id_or_name()
for f in failed_evals
]
if self.data.student_evaluation.key().id_or_name(
) not in fe_keynames:
raise exception.Forbidden(
message=DEF_FAILED_PREVIOUS_EVAL %
(self.data.student_evaluation.short_name.lower()))
def canStudentUpdateProposal(self):
"""Checks if the student is eligible to submit a proposal.
"""
self.isActiveStudent()
self.isProposalInURLValid()
# check if the timeline allows updating proposals
# TODO(nathaniel): Yep, this is weird.
try:
self.studentSignupActive()
except exception.UserError:
self.canStudentUpdateProposalPostSignup()
# check if the proposal belongs to the current user
expected_profile_key = self.data.url_proposal.parent_key()
if expected_profile_key != self.data.ndb_profile.key.to_old_key():
error_msg = access_checker.DEF_ENTITY_DOES_NOT_BELONG_TO_YOU % {
'name': 'proposal'
}
raise exception.Forbidden(message=error_msg)
# check if the status allows the proposal to be updated
status = self.data.url_proposal.status
if status == 'ignored':
raise exception.Forbidden(message=DEF_PROPOSAL_IGNORED_MESSAGE)
elif status in ['invalid', proposal_model.STATUS_ACCEPTED, 'rejected']:
raise exception.Forbidden(
message=access_checker.DEF_CANNOT_UPDATE_ENTITY %
{'name': 'proposal'})
# determine what can be done with the proposal
if status == 'new' or status == 'pending':
self.data.is_pending = True
elif status == 'withdrawn':
self.data.is_pending = False
def checkAccess(self, data, check):
"""See AccessChecker.checkAccess for specification."""
if data.url_ndb_profile.status != profile_model.Status.ACTIVE:
raise exception.Forbidden(message=_MESSAGE_NO_URL_PROFILE %
data.kwargs['user'])
if data.url_ndb_profile.is_student:
raise exception.Forbidden(message=_MESSAGE_STUDENTS_DENIED)
def checkAccess(self, data, check):
"""See AccessChecker.checkAccess for specification."""
if (not data.ndb_profile
or data.ndb_profile.status != profile_model.Status.ACTIVE):
raise exception.Forbidden(message=_MESSAGE_NO_PROFILE)
if data.ndb_profile.is_student:
raise exception.Forbidden(message=_MESSAGE_STUDENTS_DENIED)
def checkAccess(self, data, check, mutator):
check.isOrgAdminForOrganization(
ndb.Key.from_old_key(data.url_org.key()))
if not data.timeline.allReviewsStopped():
raise exception.Forbidden(
message=
'This page may be accessed when the review period is over')
def canStudentDownloadForms(self):
"""Checks if the user can download the forms.
"""
self.isProfileActive()
if not (self.data.ndb_profile.is_student
and self.data.ndb_profile.student_data.number_of_projects):
raise exception.Forbidden(message=DEF_NOT_ALLOWED_TO_DOWNLOAD_FORM)
def checkAccess(self, data, check, mutator):
org_key = proposal_model.GSoCProposal.org.get_value_for_datastore(
data.url_proposal)
check.isOrgAdminForOrganization(org_key)
if data.url_proposal.status == 'withdrawn':
raise exception.Forbidden(
message="You cannot ignore a withdrawn proposal")
def post(self, data, check, mutator):
"""Handler for POST requests for each component."""
for component in self.components(data):
if component.post():
return http.HttpResponse()
else:
raise exception.Forbidden(message='You cannot change this data')
def isStudentWithProject(self):
self.isActiveStudent()
if self.data.ndb_profile.student_data.number_of_projects > 0:
return
raise exception.Forbidden(message=DEF_HAS_NO_PROJECT)
def post(self, data, check, mutator):
"""See soc.views.base.RequestHandler.post for specification."""
list_content = ProjectList(data)
if list_content.post():
return http.HttpResponse()
else:
raise exception.Forbidden(message='You cannot change this data')
def isStudentSurveyActive(self, survey, student, show_url=None):
"""Checks if the student survey can be taken by the specified student.
Args:
survey: a survey entity.
student: a student profile entity.
show_url: survey show page URL to which the user should be redirected.
Raises:
exception.Redirect: if the active period is over and URL to redirect
is specified.
exception.Forbidden: if it is not possible to access survey
at this time.
"""
active_period = survey_logic.getSurveyActivePeriod(survey)
if active_period.state != survey_logic.IN_PERIOD_STATE:
# try finding a personal extension for the student
extension = survey_logic.getPersonalExtension(
student.key, survey.key())
active_period = survey_logic.getSurveyActivePeriod(
survey, extension=extension)
if active_period.state == survey_logic.POST_PERIOD_STATE and show_url:
raise exception.Redirect(show_url)
if active_period.state != survey_logic.IN_PERIOD_STATE:
raise exception.Forbidden(
message=DEF_PAGE_INACTIVE_OUTSIDE %
(active_period.start, active_period.end))
def isProjectInURLValid(self):
"""Checks if the project in URL exists.
"""
if not self.data.url_project:
error_msg = DEF_ID_BASED_ENTITY_NOT_EXISTS % {
'model': 'GSoCProject',
'id': self.data.kwargs['id']
}
raise exception.Forbidden(message=error_msg)
if self.data.url_project.status == 'invalid':
error_msg = DEF_ID_BASED_ENTITY_INVALID % {
'model': 'GSoCProject',
'id': self.data.kwargs['id'],
}
raise exception.Forbidden(message=error_msg)
def post(self, data, check, mutator):
"""Handler for POST requests."""
proposals_list = ProposalsList(data)
if proposals_list.post():
return http.HttpResponse()
else:
raise exception.Forbidden(message='You cannot change this data')
def jsonContext(self, data, check, mutator):
list_content = ProposalsList(data).getListData()
if list_content:
return list_content.content()
else:
raise exception.Forbidden(
message='You do not have access to this data')
def isProfileActive(self):
"""Checks if the profile of the current user is active.
"""
self.hasProfile()
if self.data.ndb_profile.status != profile_model.Status.ACTIVE:
raise exception.Forbidden(message=DEF_PROFILE_INACTIVE)
def checkAccess(self, data, check):
"""See AccessChecker.checkAccess for specification."""
if not self._is_ndb:
if not data.profile:
raise exception.Forbidden(message=_MESSAGE_NO_PROFILE)
# good ol' db
if data.url_org.key() not in data.profile.org_admin_for:
raise exception.Forbidden(
message=_MESSAGE_NOT_ORG_ADMIN_FOR_ORG %
data.url_org.key().name())
else:
if not data.ndb_profile:
raise exception.Forbidden(message=_MESSAGE_NO_PROFILE)
if data.url_ndb_org.key not in data.ndb_profile.admin_for:
raise exception.Forbidden(
message=_MESSAGE_NOT_ORG_ADMIN_FOR_ORG %
data.url_ndb_org.key.id())
def checkAccess(self, data, check):
"""See AccessChecker.checkAccess for specification."""
if not data.program:
raise exception.NotFound(message=_MESSAGE_PROGRAM_NOT_EXISTING)
if (data.program.status != program_model.STATUS_VISIBLE
or not data.timeline.programActive()):
raise exception.Forbidden(message=_MESSAGE_PROGRAM_NOT_ACTIVE)
def jsonContext(self, data, check, mutator):
"""See soc.views.base.RequestHandler.jsonContext for full specification."""
list_content = ConversationsList(data).getListData()
if list_content:
return list_content.content()
else:
raise exception.Forbidden(
message='You do not have access to this data')
def jsonContext(self, data, check, mutator):
all_participating_students_list = AllParticipatingStudentsList(data)
list_content = all_participating_students_list.getListData()
if list_content:
return list_content.content()
else:
raise exception.Forbidden(
message='You do not have access to this data')
def jsonContext(self, data, check, mutator):
"""Handler for JSON requests."""
list_content = ProjectList(data).getListData()
if list_content:
return list_content.content()
else:
raise exception.Forbidden(
message='You do not have access to this data')
def isProposer(self):
"""Checks if the current user is the author of the proposal.
"""
self.isProgramVisible()
self.isProfileActive()
if self.data.url_ndb_profile.key != self.data.ndb_profile.key:
raise exception.Forbidden(message=DEF_NOT_PROPOSER)
def isOrgAdminForOrganization(self, org_key):
"""Checks if the user is an admin for the specified organiztaion.
"""
self.isProfileActive()
if org_key in self.data.ndb_profile.admin_for:
return
raise exception.Forbidden(message=DEF_NOT_ADMIN % org_key.id())
def hasProfile(self):
"""Checks if the user has a profile for the current program.
"""
self.isLoggedIn()
if self.data.ndb_profile:
return
raise exception.Forbidden(message=DEF_NO_PROFILE)
def jsonContext(self, data, check, mutator):
list_query = project_logic.getProjectsQuery(program=data.program)
list_content = projects_list.ProjectList(
data, list_query, idx=self.LIST_IDX).getListData()
if list_content:
return list_content.content()
else:
raise exception.Forbidden(
message='You do not have access to this data')
def jsonContext(self, data, check, mutator):
"""See base.RequestHandler.jsonContext for specification."""
list_content = StudentsList(data.request, data, links.SOC_LINKER,
urls.UrlNames).getListData()
if list_content:
return list_content.content()
else:
raise exception.Forbidden(
message='You do not have access to this data')
def isOrganizationActive(self, organization):
"""Checks if the specified organization is active.
"""
if organization.status != 'active':
error_msg = DEF_ORG_NOT_ACTIVE % {
'name': organization.name,
'program': self.data.program.name
}
raise exception.Forbidden(message=error_msg)
def isMentorForOrganization(self, org_key):
"""Checks if the user is a mentor for the specified organiztaion.
"""
self.isProfileActive()
if org_key in self.data.ndb_profile.mentor_for:
return
raise exception.Forbidden(message=DEF_NOT_MENTOR % org_key.id())
def isUser(self):
"""Checks if the current user has an User entity.
"""
self.isLoggedIn()
if self.data.ndb_user:
return
raise exception.Forbidden(message=DEF_NO_USER_LOGIN)
def isActiveStudent(self):
"""Checks if the user is an active student.
"""
self.isProfileActive()
if self.data.ndb_profile.student_data:
return
raise exception.Forbidden(message=DEF_IS_NOT_STUDENT)
