def checkAccess(self):
"""Checks whether this task is visible to the public and any other checks
if it is a POST request.
"""
self.mutator.taskFromKwargs(comments=True, work_submissions=True)
self.data.is_visible = self.check.isTaskVisible()
if task_logic.updateTaskStatus(self.data.task):
# The task logic updated the status of the task since the deadline passed
# and the GAE task was late to run. Reload the page.
raise RedirectRequest('')
if self.request.method == 'POST':
# Access checks for the different forms on this page. Note that there
# are no elif clauses because one could add multiple GET params :).
self.check.isProfileActive()
if 'reply' in self.data.GET:
# checks for posting comments
# valid tasks and profile are already checked.
self.check.isBeforeAllWorkStopped()
self.check.isCommentingAllowed()
if 'submit_work' in self.data.GET:
self.check.isBeforeAllWorkStopped()
if not task_logic.canSubmitWork(self.data.task, self.data.profile):
self.check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)
if 'button' in self.data.GET:
# check for any of the buttons
button_name = self._buttonName()
buttons = {}
TaskInformation(self.data).setButtonControls(buttons)
if not buttons.get(button_name):
self.check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)
if 'send_for_review' in self.data.GET:
self.check.isBeforeAllWorkStopped()
if not task_logic.isOwnerOfTask(self.data.task, self.data.profile) or \
not self.data.work_submissions:
self.check.fail(DEF_CANT_SEND_FOR_REVIEW)
if 'delete_submission' in self.data.GET:
self.check.isBeforeAllWorkStopped()
id = self._submissionId()
work = GCIWorkSubmission.get_by_id(id, parent=self.data.task)
if not work:
self.check.fail(DEF_NO_WORK_FOUND %id)
time_expired = work.submitted_on - datetime.datetime.now()
if work.user.key() != self.data.user.key() or \
time_expired > task_logic.DELETE_EXPIRATION:
self.check.fail(DEF_NOT_ALLOWED_TO_DELETE)
def context(self):
"""Returns the context for the current template.
"""
context = {
'submissions': self._buildWorkSubmissionContext(),
'download_url': self.data.redirect.id().urlOf('gci_download_work')
}
task = self.data.task
is_owner = task_logic.isOwnerOfTask(task, self.data.ndb_profile)
if is_owner:
context['send_for_review'] = self.data.work_submissions and \
task.status in SEND_FOR_REVIEW_ALLOWED
deleteable = []
if self.data.ndb_user:
for work in self.data.work_submissions:
work_key = ndb.Key.from_old_key(
task_model.GCIWorkSubmission.user.get_value_for_datastore(
work))
if work_key == self.data.ndb_user.key:
# Ensure that it is the work from the current user in case the task
# got re-assigned.
time_expired = work.submitted_on - datetime.datetime.now()
if time_expired < task_logic.DELETE_EXPIRATION:
deleteable.append(work)
context['deleteable'] = deleteable
if task_logic.canSubmitWork(task, self.data.ndb_profile):
if self.data.POST and 'submit_work' in self.data.GET:
# File form doesn't have any POST parameters so it should not be
# passed while reconstructing the form. So only URL form is
# constructed from POST data
context['work_url_form'] = WorkSubmissionURLForm(
data=self.data.POST)
else:
context['work_url_form'] = WorkSubmissionURLForm()
# As mentioned in the comment above since there is no POST data to
# be passed to the file form, it is constructed in the same way
# in either cases.
context['work_file_form'] = WorkSubmissionFileForm()
if self.data.GET.get('file', None) == '0':
context['work_file_form'].addFileRequiredError()
if self.data.GET.get('ws_error', None) == '1':
context['ws_error'] = True
url = '%s?submit_work' % (self.data.redirect.id().urlOf(
url_names.GCI_VIEW_TASK))
context['direct_post_url'] = url
return context
def context(self):
"""Returns the context for the current template.
"""
context = {
'submissions': self._buildWorkSubmissionContext(),
'download_url': self.data.redirect.id().urlOf('gci_download_work')
}
task = self.data.task
is_owner = task_logic.isOwnerOfTask(task, self.data.ndb_profile)
if is_owner:
context['send_for_review'] = self.data.work_submissions and \
task.status in SEND_FOR_REVIEW_ALLOWED
deleteable = []
if self.data.ndb_user:
for work in self.data.work_submissions:
work_key = ndb.Key.from_old_key(
task_model.GCIWorkSubmission.user.get_value_for_datastore(work))
if work_key == self.data.ndb_user.key:
# Ensure that it is the work from the current user in case the task
# got re-assigned.
time_expired = work.submitted_on - datetime.datetime.now()
if time_expired < task_logic.DELETE_EXPIRATION:
deleteable.append(work)
context['deleteable'] = deleteable
if task_logic.canSubmitWork(task, self.data.ndb_profile):
if self.data.POST and 'submit_work' in self.data.GET:
# File form doesn't have any POST parameters so it should not be
# passed while reconstructing the form. So only URL form is
# constructed from POST data
context['work_url_form'] = WorkSubmissionURLForm(data=self.data.POST)
else:
context['work_url_form'] = WorkSubmissionURLForm()
# As mentioned in the comment above since there is no POST data to
# be passed to the file form, it is constructed in the same way
# in either cases.
context['work_file_form'] = WorkSubmissionFileForm()
if self.data.GET.get('file', None) == '0':
context['work_file_form'].addFileRequiredError()
if self.data.GET.get('ws_error', None) == '1':
context['ws_error'] = True
url = '%s?submit_work' % (
self.data.redirect.id().urlOf(url_names.GCI_VIEW_TASK))
context['direct_post_url'] = url
return context
def checkAccess(self, data, check, mutator):
"""Checks whether this task is visible to the public and any other checks
if it is a POST request.
"""
mutator.taskFromKwargs(comments=True, work_submissions=True)
data.is_visible = check.isTaskVisible()
if task_logic.updateTaskStatus(data.task):
# The task logic updated the status of the task since the deadline passed
# and the GAE task was late to run. Reload the page.
raise exception.Redirect('')
if data.request.method == 'POST':
# Access checks for the different forms on this page. Note that there
# are no elif clauses because one could add multiple GET params :).
check.isProfileActive()
# Tasks for non-active organizations cannot be touched
check.isOrganizationActive(data.task.org)
if 'reply' in data.GET:
# checks for posting comments
# valid tasks and profile are already checked.
check.isBeforeAllWorkStopped()
check.isCommentingAllowed()
if 'submit_work' in data.GET:
check.isBeforeAllWorkStopped()
if not task_logic.canSubmitWork(data.task, data.ndb_profile):
check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)
if 'button' in data.GET:
# check for any of the buttons
button_name = self._buttonName(data)
buttons = {}
TaskInformation(data).setButtonControls(buttons)
if not buttons.get(button_name):
check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)
if 'send_for_review' in data.GET:
check.isBeforeAllWorkStopped()
if not task_logic.isOwnerOfTask(data.task, data.ndb_profile) or \
not data.work_submissions or \
data.task.status not in TASK_IN_PROGRESS:
check.fail(DEF_CANT_SEND_FOR_REVIEW)
if 'delete_submission' in data.GET:
check.isBeforeAllWorkStopped()
task_id = self._submissionId(data)
work = work_submission_model.GCIWorkSubmission.get_by_id(
task_id, parent=data.task)
if not work:
check.fail(DEF_NO_WORK_FOUND % id)
user_key = ndb.Key.from_old_key(
task_model.GCIWorkSubmission.user.get_value_for_datastore(
work))
time_expired = work.submitted_on - datetime.datetime.now()
if (user_key != data.ndb_user.key
or time_expired > task_logic.DELETE_EXPIRATION):
check.fail(DEF_NOT_ALLOWED_TO_DELETE)
def checkAccess(self, data, check, mutator):
"""Checks whether this task is visible to the public and any other checks
if it is a POST request.
"""
mutator.taskFromKwargs(comments=True, work_submissions=True)
data.is_visible = check.isTaskVisible()
if task_logic.updateTaskStatus(data.task):
# The task logic updated the status of the task since the deadline passed
# and the GAE task was late to run. Reload the page.
raise exception.Redirect('')
if data.request.method == 'POST':
# Access checks for the different forms on this page. Note that there
# are no elif clauses because one could add multiple GET params :).
check.isProfileActive()
# Tasks for non-active organizations cannot be touched
check.isOrganizationActive(data.task.org)
if 'reply' in data.GET:
# checks for posting comments
# valid tasks and profile are already checked.
check.isBeforeAllWorkStopped()
check.isCommentingAllowed()
if 'submit_work' in data.GET:
check.isBeforeAllWorkStopped()
if not task_logic.canSubmitWork(data.task, data.ndb_profile):
check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)
if 'button' in data.GET:
# check for any of the buttons
button_name = self._buttonName(data)
buttons = {}
TaskInformation(data).setButtonControls(buttons)
if not buttons.get(button_name):
check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)
if 'send_for_review' in data.GET:
check.isBeforeAllWorkStopped()
if not task_logic.isOwnerOfTask(data.task, data.ndb_profile) or \
not data.work_submissions or \
data.task.status not in TASK_IN_PROGRESS:
check.fail(DEF_CANT_SEND_FOR_REVIEW)
if 'delete_submission' in data.GET:
check.isBeforeAllWorkStopped()
task_id = self._submissionId(data)
work = work_submission_model.GCIWorkSubmission.get_by_id(
task_id, parent=data.task)
if not work:
check.fail(DEF_NO_WORK_FOUND % id)
user_key = ndb.Key.from_old_key(
task_model.GCIWorkSubmission.user.get_value_for_datastore(work))
time_expired = work.submitted_on - datetime.datetime.now()
if (user_key != data.ndb_user.key or
time_expired > task_logic.DELETE_EXPIRATION):
check.fail(DEF_NOT_ALLOWED_TO_DELETE)
