def _check_access(self): RHDisplayEventBase._check_access(self) # Only let abstract managers access the management versions. if self.management and not self.event.can_manage( session.user, permission='abstracts'): raise Forbidden check_event_locked(self, self.event)
def _check_access(self): RHDisplayEventBase._check_access(self) published = contribution_settings.get(self.event, 'published') if not self.contrib.can_access(session.user): raise Forbidden if not published: raise NotFound(_("The contributions of this event have not been published yet."))
def _check_access(self): try: RHDisplayEventBase._check_access(self) except RegistrationRequired: self.is_restricted_access = True if not self.ALLOW_PROTECTED_EVENT or not self._check_restricted_event_access(): raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) published = contribution_settings.get(self.event, 'published') if not published: raise NotFound( _("The contributions of this event have not been published yet" ))
def _check_access(self): RHDisplayEventBase._check_access(self) published = contribution_settings.get(self.event, 'published') if not published and not self.event.can_manage(session.user): raise NotFound( _('The contributions of this event have not been published yet' ))
def _check_access(self): RHDisplayEventBase._check_access(self) published = contribution_settings.get(self.event, 'published') if not published: raise NotFound(_("The contributions of this event have not been published yet.")) if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event): self._forbidden_if_not_admin()
def _check_access(self): if not self.contrib.can_access(session.user): # perform event access check since it may send the user to the access key or registration page RHDisplayEventBase._check_access(self) raise Forbidden published = contribution_settings.get(self.event, 'published') if not published and not self._can_view_unpublished(): raise NotFound( _('The contributions of this event have not been published yet.' ))
def _check_access(self): RHDisplayEventBase._check_access(self) if not self.subcontrib.can_access(session.user): raise Forbidden published = contribution_settings.get(self.event, 'published') if (not published and not self.event.can_manage(session.user) and not self.contrib.is_user_associated(session.user)): raise NotFound( _("The contributions of this event have not been published yet." ))
def _check_access(self): RHDisplayEventBase._check_access(self) published = contribution_settings.get(self.event, 'published') if not published and not has_contributions_with_user_as_submitter( self.event, session.user): raise NotFound( _('The contributions of this event have not been published yet.' )) if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event): self._forbidden_if_not_admin()
def _check_access(self): if not self.subcontrib.can_access(session.user): # perform event access check since it may send the user to the access key or registration page RHDisplayEventBase._check_access(self) raise Forbidden published = contribution_settings.get(self.event, 'published') if (not published and not self.event.can_manage(session.user) and not self.subcontrib.is_user_associated(session.user)): raise NotFound( _("The contributions of this event have not been published yet." ))
def _check_access(self): try: DownloadAttachmentMixin._check_access(self) except Forbidden: # if we get here the user has no access to the attachment itself so we # trigger the event access check since it may show the access key form # or registration required message RHDisplayEventBase._check_access(self) # the user may have access to the event but not the material so if we # are here we need to re-raise the original exception raise
def test_event_key_access(create_user, create_event): """ Ensure the event doesn't reject the user if an access key is required. """ rh = RHDisplayEventBase() rh.event = create_event(2, protection_mode=ProtectionMode.protected, access_key='abc') with pytest.raises(AccessKeyRequired): rh._check_access() user = create_user(1) rh.event.update_principal(user, read_access=True) session.set_session_user(user) rh._check_access()
def _check_access(self): RHDisplayEventBase._check_access(self) if not self.contrib.can_access(session.user): raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) if (self.page.menu_entry.registered_only and not self.event.is_user_registered(session.user) and not self.event.can_manage(session.user)): raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) print(session.user) if not session.user and request.method != 'GET': raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) DownloadAttachmentMixin._check_access(self)
def _check_access(self): RHDisplayEventBase._check_access(self) if not self.entry.can_view(session.user): raise Forbidden
def _check_access(self): if not session.user: raise Forbidden RHDisplayEventBase._check_access(self)
def _check_access(self): try: RHDisplayEventBase._check_access(self) except RegistrationRequired: # in case registrants need to register they should be able to see the css pass
def _check_access(self): if not self.folder.can_access(session.user): # basically the same logic as in RHDownloadEventAttachment. see the comments # there for a more detailed explanation. RHDisplayEventBase._check_access(self) raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) if not is_menu_entry_enabled(self.MENU_ENTRY_NAME, self.event): self._forbidden_if_not_admin()
def _check_access(self): self.is_service_call = TokenAccessMixin._token_can_access(self) if not self.is_service_call: RHDisplayEventBase._check_access(self) RequireUserMixin._check_access(self)
def _check_access(self): RHDisplayEventBase._check_access(self) if not self.page.menu_entry.can_access(session.user): raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) # Only let managers access the management versions. if self.management and not self.event.cfp.is_manager(session.user): raise Forbidden
def _check_access(self): RHDisplayEventBase._check_access(self) # Only let event managers access the management versions. if self.management and not self.event.can_manage(session.user): raise Forbidden check_event_locked(self, self.event)
def _check_access(self): if not TokenAccessMixin._token_can_access(self): RHDisplayEventBase._check_access(self) RequireUserMixin._check_access(self)
def _check_access(self): RHDisplayEventBase._check_access(self) RequireUserMixin._check_access(self)