def checkAccess(self): """Checks whether this task is visible to the public and any other checks if it is a POST request. """ self.mutator.taskFromKwargs(comments=True, work_submissions=True) self.data.is_visible = self.check.isTaskVisible() if task_logic.updateTaskStatus(self.data.task): # The task logic updated the status of the task since the deadline passed # and the GAE task was late to run. Reload the page. raise RedirectRequest('') if self.request.method == 'POST': # Access checks for the different forms on this page. Note that there # are no elif clauses because one could add multiple GET params :). self.check.isProfileActive() if 'reply' in self.data.GET: # checks for posting comments # valid tasks and profile are already checked. self.check.isBeforeAllWorkStopped() self.check.isCommentingAllowed() if 'submit_work' in self.data.GET: self.check.isBeforeAllWorkStopped() if not task_logic.canSubmitWork(self.data.task, self.data.profile): self.check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK) if 'button' in self.data.GET: # check for any of the buttons button_name = self._buttonName() buttons = {} TaskInformation(self.data).setButtonControls(buttons) if not buttons.get(button_name): self.check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name) if 'send_for_review' in self.data.GET: self.check.isBeforeAllWorkStopped() if not task_logic.isOwnerOfTask(self.data.task, self.data.profile) or \ not self.data.work_submissions: self.check.fail(DEF_CANT_SEND_FOR_REVIEW) if 'delete_submission' in self.data.GET: self.check.isBeforeAllWorkStopped() id = self._submissionId() work = GCIWorkSubmission.get_by_id(id, parent=self.data.task) if not work: self.check.fail(DEF_NO_WORK_FOUND %id) time_expired = work.submitted_on - datetime.datetime.now() if work.user.key() != self.data.user.key() or \ time_expired > task_logic.DELETE_EXPIRATION: self.check.fail(DEF_NOT_ALLOWED_TO_DELETE)
def context(self): """Returns the context for the current template. """ context = { 'submissions': self._buildWorkSubmissionContext(), 'download_url': self.data.redirect.id().urlOf('gci_download_work') } task = self.data.task is_owner = task_logic.isOwnerOfTask(task, self.data.ndb_profile) if is_owner: context['send_for_review'] = self.data.work_submissions and \ task.status in SEND_FOR_REVIEW_ALLOWED deleteable = [] if self.data.ndb_user: for work in self.data.work_submissions: work_key = ndb.Key.from_old_key( task_model.GCIWorkSubmission.user.get_value_for_datastore( work)) if work_key == self.data.ndb_user.key: # Ensure that it is the work from the current user in case the task # got re-assigned. time_expired = work.submitted_on - datetime.datetime.now() if time_expired < task_logic.DELETE_EXPIRATION: deleteable.append(work) context['deleteable'] = deleteable if task_logic.canSubmitWork(task, self.data.ndb_profile): if self.data.POST and 'submit_work' in self.data.GET: # File form doesn't have any POST parameters so it should not be # passed while reconstructing the form. So only URL form is # constructed from POST data context['work_url_form'] = WorkSubmissionURLForm( data=self.data.POST) else: context['work_url_form'] = WorkSubmissionURLForm() # As mentioned in the comment above since there is no POST data to # be passed to the file form, it is constructed in the same way # in either cases. context['work_file_form'] = WorkSubmissionFileForm() if self.data.GET.get('file', None) == '0': context['work_file_form'].addFileRequiredError() if self.data.GET.get('ws_error', None) == '1': context['ws_error'] = True url = '%s?submit_work' % (self.data.redirect.id().urlOf( url_names.GCI_VIEW_TASK)) context['direct_post_url'] = url return context
def context(self): """Returns the context for the current template. """ context = { 'submissions': self._buildWorkSubmissionContext(), 'download_url': self.data.redirect.id().urlOf('gci_download_work') } task = self.data.task is_owner = task_logic.isOwnerOfTask(task, self.data.ndb_profile) if is_owner: context['send_for_review'] = self.data.work_submissions and \ task.status in SEND_FOR_REVIEW_ALLOWED deleteable = [] if self.data.ndb_user: for work in self.data.work_submissions: work_key = ndb.Key.from_old_key( task_model.GCIWorkSubmission.user.get_value_for_datastore(work)) if work_key == self.data.ndb_user.key: # Ensure that it is the work from the current user in case the task # got re-assigned. time_expired = work.submitted_on - datetime.datetime.now() if time_expired < task_logic.DELETE_EXPIRATION: deleteable.append(work) context['deleteable'] = deleteable if task_logic.canSubmitWork(task, self.data.ndb_profile): if self.data.POST and 'submit_work' in self.data.GET: # File form doesn't have any POST parameters so it should not be # passed while reconstructing the form. So only URL form is # constructed from POST data context['work_url_form'] = WorkSubmissionURLForm(data=self.data.POST) else: context['work_url_form'] = WorkSubmissionURLForm() # As mentioned in the comment above since there is no POST data to # be passed to the file form, it is constructed in the same way # in either cases. context['work_file_form'] = WorkSubmissionFileForm() if self.data.GET.get('file', None) == '0': context['work_file_form'].addFileRequiredError() if self.data.GET.get('ws_error', None) == '1': context['ws_error'] = True url = '%s?submit_work' % ( self.data.redirect.id().urlOf(url_names.GCI_VIEW_TASK)) context['direct_post_url'] = url return context
def checkAccess(self, data, check, mutator): """Checks whether this task is visible to the public and any other checks if it is a POST request. """ mutator.taskFromKwargs(comments=True, work_submissions=True) data.is_visible = check.isTaskVisible() if task_logic.updateTaskStatus(data.task): # The task logic updated the status of the task since the deadline passed # and the GAE task was late to run. Reload the page. raise exception.Redirect('') if data.request.method == 'POST': # Access checks for the different forms on this page. Note that there # are no elif clauses because one could add multiple GET params :). check.isProfileActive() # Tasks for non-active organizations cannot be touched check.isOrganizationActive(data.task.org) if 'reply' in data.GET: # checks for posting comments # valid tasks and profile are already checked. check.isBeforeAllWorkStopped() check.isCommentingAllowed() if 'submit_work' in data.GET: check.isBeforeAllWorkStopped() if not task_logic.canSubmitWork(data.task, data.ndb_profile): check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK) if 'button' in data.GET: # check for any of the buttons button_name = self._buttonName(data) buttons = {} TaskInformation(data).setButtonControls(buttons) if not buttons.get(button_name): check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name) if 'send_for_review' in data.GET: check.isBeforeAllWorkStopped() if not task_logic.isOwnerOfTask(data.task, data.ndb_profile) or \ not data.work_submissions or \ data.task.status not in TASK_IN_PROGRESS: check.fail(DEF_CANT_SEND_FOR_REVIEW) if 'delete_submission' in data.GET: check.isBeforeAllWorkStopped() task_id = self._submissionId(data) work = work_submission_model.GCIWorkSubmission.get_by_id( task_id, parent=data.task) if not work: check.fail(DEF_NO_WORK_FOUND % id) user_key = ndb.Key.from_old_key( task_model.GCIWorkSubmission.user.get_value_for_datastore( work)) time_expired = work.submitted_on - datetime.datetime.now() if (user_key != data.ndb_user.key or time_expired > task_logic.DELETE_EXPIRATION): check.fail(DEF_NOT_ALLOWED_TO_DELETE)
def checkAccess(self, data, check, mutator): """Checks whether this task is visible to the public and any other checks if it is a POST request. """ mutator.taskFromKwargs(comments=True, work_submissions=True) data.is_visible = check.isTaskVisible() if task_logic.updateTaskStatus(data.task): # The task logic updated the status of the task since the deadline passed # and the GAE task was late to run. Reload the page. raise exception.Redirect('') if data.request.method == 'POST': # Access checks for the different forms on this page. Note that there # are no elif clauses because one could add multiple GET params :). check.isProfileActive() # Tasks for non-active organizations cannot be touched check.isOrganizationActive(data.task.org) if 'reply' in data.GET: # checks for posting comments # valid tasks and profile are already checked. check.isBeforeAllWorkStopped() check.isCommentingAllowed() if 'submit_work' in data.GET: check.isBeforeAllWorkStopped() if not task_logic.canSubmitWork(data.task, data.ndb_profile): check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK) if 'button' in data.GET: # check for any of the buttons button_name = self._buttonName(data) buttons = {} TaskInformation(data).setButtonControls(buttons) if not buttons.get(button_name): check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name) if 'send_for_review' in data.GET: check.isBeforeAllWorkStopped() if not task_logic.isOwnerOfTask(data.task, data.ndb_profile) or \ not data.work_submissions or \ data.task.status not in TASK_IN_PROGRESS: check.fail(DEF_CANT_SEND_FOR_REVIEW) if 'delete_submission' in data.GET: check.isBeforeAllWorkStopped() task_id = self._submissionId(data) work = work_submission_model.GCIWorkSubmission.get_by_id( task_id, parent=data.task) if not work: check.fail(DEF_NO_WORK_FOUND % id) user_key = ndb.Key.from_old_key( task_model.GCIWorkSubmission.user.get_value_for_datastore(work)) time_expired = work.submitted_on - datetime.datetime.now() if (user_key != data.ndb_user.key or time_expired > task_logic.DELETE_EXPIRATION): check.fail(DEF_NOT_ALLOWED_TO_DELETE)