def visit(self): if (self.club and self.user): return True #Analyze req path first slug, pathuser = urlconf.analyze(self.request.path) #Get club club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No such club " + slug, '/clubs', 404) #Check user status user = users.get_current_user() if (not user): return errorPage(self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403) #That the one we modify is the path user. if omitted, user current user as target if (pathuser): pathuser = users.User(pathuser) else: pathuser = user #@warning: I don't know is it correct to add access control code here if (not hasClubPrivilige(user, club, 'membership', pathuser.email())): return errorPage(self.response, "Can not access", '/', 403) self.user = user self.club = club self.member = Membership.between(pathuser, club) self.targetUser = pathuser return True
def doDelete(self): if (hasClubPrivilige(self.user, self.club, 'deleteMember', self.targetUser.email())): member = self.member if (member): return member.delete() return False
def editOrCreateRight(self, user, club): if ( (not club.is_saved() and isAccessible (user, "createClub")) #Create or (club.is_saved() and hasClubPrivilige(user, club, "edit")) ): #Edit return True else: errorPage( self.response, "Access Deny For club", users.create_login_url(self.request.uri))#Access Deny return False
def visit(self): if self.club and self.user: return True # Analyze req path first slug, pathuser = urlconf.analyze(self.request.path) # Get club club = Club.getClubBySlug(slug) if not club: return errorPage(self.response, "No such club " + slug, "/clubs", 404) # Check user status user = users.get_current_user() if not user: return errorPage( self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403 ) # That the one we modify is the path user. if omitted, user current user as target if pathuser: pathuser = users.User(pathuser) else: pathuser = user # @warning: I don't know is it correct to add access control code here if not hasClubPrivilige(user, club, "membership", pathuser.email()): return errorPage(self.response, "Can not access", "/", 403) self.user = user self.club = club self.member = Membership.between(pathuser, club) self.targetUser = pathuser return True
def responseClub(self, clubmodel, nickname): templateValues = dict(action=self.request.path, username=nickname, model=clubmodel) if (hasClubPrivilige(users.get_current_user(), clubmodel, "finance" )): templateValues['enableFinance'] = True if (clubmodel.is_saved()): templateValues['oldslug'] = clubmodel.slug self.response.out.write (render(self.template, templateValues, self.request.url) )
def initRequest(self): urlconf = urldict[type(self).__name__] slug, useremail = urlconf.analyze(self.request.path) club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404) user = users.get_current_user() pathuser = user if (useremail): getuser = users.User(useremail) if (getuser): pathuser = getuser if (hasClubPrivilige(user, club, "privGrant", pathuser)): self.user = user self.target = Membership.between(pathuser, club) if (self.target): return True else: return errorPage( self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403) else: return errorPage( self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403)
def checkPrivilige(self): user = get_current_user() if (not user): errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasClubPrivilige(user, self.actobj.club, "newact")): errorPage ( self.response, "Not Authorized to edit", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self): user = get_current_user() if (not user): errorPage(self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasClubPrivilige(user, self.actobj.club, "newact")): errorPage(self.response, "Not Authorized to edit", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def get(self, *args): path = self.request.path slug = lastWordOfUrl(path) if (slug): club = Club.getClubBySlug(slug) if (club): templatevars = dict(club = club ) user = users.get_current_user() membership = Membership.between (user, club) if (membership): templatevars['membership'] = membership elif (user and hasClubPrivilige(user, club, 'join')): #Could Join templatevars['action'] = memberurlconf.path(club.slug, user.email()) templatevars['userName'] = user.nickname() templatevars['userEmail'] = user.email() else: templatevars['loginUrl'] = users.create_login_url(self.request.uri) if (membership and hasClubPrivilige(user, club, 'newAct')): templatevars['newAct'] = urldict['ActivityNew'].path(slug) if (hasClubPrivilige(user, club, "edit")): templatevars['editurl'] = urldict['ClubEdit'].path(club.slug) mq = Membership.all() mq.filter ('club = ', club) memset = [] for mem in mq: if (hasClubPrivilige(user, club, "privGrant")): mem.privEdit = urldict['ClubPrivilige'].path(slug, mem.user.email()) memset.append(mem) templatevars['members'] = memset aq = Activity.all() aq.filter ('club = ', club) avpath = urldict['ActivityView'].path actlist = [] for act in aq: act.linkpath = avpath (act.key().id()) actlist.append (act) templatevars['acts'] = actlist self.response.out.write (render(self.template, templatevars, self.request.url) ) else: self.response.set_status(404) errorPage( self.response, "Club Not Found", listurlconf.path())
def get(self, *args): if self.visit(): club = self.club tempvars = dict( user=self.user, action=urlconf.path(self.club.slug, self.user.email()), member=self.getMember(), club=self.club, cluburl=cvurlconf.path(club.slug), postStatus=self.postStatus, enableFinace=hasClubPrivilige(users.get_current_user(), club, "finance"), ) self.response.out.write(render(self.template, tempvars, self.request.url))
def get(self, *args): if (self.visit()): club = self.club tempvars = dict(user=self.user, action=urlconf.path(self.club.slug, self.user.email()), member=self.getMember(), club=self.club, cluburl=cvurlconf.path(club.slug), postStatus=self.postStatus, enableFinace=hasClubPrivilige( users.get_current_user(), club, "finance")) self.response.out.write( render(self.template, tempvars, self.request.url))
def getPostData(self): member = self.getMember() getval = self.request.get name = getval("name", "") email = getval("email", "") balance = getval("balance", "") member.user = self.targetUser if name: member.name = getval("name", "") elif not member.name: member.name = self.user.nickname() if email: member.email = getval("email", "") elif not member.email: member.email = self.user.email() if balance and hasClubPrivilige(users.get_current_user(), member.club, "finance"): member.balance = balance return member
def getPostData(self): member = self.getMember() getval = self.request.get name = getval('name', '') email = getval('email', '') balance = getval('balance', '') member.user = self.targetUser if (name): member.name = getval('name', '') elif (not member.name): member.name = self.user.nickname() if (email): member.email = getval('email', '') elif (not member.email): member.email = self.user.email() if (balance and hasClubPrivilige(users.get_current_user(), member.club, "finance")): member.balance = balance return member
def initRequest(self): urlconf = urldict[type(self).__name__] slug, useremail = urlconf.analyze(self.request.path) club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404) user = users.get_current_user() pathuser = user if (useremail): getuser = users.User(useremail) if (getuser): pathuser = getuser if (hasClubPrivilige(user, club, "privGrant", pathuser)): self.user = user self.target = Membership.between(pathuser, club) if (self.target): return True else: return errorPage(self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403 ) else: return errorPage(self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403 )
def parsePostdata(self, request, oldslug=''): owner = request.get('owner', users.get_current_user() ) if (not oldslug): oldslug = request.get('oldslug', '') slug = request.get('slug', '') if (not slug): return False name = request.get('name', '') fund = request.get('fund', '') intro = request.get('intro', '') if (oldslug):#in edit mode clubmd = self.makeClubModel(oldslug) else: #Create new model clubmd = self.makeClubModel(slug) clubmd.owner = owner clubmd.slug = slug clubmd.name = name if (hasClubPrivilige(users.get_current_user(), clubmd, "finanace" )): clubmd.fund = fund clubmd.intro = intro return clubmd
def doDelete(self): if hasClubPrivilige(self.user, self.club, "deleteMember", self.targetUser.email()): member = self.member if member: return member.delete() return False