def canStudentUpdateProject(self): """Checks if the student can edit the project details.""" assert access_checker.isSet(self.data.program) assert access_checker.isSet(self.data.timeline) self.isProjectInURLValid() # check if the timeline allows updating project self.isProgramVisible() self.acceptedStudentsAnnounced() # check if the current used is an active student self.isActiveStudent() # check if the project belongs to the current user expected_profile_key = self.data.url_project.parent_key() if expected_profile_key != self.data.ndb_profile.key.to_old_key(): error_msg = access_checker.DEF_ENTITY_DOES_NOT_BELONG_TO_YOU % { 'name': 'project' } raise exception.Forbidden(message=error_msg) # check if the status allows the project to be updated if self.data.url_project.status in ['invalid', 'withdrawn', 'failed']: raise exception.Forbidden( message=access_checker.DEF_CANNOT_UPDATE_ENTITY % {'name': 'project'})
def isStudentForSurvey(self): """Checks if the student can take survey for the project. """ self.isProjectInURLValid() # check if the project belongs to the current user and if so he # can access the survey expected_profile_key = self.data.url_project.parent_key() if expected_profile_key != self.data.ndb_profile.key.to_old_key(): raise exception.Forbidden( message=DEF_STUDENT_EVAL_DOES_NOT_BELONG_TO_YOU) # check if the project is still ongoing if self.data.url_project.status in ['invalid', 'withdrawn']: raise exception.Forbidden( message=DEF_EVAL_NOT_ACCESSIBLE_FOR_PROJECT) # check if the project has failed in a previous evaluation # TODO(Madhu): This still has a problem that when the project fails # in the final evaluation, the users will not be able to access the # midterm evaluation show page. Should be fixed. if (self.data.url_project.status == 'failed' and self.data.url_project.failed_evaluations): failed_evals = db.get(self.data.url_project.failed_evaluations) fe_keynames = [ f.grading_survey_group.grading_survey.key().id_or_name() for f in failed_evals ] if self.data.student_evaluation.key().id_or_name( ) not in fe_keynames: raise exception.Forbidden( message=DEF_FAILED_PREVIOUS_EVAL % (self.data.student_evaluation.short_name.lower()))
def canStudentUpdateProposal(self): """Checks if the student is eligible to submit a proposal. """ self.isActiveStudent() self.isProposalInURLValid() # check if the timeline allows updating proposals # TODO(nathaniel): Yep, this is weird. try: self.studentSignupActive() except exception.UserError: self.canStudentUpdateProposalPostSignup() # check if the proposal belongs to the current user expected_profile_key = self.data.url_proposal.parent_key() if expected_profile_key != self.data.ndb_profile.key.to_old_key(): error_msg = access_checker.DEF_ENTITY_DOES_NOT_BELONG_TO_YOU % { 'name': 'proposal' } raise exception.Forbidden(message=error_msg) # check if the status allows the proposal to be updated status = self.data.url_proposal.status if status == 'ignored': raise exception.Forbidden(message=DEF_PROPOSAL_IGNORED_MESSAGE) elif status in ['invalid', proposal_model.STATUS_ACCEPTED, 'rejected']: raise exception.Forbidden( message=access_checker.DEF_CANNOT_UPDATE_ENTITY % {'name': 'proposal'}) # determine what can be done with the proposal if status == 'new' or status == 'pending': self.data.is_pending = True elif status == 'withdrawn': self.data.is_pending = False
def checkAccess(self, data, check): """See AccessChecker.checkAccess for specification.""" if data.url_ndb_profile.status != profile_model.Status.ACTIVE: raise exception.Forbidden(message=_MESSAGE_NO_URL_PROFILE % data.kwargs['user']) if data.url_ndb_profile.is_student: raise exception.Forbidden(message=_MESSAGE_STUDENTS_DENIED)
def checkAccess(self, data, check): """See AccessChecker.checkAccess for specification.""" if (not data.ndb_profile or data.ndb_profile.status != profile_model.Status.ACTIVE): raise exception.Forbidden(message=_MESSAGE_NO_PROFILE) if data.ndb_profile.is_student: raise exception.Forbidden(message=_MESSAGE_STUDENTS_DENIED)
def checkAccess(self, data, check, mutator): check.isOrgAdminForOrganization( ndb.Key.from_old_key(data.url_org.key())) if not data.timeline.allReviewsStopped(): raise exception.Forbidden( message= 'This page may be accessed when the review period is over')
def canStudentDownloadForms(self): """Checks if the user can download the forms. """ self.isProfileActive() if not (self.data.ndb_profile.is_student and self.data.ndb_profile.student_data.number_of_projects): raise exception.Forbidden(message=DEF_NOT_ALLOWED_TO_DOWNLOAD_FORM)
def checkAccess(self, data, check, mutator): org_key = proposal_model.GSoCProposal.org.get_value_for_datastore( data.url_proposal) check.isOrgAdminForOrganization(org_key) if data.url_proposal.status == 'withdrawn': raise exception.Forbidden( message="You cannot ignore a withdrawn proposal")
def post(self, data, check, mutator): """Handler for POST requests for each component.""" for component in self.components(data): if component.post(): return http.HttpResponse() else: raise exception.Forbidden(message='You cannot change this data')
def isStudentWithProject(self): self.isActiveStudent() if self.data.ndb_profile.student_data.number_of_projects > 0: return raise exception.Forbidden(message=DEF_HAS_NO_PROJECT)
def post(self, data, check, mutator): """See soc.views.base.RequestHandler.post for specification.""" list_content = ProjectList(data) if list_content.post(): return http.HttpResponse() else: raise exception.Forbidden(message='You cannot change this data')
def isStudentSurveyActive(self, survey, student, show_url=None): """Checks if the student survey can be taken by the specified student. Args: survey: a survey entity. student: a student profile entity. show_url: survey show page URL to which the user should be redirected. Raises: exception.Redirect: if the active period is over and URL to redirect is specified. exception.Forbidden: if it is not possible to access survey at this time. """ active_period = survey_logic.getSurveyActivePeriod(survey) if active_period.state != survey_logic.IN_PERIOD_STATE: # try finding a personal extension for the student extension = survey_logic.getPersonalExtension( student.key, survey.key()) active_period = survey_logic.getSurveyActivePeriod( survey, extension=extension) if active_period.state == survey_logic.POST_PERIOD_STATE and show_url: raise exception.Redirect(show_url) if active_period.state != survey_logic.IN_PERIOD_STATE: raise exception.Forbidden( message=DEF_PAGE_INACTIVE_OUTSIDE % (active_period.start, active_period.end))
def isProjectInURLValid(self): """Checks if the project in URL exists. """ if not self.data.url_project: error_msg = DEF_ID_BASED_ENTITY_NOT_EXISTS % { 'model': 'GSoCProject', 'id': self.data.kwargs['id'] } raise exception.Forbidden(message=error_msg) if self.data.url_project.status == 'invalid': error_msg = DEF_ID_BASED_ENTITY_INVALID % { 'model': 'GSoCProject', 'id': self.data.kwargs['id'], } raise exception.Forbidden(message=error_msg)
def post(self, data, check, mutator): """Handler for POST requests.""" proposals_list = ProposalsList(data) if proposals_list.post(): return http.HttpResponse() else: raise exception.Forbidden(message='You cannot change this data')
def jsonContext(self, data, check, mutator): list_content = ProposalsList(data).getListData() if list_content: return list_content.content() else: raise exception.Forbidden( message='You do not have access to this data')
def isProfileActive(self): """Checks if the profile of the current user is active. """ self.hasProfile() if self.data.ndb_profile.status != profile_model.Status.ACTIVE: raise exception.Forbidden(message=DEF_PROFILE_INACTIVE)
def checkAccess(self, data, check): """See AccessChecker.checkAccess for specification.""" if not self._is_ndb: if not data.profile: raise exception.Forbidden(message=_MESSAGE_NO_PROFILE) # good ol' db if data.url_org.key() not in data.profile.org_admin_for: raise exception.Forbidden( message=_MESSAGE_NOT_ORG_ADMIN_FOR_ORG % data.url_org.key().name()) else: if not data.ndb_profile: raise exception.Forbidden(message=_MESSAGE_NO_PROFILE) if data.url_ndb_org.key not in data.ndb_profile.admin_for: raise exception.Forbidden( message=_MESSAGE_NOT_ORG_ADMIN_FOR_ORG % data.url_ndb_org.key.id())
def checkAccess(self, data, check): """See AccessChecker.checkAccess for specification.""" if not data.program: raise exception.NotFound(message=_MESSAGE_PROGRAM_NOT_EXISTING) if (data.program.status != program_model.STATUS_VISIBLE or not data.timeline.programActive()): raise exception.Forbidden(message=_MESSAGE_PROGRAM_NOT_ACTIVE)
def jsonContext(self, data, check, mutator): """See soc.views.base.RequestHandler.jsonContext for full specification.""" list_content = ConversationsList(data).getListData() if list_content: return list_content.content() else: raise exception.Forbidden( message='You do not have access to this data')
def jsonContext(self, data, check, mutator): all_participating_students_list = AllParticipatingStudentsList(data) list_content = all_participating_students_list.getListData() if list_content: return list_content.content() else: raise exception.Forbidden( message='You do not have access to this data')
def jsonContext(self, data, check, mutator): """Handler for JSON requests.""" list_content = ProjectList(data).getListData() if list_content: return list_content.content() else: raise exception.Forbidden( message='You do not have access to this data')
def isProposer(self): """Checks if the current user is the author of the proposal. """ self.isProgramVisible() self.isProfileActive() if self.data.url_ndb_profile.key != self.data.ndb_profile.key: raise exception.Forbidden(message=DEF_NOT_PROPOSER)
def isOrgAdminForOrganization(self, org_key): """Checks if the user is an admin for the specified organiztaion. """ self.isProfileActive() if org_key in self.data.ndb_profile.admin_for: return raise exception.Forbidden(message=DEF_NOT_ADMIN % org_key.id())
def hasProfile(self): """Checks if the user has a profile for the current program. """ self.isLoggedIn() if self.data.ndb_profile: return raise exception.Forbidden(message=DEF_NO_PROFILE)
def jsonContext(self, data, check, mutator): list_query = project_logic.getProjectsQuery(program=data.program) list_content = projects_list.ProjectList( data, list_query, idx=self.LIST_IDX).getListData() if list_content: return list_content.content() else: raise exception.Forbidden( message='You do not have access to this data')
def jsonContext(self, data, check, mutator): """See base.RequestHandler.jsonContext for specification.""" list_content = StudentsList(data.request, data, links.SOC_LINKER, urls.UrlNames).getListData() if list_content: return list_content.content() else: raise exception.Forbidden( message='You do not have access to this data')
def isOrganizationActive(self, organization): """Checks if the specified organization is active. """ if organization.status != 'active': error_msg = DEF_ORG_NOT_ACTIVE % { 'name': organization.name, 'program': self.data.program.name } raise exception.Forbidden(message=error_msg)
def isMentorForOrganization(self, org_key): """Checks if the user is a mentor for the specified organiztaion. """ self.isProfileActive() if org_key in self.data.ndb_profile.mentor_for: return raise exception.Forbidden(message=DEF_NOT_MENTOR % org_key.id())
def isUser(self): """Checks if the current user has an User entity. """ self.isLoggedIn() if self.data.ndb_user: return raise exception.Forbidden(message=DEF_NO_USER_LOGIN)
def isActiveStudent(self): """Checks if the user is an active student. """ self.isProfileActive() if self.data.ndb_profile.student_data: return raise exception.Forbidden(message=DEF_IS_NOT_STUDENT)