Exemplo n.º 1
0
    def _checkProtection(self):
        if isinstance(self._file.getOwner(), Reviewing):
            selfcopy = copy(self)
            selfcopy._target = self._file.getOwner().getContribution()
            if not (RCContributionPaperReviewingStaff.hasRights(selfcopy) or \
                selfcopy._target.canUserSubmit(self.getAW().getUser()) or \
                self._target.canModify( self.getAW() )):
                raise AccessError()
        elif isinstance(self._file.getOwner(), Registrant) and \
             not self._file.getOwner().canUserModify(self.getAW().getUser()):
            raise AccessError(_("Access to this resource is forbidden."))

        else:
            RHDisplayBaseProtected._checkProtection(self)
Exemplo n.º 2
0
 def _checkParams(self, params):
     RHRegistrationFormDisplayBase._checkParams(self, params)
     self._registrant=None
     regId=params.get("registrantId",None)
     self._authkey=params.get("authkey","")
     if regId is not None:
         self._registrant=self._conf.getRegistrantById(regId)
         if self._registrant.getRandomId() != self._authkey or self._authkey == "":
             raise AccessError("You are not authorized to access this web page")
Exemplo n.º 3
0
 def _checkProtection( self ):
     if isinstance(self._file.getOwner(), Reviewing):
         selfcopy = copy(self)
         selfcopy._target = self._file.getOwner().getContribution()
         if not (RCContributionPaperReviewingStaff.hasRights(selfcopy) or \
             selfcopy._target.canUserSubmit(self.getAW().getUser()) or \
             self._target.canModify( self.getAW() )):
             raise AccessError()
     else:
         RHDisplayBaseProtected._checkProtection( self )
Exemplo n.º 4
0
 def _checkSessionUser(self):
     user = self._getUser()
     if user == None:
         self._redirect(self._getLoginURL())
         self._doProcess = False
     else:
         try:
             if PluginsHolder().getPluginType("RoomBooking").isActive():
                 if not rb_check_user_access(user):
                     raise AccessError()
         except KeyError:
             pass
Exemplo n.º 5
0
 def _checkProtection(self):
     if isinstance(self._target, Conference):
         event = self._target.as_event
         can_access = event.can_access(session.user)
         if not can_access and event.access_key:
             raise KeyAccessError()
     else:
         can_access = self._target.canAccess(self.getAW())
     if can_access:
         return
     elif self._getUser() is None:
         self._checkSessionUser()
     else:
         raise AccessError()
Exemplo n.º 6
0
 def _checkParams(self, params):
     RHRegistrationFormDisplayBase._checkParams(self, params)
     self._registrant = None
     self._registrant_id = params.get('registrantId', None)
     self._authkey = None
     if self._registrant_id:
         self._registrant = self._conf.getRegistrantById(self._registrant_id)
         if self._registrant is None:
             raise NotFoundError(_("The registrant with id {} does not exist or has been deleted")
                                 .format(self._registrant_id))
         self._authkey = params.get('authkey', '')
         if self._registrant.getRandomId() != self._authkey or self._authkey == '':
             raise AccessError()
     elif session.avatar:
         self._registrant = session.avatar.getRegistrantById(self._conf.getId())
Exemplo n.º 7
0
 def _checkProtection(self):
     if not self._target.canAccess(self.getAW()):
         from MaKaC.conference import Link, LocalFile, Category
         if isinstance(self._target, Link) or isinstance(
                 self._target, LocalFile):
             target = self._target.getOwner()
         else:
             target = self._target
         if not isinstance(self._target, Category) and target.isProtected():
             if target.getAccessKey() != "" or target.getConference(
             ) and target.getConference().getAccessKey() != "":
                 raise KeyAccessError()
         if self._getUser() == None:
             self._checkSessionUser()
         else:
             raise AccessError()
Exemplo n.º 8
0
    def _checkProtection(self):
        if self._getUser() == None:
            self._checkSessionUser()
        categNoAccess = []

        for item in self._categList:
            if not item.canAccess(self.getAW()):
                categNoAccess.append(item)
                self._categList.remove(item)
        if len(self._categList) > 0:
            self._target = self._categList
            self._categ = self._categList[0]
        else:
            # 'categNoAccess' is necessary in order to be able to retrieve the
            # 'Contact Info' from all categs the user has no access (see WAccessError)
            self._target = categNoAccess
            raise AccessError()
Exemplo n.º 9
0
 def _checkProtection(self):
     if not self._target.canAccess(self.getAW()):
         from MaKaC.conference import Resource, Category
         if isinstance(self._target, Resource):
             target = self._target.getOwner()
         else:
             target = self._target
         if not isinstance(self._target, Category) and target.isProtected():
             if target.getAccessKey() != "" or target.getConference() and \
                     target.getConference().getAccessKey() != "":
                 raise KeyAccessError()
             elif target.getModifKey() != "" or target.getConference() and \
                     target.getConference().getModifKey() != "":
                 raise ModificationError()
         if self._getUser() is None:
             self._checkSessionUser()
         else:
             raise AccessError()
Exemplo n.º 10
0
 def _checkSessionUser(self):
     user = self._getUser()
     if user == None:
         self._redirect(self._getLoginURL())
         self._doProcess = False
     else:
         try:
             if PluginsHolder().getPluginType("RoomBooking").isActive():
                 if not AdminList.getInstance().isAdmin(
                         user) and PluginsHolder().getPluginType(
                             "RoomBooking").getOption(
                                 "AuthorisedUsersGroups").getValue() != []:
                     authenticatedUser = False
                     for entity in PluginsHolder().getPluginType(
                             "RoomBooking").getOption(
                                 "AuthorisedUsersGroups").getValue():
                         if isinstance(entity, Group) and entity.containsUser(user) or \
                            isinstance(entity, Avatar) and entity == user:
                             authenticatedUser = True
                             break
                     if not authenticatedUser:
                         raise AccessError()
         except KeyError:
             pass
Exemplo n.º 11
0
 def _checkParams(self, params):
     RHRegistrationFormRegistrantBase._checkParams(self, params)
     self._authkey = params.get("authkey", "")
     if self._registrant.getRandomId(
     ) != self._authkey or self._authkey == "":
         raise AccessError("You are not authorized to access this web page")
Exemplo n.º 12
0
 def _checkProtection(self):
     if session.user is None:
         self._checkSessionUser()
     elif not rb_is_admin(session.user):
         raise AccessError("You are not authorized to take this action.")
Exemplo n.º 13
0
 def _checkProtection(self):
     if self._getUser() is None:
         self._checkSessionUser()
     elif not self._getUser().isRBAdmin():
         raise AccessError("You are not authorized to take this action.")
Exemplo n.º 14
0
 def _checkProtection(self):
     RHUserBase._checkProtection(self)
     if not self._getUser().isAdmin():
         raise AccessError()
Exemplo n.º 15
0
 def _checkProtection(self):
     RHUserBase._checkProtection(self)
     ak = self._avatar.getAPIKey()
     if ak and ak.isBlocked():
         raise AccessError()
Exemplo n.º 16
0
 def _checkProtection( self ):
     if self._getUser() is None or self._registrant is None or (self._registrant.getAvatar().getId() != self._getUser().getId()):
        raise AccessError("Indico cannot display epayment information without being logged in")