Exemplo n.º 1
0
    def visit(self):
        if (self.club and self.user):
            return True
        #Analyze req path first
        slug, pathuser = urlconf.analyze(self.request.path)
        #Get club
        club = Club.getClubBySlug(slug)
        if (not club):
            return errorPage(self.response, "No such club " + slug, '/clubs',
                             404)

        #Check user status
        user = users.get_current_user()
        if (not user):
            return errorPage(self.response, "User not login",
                             users.create_login_url(self.request.uri),
                             self.response, 403)

        #That the one we modify is the path user. if omitted, user current user as target
        if (pathuser):
            pathuser = users.User(pathuser)
        else:
            pathuser = user
        #@warning: I don't know is it correct to add access control code here
        if (not hasClubPrivilige(user, club, 'membership', pathuser.email())):
            return errorPage(self.response, "Can not access", '/', 403)
        self.user = user
        self.club = club
        self.member = Membership.between(pathuser, club)
        self.targetUser = pathuser
        return True
Exemplo n.º 2
0
 def doDelete(self):
     if (hasClubPrivilige(self.user, self.club, 'deleteMember',
                          self.targetUser.email())):
         member = self.member
         if (member):
             return member.delete()
     return False
Exemplo n.º 3
0
	def editOrCreateRight(self, user, club):
		if ( (not club.is_saved() and isAccessible (user, "createClub"))  #Create
				or (club.is_saved() and hasClubPrivilige(user, club, "edit")) ): #Edit
			return True
		else:
			errorPage( self.response,  "Access Deny For club",   users.create_login_url(self.request.uri))#Access Deny
			return False
Exemplo n.º 4
0
    def visit(self):
        if self.club and self.user:
            return True
            # Analyze req path first
        slug, pathuser = urlconf.analyze(self.request.path)
        # Get club
        club = Club.getClubBySlug(slug)
        if not club:
            return errorPage(self.response, "No such club " + slug, "/clubs", 404)

            # Check user status
        user = users.get_current_user()
        if not user:
            return errorPage(
                self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403
            )

            # That the one we modify is the path user. if omitted, user current user as target
        if pathuser:
            pathuser = users.User(pathuser)
        else:
            pathuser = user
            # @warning: I don't know is it correct to add access control code here
        if not hasClubPrivilige(user, club, "membership", pathuser.email()):
            return errorPage(self.response, "Can not access", "/", 403)
        self.user = user
        self.club = club
        self.member = Membership.between(pathuser, club)
        self.targetUser = pathuser
        return True
Exemplo n.º 5
0
	def responseClub(self, clubmodel, nickname):
		templateValues = dict(action=self.request.path, username=nickname, model=clubmodel)
		if (hasClubPrivilige(users.get_current_user(), clubmodel, "finance" )):
			templateValues['enableFinance'] = True
		if (clubmodel.is_saved()):
			templateValues['oldslug'] = clubmodel.slug
		self.response.out.write (render(self.template, templateValues, self.request.url) )
Exemplo n.º 6
0
 def initRequest(self):
     urlconf = urldict[type(self).__name__]
     slug, useremail = urlconf.analyze(self.request.path)
     club = Club.getClubBySlug(slug)
     if (not club):
         return errorPage(self.response, "No Such Club: '%s'" % slug,
                          urldict['ClubList'].path(), 404)
     user = users.get_current_user()
     pathuser = user
     if (useremail):
         getuser = users.User(useremail)
         if (getuser):
             pathuser = getuser
     if (hasClubPrivilige(user, club, "privGrant", pathuser)):
         self.user = user
         self.target = Membership.between(pathuser, club)
         if (self.target):
             return True
         else:
             return errorPage(
                 self.response,
                 "User %s is not a member of club %s" % (pathuser, slug),
                 urldict['ClubView'].path(slug), 403)
     else:
         return errorPage(
             self.response,
             "Access Deny For Privilige Grant Operation on Club %s, to user %s"
             % (slug, pathuser), urldict['ClubView'].path(slug), 403)
Exemplo n.º 7
0
	def checkPrivilige(self):
		user = get_current_user()
		if (not user):
			errorPage ( self.response,  "Not login",   create_login_url(self.request.url),   403)
			return False
		if (not hasClubPrivilige(user, self.actobj.club, "newact")):
			errorPage ( self.response,  "Not Authorized to edit",   urldict['ClubView'].path(self.actobj.club.slug),   403)
			return False
		return True
Exemplo n.º 8
0
 def checkPrivilige(self):
     user = get_current_user()
     if (not user):
         errorPage(self.response, "Not login",
                   create_login_url(self.request.url), 403)
         return False
     if (not hasClubPrivilige(user, self.actobj.club, "newact")):
         errorPage(self.response, "Not Authorized to edit",
                   urldict['ClubView'].path(self.actobj.club.slug), 403)
         return False
     return True
Exemplo n.º 9
0
	def get(self, *args):
		path = self.request.path
		slug = lastWordOfUrl(path)
		if (slug):
			club = Club.getClubBySlug(slug)
		if (club):
			templatevars = dict(club = club )
			user = users.get_current_user()
			membership = Membership.between (user, club)
			if (membership):
				templatevars['membership'] = membership
			elif (user and hasClubPrivilige(user, club, 'join')): #Could Join
				templatevars['action'] = memberurlconf.path(club.slug, user.email())
				templatevars['userName'] = user.nickname()
				templatevars['userEmail'] = user.email()
			else:
				templatevars['loginUrl'] = users.create_login_url(self.request.uri)
			if (membership and hasClubPrivilige(user, club, 'newAct')):
				templatevars['newAct'] = urldict['ActivityNew'].path(slug)
			if (hasClubPrivilige(user, club, "edit")):
				templatevars['editurl'] = urldict['ClubEdit'].path(club.slug)
			mq = Membership.all()
			mq.filter ('club = ', club)
			memset = []
			for mem in mq:
				if (hasClubPrivilige(user, club, "privGrant")):
					mem.privEdit = urldict['ClubPrivilige'].path(slug, mem.user.email())
				memset.append(mem)
			templatevars['members'] = memset
			aq = Activity.all()
			aq.filter ('club = ', club)
			avpath = urldict['ActivityView'].path
			actlist = []
			for act in aq:
				act.linkpath = avpath (act.key().id())
				actlist.append (act)
			templatevars['acts'] = actlist
			self.response.out.write (render(self.template, templatevars, self.request.url) )
		else:
			self.response.set_status(404)
			errorPage( self.response,  "Club Not Found",   listurlconf.path())
Exemplo n.º 10
0
 def get(self, *args):
     if self.visit():
         club = self.club
         tempvars = dict(
             user=self.user,
             action=urlconf.path(self.club.slug, self.user.email()),
             member=self.getMember(),
             club=self.club,
             cluburl=cvurlconf.path(club.slug),
             postStatus=self.postStatus,
             enableFinace=hasClubPrivilige(users.get_current_user(), club, "finance"),
         )
         self.response.out.write(render(self.template, tempvars, self.request.url))
Exemplo n.º 11
0
 def get(self, *args):
     if (self.visit()):
         club = self.club
         tempvars = dict(user=self.user,
                         action=urlconf.path(self.club.slug,
                                             self.user.email()),
                         member=self.getMember(),
                         club=self.club,
                         cluburl=cvurlconf.path(club.slug),
                         postStatus=self.postStatus,
                         enableFinace=hasClubPrivilige(
                             users.get_current_user(), club, "finance"))
         self.response.out.write(
             render(self.template, tempvars, self.request.url))
Exemplo n.º 12
0
    def getPostData(self):
        member = self.getMember()
        getval = self.request.get
        name = getval("name", "")
        email = getval("email", "")
        balance = getval("balance", "")

        member.user = self.targetUser
        if name:
            member.name = getval("name", "")
        elif not member.name:
            member.name = self.user.nickname()
        if email:
            member.email = getval("email", "")
        elif not member.email:
            member.email = self.user.email()
        if balance and hasClubPrivilige(users.get_current_user(), member.club, "finance"):
            member.balance = balance
        return member
Exemplo n.º 13
0
    def getPostData(self):
        member = self.getMember()
        getval = self.request.get
        name = getval('name', '')
        email = getval('email', '')
        balance = getval('balance', '')

        member.user = self.targetUser
        if (name):
            member.name = getval('name', '')
        elif (not member.name):
            member.name = self.user.nickname()
        if (email):
            member.email = getval('email', '')
        elif (not member.email):
            member.email = self.user.email()
        if (balance and hasClubPrivilige(users.get_current_user(), member.club,
                                         "finance")):
            member.balance = balance
        return member
Exemplo n.º 14
0
	def initRequest(self):
		urlconf = urldict[type(self).__name__]
		slug, useremail = urlconf.analyze(self.request.path)
		club = Club.getClubBySlug(slug)
		if (not club):
			return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404)
		user = users.get_current_user()
		pathuser = user
		if (useremail):
			getuser = users.User(useremail)
			if (getuser):
				pathuser = getuser
		if (hasClubPrivilige(user, club, "privGrant", pathuser)):
			self.user = user
			self.target = Membership.between(pathuser, club)
			if (self.target):
				return True
			else:
				return errorPage(self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403 )
		else:
			return errorPage(self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403 )
Exemplo n.º 15
0
	def parsePostdata(self, request, oldslug=''):
		owner = request.get('owner', users.get_current_user() )
		if (not oldslug):
			oldslug = request.get('oldslug', '')
		slug = request.get('slug', '')
		if (not slug):
			return False
		name = request.get('name', '')
		fund = request.get('fund', '')
		intro = request.get('intro', '')
		if (oldslug):#in edit mode
			clubmd = self.makeClubModel(oldslug)
		else:        #Create new model
			clubmd = self.makeClubModel(slug)
		clubmd.owner = owner
		clubmd.slug = slug
		clubmd.name = name
		if (hasClubPrivilige(users.get_current_user(), clubmd, "finanace" )):
			clubmd.fund = fund
		clubmd.intro = intro
		return clubmd
Exemplo n.º 16
0
 def doDelete(self):
     if hasClubPrivilige(self.user, self.club, "deleteMember", self.targetUser.email()):
         member = self.member
         if member:
             return member.delete()
     return False