def editOrCreateRight(self, user, club): if ( (not club.is_saved() and isAccessible (user, "createClub")) #Create or (club.is_saved() and hasClubPrivilige(user, club, "edit")) ): #Edit return True else: errorPage( self.response, "Access Deny For club", users.create_login_url(self.request.uri))#Access Deny return False
def visit(self):
if self.club and self.user:
return True
# Analyze req path first
slug, pathuser = urlconf.analyze(self.request.path)
# Get club
club = Club.getClubBySlug(slug)
if not club:
return errorPage(self.response, "No such club " + slug, "/clubs", 404)
# Check user status
user = users.get_current_user()
if not user:
return errorPage(
self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403
)
# That the one we modify is the path user. if omitted, user current user as target
if pathuser:
pathuser = users.User(pathuser)
else:
pathuser = user
# @warning: I don't know is it correct to add access control code here
if not hasClubPrivilige(user, club, "membership", pathuser.email()):
return errorPage(self.response, "Can not access", "/", 403)
self.user = user
self.club = club
self.member = Membership.between(pathuser, club)
self.targetUser = pathuser
return True
def visit(self):
if (self.club and self.user):
return True
#Analyze req path first
slug, pathuser = urlconf.analyze(self.request.path)
#Get club
club = Club.getClubBySlug(slug)
if (not club):
return errorPage(self.response, "No such club " + slug, '/clubs',
404)
#Check user status
user = users.get_current_user()
if (not user):
return errorPage(self.response, "User not login",
users.create_login_url(self.request.uri),
self.response, 403)
#That the one we modify is the path user. if omitted, user current user as target
if (pathuser):
pathuser = users.User(pathuser)
else:
pathuser = user
#@warning: I don't know is it correct to add access control code here
if (not hasClubPrivilige(user, club, 'membership', pathuser.email())):
return errorPage(self.response, "Can not access", '/', 403)
self.user = user
self.club = club
self.member = Membership.between(pathuser, club)
self.targetUser = pathuser
return True
def initRequest(self):
urlconf = urldict[type(self).__name__]
slug, useremail = urlconf.analyze(self.request.path)
club = Club.getClubBySlug(slug)
if (not club):
return errorPage(self.response, "No Such Club: '%s'" % slug,
urldict['ClubList'].path(), 404)
user = users.get_current_user()
pathuser = user
if (useremail):
getuser = users.User(useremail)
if (getuser):
pathuser = getuser
if (hasClubPrivilige(user, club, "privGrant", pathuser)):
self.user = user
self.target = Membership.between(pathuser, club)
if (self.target):
return True
else:
return errorPage(
self.response,
"User %s is not a member of club %s" % (pathuser, slug),
urldict['ClubView'].path(slug), 403)
else:
return errorPage(
self.response,
"Access Deny For Privilige Grant Operation on Club %s, to user %s"
% (slug, pathuser), urldict['ClubView'].path(slug), 403)
def checkPrivilige(self): user = get_current_user() if (not user): errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasActPrivilige(user, self.actobj, self.actOperation)): errorPage ( self.response, "Not authorrized", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self): user = get_current_user() if (not user): errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasClubPrivilige(user, self.actobj.club, "newact")): errorPage ( self.response, "Not Authorized to edit", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self):
user = get_current_user()
if (not user):
errorPage(self.response, "Not login",
create_login_url(self.request.url), 403)
return False
if (not hasActPrivilige(user, self.actobj, self.actOperation)):
errorPage(self.response, "Not authorrized",
urldict['ClubView'].path(self.actobj.club.slug), 403)
return False
return True
def checkPrivilige(self):
user = get_current_user()
if (not user):
errorPage(self.response, "Not login",
create_login_url(self.request.url), 403)
return False
if (not hasClubPrivilige(user, self.actobj.club, "newact")):
errorPage(self.response, "Not Authorized to edit",
urldict['ClubView'].path(self.actobj.club.slug), 403)
return False
return True
def get(self, *args):
if (isAccessible('', 'listClubs')):
clubs = Club.all()
vars = dict (clubs=Club.all(), cluburl=viewurlconf.path('')[:-1])
if (isAccessible('', 'createClub')):
nowdt = datetime.now()
newslug = "newclb_%d%d%d%d%d%d%d" % (nowdt.year, nowdt.month, nowdt.day, nowdt.hour, nowdt.minute, nowdt.second, nowdt.microsecond)
newcluburl = editurlconf.path(newslug)
vars['newcluburl'] = newcluburl
self.response.out.write (render(self.template, vars, self.request.url) )
else:
errorPage( self.response, "Not Accessible", users.create_login_url(self.request.uri))
def post(self, *args):
actobj = self.getActModel()
if (actobj):
self.actobj = actobj
if (self.checkPrivilige()):
if (self.request.get ('delete', False)):
actobj.delete()
return infoPage (self.response, "Successful deleted", "Deleted Activity %s" % actobj.name, "/")
self.updateObject(actobj)
key = actobj.put()
if (key):
return errorPage( self.response, "Successfully storing this Activity", urldict['ActivityView'].path(key.id()), 200)
else:
return errorPage( self.response, "Error while storing this Activity", urldict['ActivityEdit'].path(actobj.key().id()), 501)
else:
return errorPage( self.response, "No such Activity", urldict['ClubList'].path(), 404)
def post(self, *args):
urlcfg = urldict['ActivityParticipate']
id, oper = urlcfg.analyze(self.request.path)
id = int(id)
actobj = self.getActModel(id)
if (not actobj):
return errorPage (self.response, urldict['ClubList'].path(), "No such activity", 404 )
user = get_current_user();
if (not user):
return errorPage ( self.response, "Not login", create_login_url(self.request.url), 403)
target = self.request.get ('target')
cluburl = urldict['ClubView'].path(actobj.club.slug)
if (not hasActPrivilige(user, actobj, oper,target) ):
return errorPage ( self.response, "Can not access", cluburl, 403)
if (target):
targetUser = User(target)
if(not targetUser):
return errorPage ( self.response, "Illegal access", cluburl, 403)
else: #if target omitted, use current user as target
targetUser = user
mem = Membership.between (targetUser, actobj.club)
if (not mem):
return errorPage ( self.response, "Not a member", cluburl, 403)
acturl = urldict['ActivityView'].path(id)
if (oper == 'join'):
actp = ActivityParticipator.between (mem, actobj)
if (not actp):
actp = ActivityParticipator(member = mem, activity = actobj)
actp.put()
return infoPage (self.response, "Successfully Joined", "%s has join activity %s" % (mem.name, actobj.name), acturl)
elif (oper == 'quit'):
actp = ActivityParticipator.between(mem, actobj)
if (actp):
if (actp.confirmed):
return errorPage ( self.response, "Cannot delete confirmed participator", acturl, 403)
else:
actp.delete()
return infoPage (self.response, "Successfully Quited", "%s success quit activity %s" % (mem.name, actobj.name), acturl)
elif (oper == 'confirm'):
actp = ActivityParticipator.between(mem, actobj)
if (actp):
actp.confirmed = not actp.confirmed
actp.put()
return infoPage (self.response, "Successfully Confirmed", "success confirmed %s join activity %s" % (mem.name, actobj.name), acturl)
else:
return errorPage ( self.response, "No Such a Member", acturl, 404)
elif (oper == 'bill' or oper == "rebill"):
billobj = ActivityBill.generateBill(actobj, oper == "rebill")#If in rebill operation, we could enable rebill
if (billobj):
billobj.put()
billDict = dict(billobj = billobj)
return infoPage (self.response, "Successfully Billded", str(billobj.memberBill), acturl)
else:
return errorPage (self.response, "Error Will Generate Bill", acturl, 501)
def get(self, *args): actobj = self.getActModel() if (actobj): self.actobj = actobj if (self.checkPrivilige()): self.response.out.write (self.makeResponseText(actobj)) else: return else: return errorPage( self.response, "No such Activity", urldict['ClubList'].path(), 404)
def get(self, *args):
actobj = self.getActModel()
if (actobj):
self.actobj = actobj
if (self.checkPrivilige()):
self.response.out.write(self.makeResponseText(actobj))
else:
return
else:
return errorPage(self.response, "No such Activity",
urldict['ClubList'].path(), 404)
def get(self, *args):
path = self.request.path
slug = lastWordOfUrl(path)
if (slug):
club = Club.getClubBySlug(slug)
if (club):
templatevars = dict(club = club )
user = users.get_current_user()
membership = Membership.between (user, club)
if (membership):
templatevars['membership'] = membership
elif (user and hasClubPrivilige(user, club, 'join')): #Could Join
templatevars['action'] = memberurlconf.path(club.slug, user.email())
templatevars['userName'] = user.nickname()
templatevars['userEmail'] = user.email()
else:
templatevars['loginUrl'] = users.create_login_url(self.request.uri)
if (membership and hasClubPrivilige(user, club, 'newAct')):
templatevars['newAct'] = urldict['ActivityNew'].path(slug)
if (hasClubPrivilige(user, club, "edit")):
templatevars['editurl'] = urldict['ClubEdit'].path(club.slug)
mq = Membership.all()
mq.filter ('club = ', club)
memset = []
for mem in mq:
if (hasClubPrivilige(user, club, "privGrant")):
mem.privEdit = urldict['ClubPrivilige'].path(slug, mem.user.email())
memset.append(mem)
templatevars['members'] = memset
aq = Activity.all()
aq.filter ('club = ', club)
avpath = urldict['ActivityView'].path
actlist = []
for act in aq:
act.linkpath = avpath (act.key().id())
actlist.append (act)
templatevars['acts'] = actlist
self.response.out.write (render(self.template, templatevars, self.request.url) )
else:
self.response.set_status(404)
errorPage( self.response, "Club Not Found", listurlconf.path())
def initRequest(self): urlconf = urldict[type(self).__name__] slug, useremail = urlconf.analyze(self.request.path) club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404) user = users.get_current_user() pathuser = user if (useremail): getuser = users.User(useremail) if (getuser): pathuser = getuser if (hasClubPrivilige(user, club, "privGrant", pathuser)): self.user = user self.target = Membership.between(pathuser, club) if (self.target): return True else: return errorPage(self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403 ) else: return errorPage(self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403 )
def get(self, *args): stat, user = self.accessControl() if (not stat): return errorPage( self.response, "User %s Not Log in" % user, users.create_login_url(self.request.uri)) if (self.clubmodel): clubmd=self.clubmodel else: clubmd = self.makeClubModel(self.analyzePath()) if (not clubmd.is_saved()): clubmd.owner = user if (self.editOrCreateRight(user, clubmd)): self.responseClub (clubmd, user.nickname())
def post(self, *args):
actobj = self.getActModel()
if (actobj):
self.actobj = actobj
if (self.checkPrivilige()):
if (self.request.get('delete', False)):
actobj.delete()
return infoPage(self.response, "Successful deleted",
"Deleted Activity %s" % actobj.name, "/")
self.updateObject(actobj)
key = actobj.put()
if (key):
return errorPage(self.response,
"Successfully storing this Activity",
urldict['ActivityView'].path(key.id()),
200)
else:
return errorPage(
self.response, "Error while storing this Activity",
urldict['ActivityEdit'].path(actobj.key().id()), 501)
else:
return errorPage(self.response, "No such Activity",
urldict['ClubList'].path(), 404)
def post(self, *args):
urlcfg = urldict['ActivityParticipate']
id, oper = urlcfg.analyze(self.request.path)
id = int(id)
actobj = self.getActModel(id)
if (not actobj):
return errorPage(self.response, urldict['ClubList'].path(),
"No such activity", 404)
user = get_current_user()
if (not user):
return errorPage(self.response, "Not login",
create_login_url(self.request.url), 403)
target = self.request.get('target')
cluburl = urldict['ClubView'].path(actobj.club.slug)
if (not hasActPrivilige(user, actobj, oper, target)):
return errorPage(self.response, "Can not access", cluburl, 403)
if (target):
targetUser = User(target)
if (not targetUser):
return errorPage(self.response, "Illegal access", cluburl, 403)
else: #if target omitted, use current user as target
targetUser = user
mem = Membership.between(targetUser, actobj.club)
if (not mem):
return errorPage(self.response, "Not a member", cluburl, 403)
acturl = urldict['ActivityView'].path(id)
if (oper == 'join'):
actp = ActivityParticipator.between(mem, actobj)
if (not actp):
actp = ActivityParticipator(member=mem, activity=actobj)
actp.put()
return infoPage(
self.response, "Successfully Joined",
"%s has join activity %s" % (mem.name, actobj.name), acturl)
elif (oper == 'quit'):
actp = ActivityParticipator.between(mem, actobj)
if (actp):
if (actp.confirmed):
return errorPage(self.response,
"Cannot delete confirmed participator",
acturl, 403)
else:
actp.delete()
return infoPage(
self.response, "Successfully Quited",
"%s success quit activity %s" % (mem.name, actobj.name),
acturl)
elif (oper == 'confirm'):
actp = ActivityParticipator.between(mem, actobj)
if (actp):
actp.confirmed = not actp.confirmed
actp.put()
return infoPage(
self.response, "Successfully Confirmed",
"success confirmed %s join activity %s" %
(mem.name, actobj.name), acturl)
else:
return errorPage(self.response, "No Such a Member", acturl,
404)
elif (oper == 'bill' or oper == "rebill"):
billobj = ActivityBill.generateBill(
actobj, oper ==
"rebill") #If in rebill operation, we could enable rebill
if (billobj):
billobj.put()
billDict = dict(billobj=billobj)
return infoPage(self.response, "Successfully Billded",
str(billobj.memberBill), acturl)
else:
return errorPage(self.response, "Error Will Generate Bill",
acturl, 501)
