Exemplo n.º 1
0
  def checkAccess(self):
    """Checks whether this task is visible to the public and any other checks
    if it is a POST request.
    """
    self.mutator.taskFromKwargs(comments=True, work_submissions=True)
    self.data.is_visible = self.check.isTaskVisible()

    if task_logic.updateTaskStatus(self.data.task):
      # The task logic updated the status of the task since the deadline passed
      # and the GAE task was late to run. Reload the page.
      raise RedirectRequest('')

    if self.request.method == 'POST':
      # Access checks for the different forms on this page. Note that there
      # are no elif clauses because one could add multiple GET params :).
      self.check.isProfileActive()

      if 'reply' in self.data.GET:
        # checks for posting comments
        # valid tasks and profile are already checked.
        self.check.isBeforeAllWorkStopped()
        self.check.isCommentingAllowed()

      if 'submit_work' in self.data.GET:
        self.check.isBeforeAllWorkStopped()
        if not task_logic.canSubmitWork(self.data.task, self.data.profile):
          self.check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)

      if 'button' in self.data.GET:
        # check for any of the buttons
        button_name = self._buttonName()

        buttons = {}
        TaskInformation(self.data).setButtonControls(buttons)
        if not buttons.get(button_name):
          self.check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)

      if 'send_for_review' in self.data.GET:
        self.check.isBeforeAllWorkStopped()
        if not task_logic.isOwnerOfTask(self.data.task, self.data.profile) or \
            not self.data.work_submissions:
          self.check.fail(DEF_CANT_SEND_FOR_REVIEW)

      if 'delete_submission' in self.data.GET:
        self.check.isBeforeAllWorkStopped()
        id = self._submissionId()
        work = GCIWorkSubmission.get_by_id(id, parent=self.data.task)

        if not work:
          self.check.fail(DEF_NO_WORK_FOUND %id)

        time_expired = work.submitted_on - datetime.datetime.now()
        if work.user.key() != self.data.user.key() or \
            time_expired > task_logic.DELETE_EXPIRATION:
          self.check.fail(DEF_NOT_ALLOWED_TO_DELETE)
Exemplo n.º 2
0
    def context(self):
        """Returns the context for the current template.
    """
        context = {
            'submissions': self._buildWorkSubmissionContext(),
            'download_url': self.data.redirect.id().urlOf('gci_download_work')
        }

        task = self.data.task
        is_owner = task_logic.isOwnerOfTask(task, self.data.ndb_profile)

        if is_owner:
            context['send_for_review'] = self.data.work_submissions and \
                task.status in SEND_FOR_REVIEW_ALLOWED

        deleteable = []
        if self.data.ndb_user:
            for work in self.data.work_submissions:
                work_key = ndb.Key.from_old_key(
                    task_model.GCIWorkSubmission.user.get_value_for_datastore(
                        work))
                if work_key == self.data.ndb_user.key:
                    # Ensure that it is the work from the current user in case the task
                    # got re-assigned.
                    time_expired = work.submitted_on - datetime.datetime.now()
                    if time_expired < task_logic.DELETE_EXPIRATION:
                        deleteable.append(work)
        context['deleteable'] = deleteable

        if task_logic.canSubmitWork(task, self.data.ndb_profile):
            if self.data.POST and 'submit_work' in self.data.GET:
                # File form doesn't have any POST parameters so it should not be
                # passed while reconstructing the form. So only URL form is
                # constructed from POST data
                context['work_url_form'] = WorkSubmissionURLForm(
                    data=self.data.POST)
            else:
                context['work_url_form'] = WorkSubmissionURLForm()

            # As mentioned in the comment above since there is no POST data to
            # be passed to the file form, it is constructed in the same way
            # in either cases.
            context['work_file_form'] = WorkSubmissionFileForm()
            if self.data.GET.get('file', None) == '0':
                context['work_file_form'].addFileRequiredError()

            if self.data.GET.get('ws_error', None) == '1':
                context['ws_error'] = True

            url = '%s?submit_work' % (self.data.redirect.id().urlOf(
                url_names.GCI_VIEW_TASK))
            context['direct_post_url'] = url

        return context
Exemplo n.º 3
0
  def context(self):
    """Returns the context for the current template.
    """
    context = {
        'submissions': self._buildWorkSubmissionContext(),
        'download_url': self.data.redirect.id().urlOf('gci_download_work')
        }

    task = self.data.task
    is_owner = task_logic.isOwnerOfTask(task, self.data.ndb_profile)

    if is_owner:
      context['send_for_review'] = self.data.work_submissions and \
          task.status in SEND_FOR_REVIEW_ALLOWED

    deleteable = []
    if self.data.ndb_user:
      for work in self.data.work_submissions:
        work_key = ndb.Key.from_old_key(
            task_model.GCIWorkSubmission.user.get_value_for_datastore(work))
        if work_key == self.data.ndb_user.key:
          # Ensure that it is the work from the current user in case the task
          # got re-assigned.
          time_expired = work.submitted_on - datetime.datetime.now()
          if time_expired < task_logic.DELETE_EXPIRATION:
            deleteable.append(work)
    context['deleteable'] = deleteable

    if task_logic.canSubmitWork(task, self.data.ndb_profile):
      if self.data.POST and 'submit_work' in self.data.GET:
        # File form doesn't have any POST parameters so it should not be
        # passed while reconstructing the form. So only URL form is
        # constructed from POST data
        context['work_url_form'] = WorkSubmissionURLForm(data=self.data.POST)
      else:
        context['work_url_form'] = WorkSubmissionURLForm()

      # As mentioned in the comment above since there is no POST data to
      # be passed to the file form, it is constructed in the same way
      # in either cases.
      context['work_file_form'] = WorkSubmissionFileForm()
      if self.data.GET.get('file', None) == '0':
        context['work_file_form'].addFileRequiredError()

      if self.data.GET.get('ws_error', None) == '1':
        context['ws_error'] = True

      url = '%s?submit_work' % (
          self.data.redirect.id().urlOf(url_names.GCI_VIEW_TASK))
      context['direct_post_url'] = url

    return context
Exemplo n.º 4
0
    def checkAccess(self, data, check, mutator):
        """Checks whether this task is visible to the public and any other checks
    if it is a POST request.
    """
        mutator.taskFromKwargs(comments=True, work_submissions=True)
        data.is_visible = check.isTaskVisible()

        if task_logic.updateTaskStatus(data.task):
            # The task logic updated the status of the task since the deadline passed
            # and the GAE task was late to run. Reload the page.
            raise exception.Redirect('')

        if data.request.method == 'POST':
            # Access checks for the different forms on this page. Note that there
            # are no elif clauses because one could add multiple GET params :).
            check.isProfileActive()

            # Tasks for non-active organizations cannot be touched
            check.isOrganizationActive(data.task.org)

            if 'reply' in data.GET:
                # checks for posting comments
                # valid tasks and profile are already checked.
                check.isBeforeAllWorkStopped()
                check.isCommentingAllowed()

            if 'submit_work' in data.GET:
                check.isBeforeAllWorkStopped()
                if not task_logic.canSubmitWork(data.task, data.ndb_profile):
                    check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)

            if 'button' in data.GET:
                # check for any of the buttons
                button_name = self._buttonName(data)

                buttons = {}
                TaskInformation(data).setButtonControls(buttons)
                if not buttons.get(button_name):
                    check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)

            if 'send_for_review' in data.GET:
                check.isBeforeAllWorkStopped()
                if not task_logic.isOwnerOfTask(data.task, data.ndb_profile) or \
                    not data.work_submissions or \
                    data.task.status not in TASK_IN_PROGRESS:
                    check.fail(DEF_CANT_SEND_FOR_REVIEW)

            if 'delete_submission' in data.GET:
                check.isBeforeAllWorkStopped()
                task_id = self._submissionId(data)
                work = work_submission_model.GCIWorkSubmission.get_by_id(
                    task_id, parent=data.task)

                if not work:
                    check.fail(DEF_NO_WORK_FOUND % id)

                user_key = ndb.Key.from_old_key(
                    task_model.GCIWorkSubmission.user.get_value_for_datastore(
                        work))
                time_expired = work.submitted_on - datetime.datetime.now()
                if (user_key != data.ndb_user.key
                        or time_expired > task_logic.DELETE_EXPIRATION):
                    check.fail(DEF_NOT_ALLOWED_TO_DELETE)
Exemplo n.º 5
0
  def checkAccess(self, data, check, mutator):
    """Checks whether this task is visible to the public and any other checks
    if it is a POST request.
    """
    mutator.taskFromKwargs(comments=True, work_submissions=True)
    data.is_visible = check.isTaskVisible()

    if task_logic.updateTaskStatus(data.task):
      # The task logic updated the status of the task since the deadline passed
      # and the GAE task was late to run. Reload the page.
      raise exception.Redirect('')

    if data.request.method == 'POST':
      # Access checks for the different forms on this page. Note that there
      # are no elif clauses because one could add multiple GET params :).
      check.isProfileActive()

      # Tasks for non-active organizations cannot be touched
      check.isOrganizationActive(data.task.org)

      if 'reply' in data.GET:
        # checks for posting comments
        # valid tasks and profile are already checked.
        check.isBeforeAllWorkStopped()
        check.isCommentingAllowed()

      if 'submit_work' in data.GET:
        check.isBeforeAllWorkStopped()
        if not task_logic.canSubmitWork(data.task, data.ndb_profile):
          check.fail(DEF_NOT_ALLOWED_TO_UPLOAD_WORK)

      if 'button' in data.GET:
        # check for any of the buttons
        button_name = self._buttonName(data)

        buttons = {}
        TaskInformation(data).setButtonControls(buttons)
        if not buttons.get(button_name):
          check.fail(DEF_NOT_ALLOWED_TO_OPERATE_BUTTON % button_name)

      if 'send_for_review' in data.GET:
        check.isBeforeAllWorkStopped()
        if not task_logic.isOwnerOfTask(data.task, data.ndb_profile) or \
            not data.work_submissions or \
            data.task.status not in TASK_IN_PROGRESS:
          check.fail(DEF_CANT_SEND_FOR_REVIEW)

      if 'delete_submission' in data.GET:
        check.isBeforeAllWorkStopped()
        task_id = self._submissionId(data)
        work = work_submission_model.GCIWorkSubmission.get_by_id(
            task_id, parent=data.task)

        if not work:
          check.fail(DEF_NO_WORK_FOUND % id)

        user_key = ndb.Key.from_old_key(
            task_model.GCIWorkSubmission.user.get_value_for_datastore(work))
        time_expired = work.submitted_on - datetime.datetime.now()
        if (user_key != data.ndb_user.key or
            time_expired > task_logic.DELETE_EXPIRATION):
          check.fail(DEF_NOT_ALLOWED_TO_DELETE)