def visit(self):
if (self.club and self.user):
return True
#Analyze req path first
slug, pathuser = urlconf.analyze(self.request.path)
#Get club
club = Club.getClubBySlug(slug)
if (not club):
return errorPage(self.response, "No such club " + slug, '/clubs',
404)
#Check user status
user = users.get_current_user()
if (not user):
return errorPage(self.response, "User not login",
users.create_login_url(self.request.uri),
self.response, 403)
#That the one we modify is the path user. if omitted, user current user as target
if (pathuser):
pathuser = users.User(pathuser)
else:
pathuser = user
#@warning: I don't know is it correct to add access control code here
if (not hasClubPrivilige(user, club, 'membership', pathuser.email())):
return errorPage(self.response, "Can not access", '/', 403)
self.user = user
self.club = club
self.member = Membership.between(pathuser, club)
self.targetUser = pathuser
return True
def doDelete(self):
if (hasClubPrivilige(self.user, self.club, 'deleteMember',
self.targetUser.email())):
member = self.member
if (member):
return member.delete()
return False
def editOrCreateRight(self, user, club): if ( (not club.is_saved() and isAccessible (user, "createClub")) #Create or (club.is_saved() and hasClubPrivilige(user, club, "edit")) ): #Edit return True else: errorPage( self.response, "Access Deny For club", users.create_login_url(self.request.uri))#Access Deny return False
def visit(self):
if self.club and self.user:
return True
# Analyze req path first
slug, pathuser = urlconf.analyze(self.request.path)
# Get club
club = Club.getClubBySlug(slug)
if not club:
return errorPage(self.response, "No such club " + slug, "/clubs", 404)
# Check user status
user = users.get_current_user()
if not user:
return errorPage(
self.response, "User not login", users.create_login_url(self.request.uri), self.response, 403
)
# That the one we modify is the path user. if omitted, user current user as target
if pathuser:
pathuser = users.User(pathuser)
else:
pathuser = user
# @warning: I don't know is it correct to add access control code here
if not hasClubPrivilige(user, club, "membership", pathuser.email()):
return errorPage(self.response, "Can not access", "/", 403)
self.user = user
self.club = club
self.member = Membership.between(pathuser, club)
self.targetUser = pathuser
return True
def responseClub(self, clubmodel, nickname): templateValues = dict(action=self.request.path, username=nickname, model=clubmodel) if (hasClubPrivilige(users.get_current_user(), clubmodel, "finance" )): templateValues['enableFinance'] = True if (clubmodel.is_saved()): templateValues['oldslug'] = clubmodel.slug self.response.out.write (render(self.template, templateValues, self.request.url) )
def initRequest(self):
urlconf = urldict[type(self).__name__]
slug, useremail = urlconf.analyze(self.request.path)
club = Club.getClubBySlug(slug)
if (not club):
return errorPage(self.response, "No Such Club: '%s'" % slug,
urldict['ClubList'].path(), 404)
user = users.get_current_user()
pathuser = user
if (useremail):
getuser = users.User(useremail)
if (getuser):
pathuser = getuser
if (hasClubPrivilige(user, club, "privGrant", pathuser)):
self.user = user
self.target = Membership.between(pathuser, club)
if (self.target):
return True
else:
return errorPage(
self.response,
"User %s is not a member of club %s" % (pathuser, slug),
urldict['ClubView'].path(slug), 403)
else:
return errorPage(
self.response,
"Access Deny For Privilige Grant Operation on Club %s, to user %s"
% (slug, pathuser), urldict['ClubView'].path(slug), 403)
def checkPrivilige(self): user = get_current_user() if (not user): errorPage ( self.response, "Not login", create_login_url(self.request.url), 403) return False if (not hasClubPrivilige(user, self.actobj.club, "newact")): errorPage ( self.response, "Not Authorized to edit", urldict['ClubView'].path(self.actobj.club.slug), 403) return False return True
def checkPrivilige(self):
user = get_current_user()
if (not user):
errorPage(self.response, "Not login",
create_login_url(self.request.url), 403)
return False
if (not hasClubPrivilige(user, self.actobj.club, "newact")):
errorPage(self.response, "Not Authorized to edit",
urldict['ClubView'].path(self.actobj.club.slug), 403)
return False
return True
def get(self, *args):
path = self.request.path
slug = lastWordOfUrl(path)
if (slug):
club = Club.getClubBySlug(slug)
if (club):
templatevars = dict(club = club )
user = users.get_current_user()
membership = Membership.between (user, club)
if (membership):
templatevars['membership'] = membership
elif (user and hasClubPrivilige(user, club, 'join')): #Could Join
templatevars['action'] = memberurlconf.path(club.slug, user.email())
templatevars['userName'] = user.nickname()
templatevars['userEmail'] = user.email()
else:
templatevars['loginUrl'] = users.create_login_url(self.request.uri)
if (membership and hasClubPrivilige(user, club, 'newAct')):
templatevars['newAct'] = urldict['ActivityNew'].path(slug)
if (hasClubPrivilige(user, club, "edit")):
templatevars['editurl'] = urldict['ClubEdit'].path(club.slug)
mq = Membership.all()
mq.filter ('club = ', club)
memset = []
for mem in mq:
if (hasClubPrivilige(user, club, "privGrant")):
mem.privEdit = urldict['ClubPrivilige'].path(slug, mem.user.email())
memset.append(mem)
templatevars['members'] = memset
aq = Activity.all()
aq.filter ('club = ', club)
avpath = urldict['ActivityView'].path
actlist = []
for act in aq:
act.linkpath = avpath (act.key().id())
actlist.append (act)
templatevars['acts'] = actlist
self.response.out.write (render(self.template, templatevars, self.request.url) )
else:
self.response.set_status(404)
errorPage( self.response, "Club Not Found", listurlconf.path())
def get(self, *args):
if self.visit():
club = self.club
tempvars = dict(
user=self.user,
action=urlconf.path(self.club.slug, self.user.email()),
member=self.getMember(),
club=self.club,
cluburl=cvurlconf.path(club.slug),
postStatus=self.postStatus,
enableFinace=hasClubPrivilige(users.get_current_user(), club, "finance"),
)
self.response.out.write(render(self.template, tempvars, self.request.url))
def get(self, *args):
if (self.visit()):
club = self.club
tempvars = dict(user=self.user,
action=urlconf.path(self.club.slug,
self.user.email()),
member=self.getMember(),
club=self.club,
cluburl=cvurlconf.path(club.slug),
postStatus=self.postStatus,
enableFinace=hasClubPrivilige(
users.get_current_user(), club, "finance"))
self.response.out.write(
render(self.template, tempvars, self.request.url))
def getPostData(self):
member = self.getMember()
getval = self.request.get
name = getval("name", "")
email = getval("email", "")
balance = getval("balance", "")
member.user = self.targetUser
if name:
member.name = getval("name", "")
elif not member.name:
member.name = self.user.nickname()
if email:
member.email = getval("email", "")
elif not member.email:
member.email = self.user.email()
if balance and hasClubPrivilige(users.get_current_user(), member.club, "finance"):
member.balance = balance
return member
def getPostData(self):
member = self.getMember()
getval = self.request.get
name = getval('name', '')
email = getval('email', '')
balance = getval('balance', '')
member.user = self.targetUser
if (name):
member.name = getval('name', '')
elif (not member.name):
member.name = self.user.nickname()
if (email):
member.email = getval('email', '')
elif (not member.email):
member.email = self.user.email()
if (balance and hasClubPrivilige(users.get_current_user(), member.club,
"finance")):
member.balance = balance
return member
def initRequest(self): urlconf = urldict[type(self).__name__] slug, useremail = urlconf.analyze(self.request.path) club = Club.getClubBySlug(slug) if (not club): return errorPage(self.response, "No Such Club: '%s'" % slug, urldict['ClubList'].path(), 404) user = users.get_current_user() pathuser = user if (useremail): getuser = users.User(useremail) if (getuser): pathuser = getuser if (hasClubPrivilige(user, club, "privGrant", pathuser)): self.user = user self.target = Membership.between(pathuser, club) if (self.target): return True else: return errorPage(self.response, "User %s is not a member of club %s" % (pathuser, slug), urldict['ClubView'].path(slug), 403 ) else: return errorPage(self.response, "Access Deny For Privilige Grant Operation on Club %s, to user %s" % (slug, pathuser), urldict['ClubView'].path(slug), 403 )
def parsePostdata(self, request, oldslug=''):
owner = request.get('owner', users.get_current_user() )
if (not oldslug):
oldslug = request.get('oldslug', '')
slug = request.get('slug', '')
if (not slug):
return False
name = request.get('name', '')
fund = request.get('fund', '')
intro = request.get('intro', '')
if (oldslug):#in edit mode
clubmd = self.makeClubModel(oldslug)
else: #Create new model
clubmd = self.makeClubModel(slug)
clubmd.owner = owner
clubmd.slug = slug
clubmd.name = name
if (hasClubPrivilige(users.get_current_user(), clubmd, "finanace" )):
clubmd.fund = fund
clubmd.intro = intro
return clubmd
def doDelete(self):
if hasClubPrivilige(self.user, self.club, "deleteMember", self.targetUser.email()):
member = self.member
if member:
return member.delete()
return False
