def test_viewer_has_access(self): """Test checking user access control permissions.""" user_1 = FakeUser("*****@*****.**") user_2 = FakeUser("*****@*****.**") profile_email_1 = util.get_safe_email(user_1) profile_email_2 = util.get_safe_email(user_2) user_info_1 = models.UserInfo() user_info_1.email = user_1.email() user_info_1.safe_email = util.get_safe_email(user_1) user_info_1.is_reviewer = False user_info_1.put() user_info_2 = models.UserInfo() user_info_2.email = user_2.email() user_info_2.safe_email = util.get_safe_email(user_2) user_info_2.is_reviewer = True user_info_2.put() self.assertTrue( account_facade.viewer_has_access(user_1, user_1.email()) ) self.assertTrue( account_facade.viewer_has_access(user_2, user_1.email()) ) self.assertFalse( account_facade.viewer_has_access(user_1, user_2.email()) )
def get(self, profile_email): """ GET request handler that renders a profile overview page. @param profile_email: The email address of the user whose profile's overview page should be rendered. @type profile_email: str """ cur_user = users.get_current_user() if not account_facade.viewer_has_access(cur_user, profile_email): self.redirect(constants.HOME_URL) section_statuses = account_facade.get_updated_sections( cur_user, profile_email) sections = constants.PORTFOLIO_SECTIONS account_facade.set_viewed(cur_user, profile_email, None) template = jinja_environment.get_template("portfolio_overview.html") template_vals = get_standard_template_dict() owner_name = util.get_full_name_from_email(profile_email) template_vals["profile_safe_email"] = util.sanitize_email(profile_email) template_vals["cur_section"] = "overview" template_vals["owner_name"] = " ".join(owner_name) template_vals["owner_first_name"] = owner_name[0] template_vals["owner_last_name"] = owner_name[1] template_vals["sections"] = sections template_vals["section_statuses"] = section_statuses content = template.render(template_vals) self.response.out.write(content)
def get(self, profile_email, section_name): """ GET request handler that renders the private comments for a section. @param profile_email: The email address of the user whose portfolio's comments should be displayed. @type profile_email: str @param section_name: The name of the portfolio section to render comments for. @type section_name: str """ cur_user = users.get_current_user() if not account_facade.viewer_has_access(cur_user, profile_email): self.redirect(constants.HOME_URL) new_comments = account_facade.get_new_comments( cur_user, profile_email, section_name) old_comments = account_facade.get_old_comments( cur_user, profile_email, section_name) section_statuses = account_facade.get_updated_sections( cur_user, profile_email) sections = constants.PORTFOLIO_SECTIONS account_facade.set_viewed(cur_user, profile_email, section_name) template = jinja_environment.get_template("portfolio_section.html") template_vals = get_standard_template_dict() owner_name = util.get_full_name_from_email(profile_email) template_vals["profile_safe_email"] = util.sanitize_email(profile_email) template_vals["cur_section"] = section_name template_vals["owner_name"] = " ".join(owner_name) template_vals["owner_first_name"] = owner_name[0] template_vals["owner_last_name"] = owner_name[1] template_vals["sections"] = sections template_vals["section_statuses"] = section_statuses template_vals["new_comments"] = new_comments template_vals["old_comments"] = old_comments content = template.render(template_vals) self.response.out.write(content)
def post(self, profile_email, section_name): """ POST handler for adding a priate comment to a portfolio section. @param profile_email: The email address of the user whose portfolio should recieve the new comment. @type profile_email: str @param section_name: The name of the portfolio section to add the new comment to. @type section_name: str """ cur_user = users.get_current_user() if not account_facade.viewer_has_access(cur_user, profile_email): self.redirect(constants.HOME_URL) raw_comment_contents = self.request.get("comment-contents", "") comment_contents = cgi.escape(raw_comment_contents) comment_contents = "<br>".join(comment_contents.splitlines()) new_comment = models.Comment() new_comment.author_email = cur_user.email() new_comment.profile_email = profile_email new_comment.section_name = section_name new_comment.contents = comment_contents new_comment.timestamp = datetime.datetime.now() new_comment.put() account_facade.set_viewed(cur_user, profile_email, section_name) account_facade.set_flash_message( cur_user.email(), constants.FLASH_MSG_TYPE_CONFIRMATION, constants.FLASH_MSG_ADDED_COMMENT ) self.redirect(self.request.path)