def get(self, data, check, mutator): """Allows public to download the content anonymously.""" content_id = data.kwargs.get('content_id') if not content_id: raise exception.NotFound(message=DEF_CONTENT_NOT_FOUND) q = static_content.StaticContent.all() q.ancestor(data.program) q.filter('content_id', content_id) entity = q.get() if not entity: raise exception.NotFound(message=DEF_CONTENT_NOT_FOUND) return bs_helper.sendBlob(entity.content)
def url_proposal(self): """Returns the url_proposal field. This property represents a proposal entity corresponding to a profile whose identifier is a part of the URL of the processed request. Numerical identifier of the proposal is also a part of the URL. Returns: Retrieved proposal entity. Raises: exception.BadRequest: if some data is missing in the current request. exception.NotFound: if no entity is found. """ if not self._isSet(self._url_proposal): if 'id' not in self.kwargs: raise exception.BadRequest( message='The request does not contain proposal id.') else: self._url_proposal = proposal_model.GSoCProposal.get_by_id( int(self.kwargs['id']), self.url_ndb_profile.key.to_old_key()) if not self._url_proposal: raise exception.NotFound( message='Requested proposal does not exist.') return self._url_proposal
def checkAccess(self, data, check, mutator): # TODO(daniel): remove this when data.document throws not found on its own if not data.document: raise exception.NotFound( message="No such document: '%s'" % data.key_name) check.canViewDocument()
def url_ndb_org(self): """Returns url_org property. This property represents organization entity whose identifier is a part of the URL of the processed request. Returns: Retrieved organization entity. Raises: exception.BadRequest: if the current request does not contain any organization data. exception.NotFound: if the organization is not found. """ if not self._isSet(self._url_ndb_org): try: fields = ['sponsor', 'program', 'organization'] entity_id = '/'.join(self.kwargs[i] for i in fields) except KeyError: raise exception.BadRequest( message='The request does not contain full organization data.') self._url_ndb_org = self.models.ndb_org_model.get_by_id(entity_id) if not self._url_ndb_org: raise exception.NotFound( message='Requested organization does not exist.') return self._url_ndb_org
def url_connection(self): """Returns url_connection property. This property represents connection entity corresponding to profile whose identifier is a part of the URL of the processed request. Numerical identifier of the connection is also a part of the URL. Returns: Retrieved connection entity. Raises: exception.BadRequest: if some data is missing in the current request. exception.NotFound: if no entity is found. """ if not self._isSet(self._url_connection): try: connection_key = ndb.Key( connection_model.Connection._get_kind(), int(self.kwargs['id']), parent=self._getUrlNdbProfileKey()) except KeyError: raise exception.BadRequest( message='The request does not contain connection id.') self._url_connection = connection_key.get() if not self._url_connection: raise exception.NotFound( message='Requested connection does not exist.') return self._url_connection
def _getProgramWideFields(self): """Fetches program wide fields in a single database round-trip.""" keys = [] # add program's key if self.kwargs.get('sponsor') and self.kwargs.get('program'): program_key_name = "%s/%s" % ( self.kwargs['sponsor'], self.kwargs['program']) program_key = db.Key.from_path( self.models.program_model.kind(), program_key_name) else: program_key = site_model.Site.active_program.get_value_for_datastore( self.site) program_key_name = program_key.name() keys.append(program_key) # add timeline's key keys.append(db.Key.from_path( self.models.timeline_model.kind(), program_key_name)) # add org_app's key org_app_key_name = '%s/%s/orgapp' % ( self.models.program_model.prefix, program_key_name) keys.append(db.Key.from_path('OrgAppSurvey', org_app_key_name)) self._program, self._program_timeline, self._org_app = db.get(keys) # raise an exception if no program is found if not self._program: raise exception.NotFound( message="There is no program for url '%s'" % program_key_name)
def url_ndb_user(self): """Returns url_user property. This property represents user entity for a person whose identifier is a part of the URL of the processed request. Returns: Retrieved user entity. Raises: exception.BadRequest: if the current request does not contain any user data. exception.NotFound: if the user is not found. """ if not self._isSet(self._url_ndb_user): key_id = self.kwargs.get('user') if not key_id: raise exception.BadRequest( message='The request does not contain user data.') self._url_ndb_user = self.models.user_model.get_by_id(key_id) if not self._url_ndb_user: raise exception.NotFound(message='Requested user does not exist.') return self._url_ndb_user
def checkAccess(self, data, check): """See AccessChecker.checkAccess for specification.""" if not data.program: raise exception.NotFound(message=_MESSAGE_PROGRAM_NOT_EXISTING) if (data.program.status != program_model.STATUS_VISIBLE or not data.timeline.programActive()): raise exception.Forbidden(message=_MESSAGE_PROGRAM_NOT_ACTIVE)
def checkAccess(self, data, check, mutator): """Defines access checks for this list, all hosts should be able to see it. """ if not data.org_app: raise exception.NotFound( message=access_checker.DEF_NO_ORG_APP % data.program.name) check.isHost()
def checkAccess(self, data, check, mutator): if not data.org_app: raise exception.NotFound(message=access_checker.DEF_NO_ORG_APP % data.program.name) mutator.orgAppRecordIfIdInKwargs() assert access_checker.isSet(data.org_app_record) check.canViewOrgApp()
def surveyGroupFromKwargs(self): """Sets the GradingSurveyGroup from kwargs. """ assert access_checker.isSet(self.data.program) survey_group = GSoCGradingSurveyGroup.get_by_id( int(self.data.kwargs['id'])) if not survey_group: raise exception.NotFound( message='Requested GSoCGradingSurveyGroup does not exist') if survey_group.program.key() != self.data.program.key(): raise exception.NotFound( message=('Requested GSoCGradingSurveyGroup ' 'does not exist in this program')) self.data.survey_group = survey_group
def isMessagingEnabled(self): """Checks whether the program has messaging enabled. If not, accessing views related to the messaging system is not allowed. """ if not self.data.program: raise exception.NotFound(message=DEF_NO_SUCH_PROGRAM) self.isProgramVisible() if not self.data.program.messaging_enabled: raise exception.Forbidden(message=DEF_MESSAGING_NOT_ENABLED)
def orgAppRecordIfIdInKwargs(self): """Sets the organization application in RequestData object.""" assert self.data.org_app self.data.org_app_record = None org_app_id = self.data.kwargs.get('id') if org_app_id: self.data.org_app_record = org_app_record.OrgAppRecord.get_by_id( int(org_app_id)) if not self.data.org_app_record: raise exception.NotFound(message=DEF_NO_ORG_APP % self.data.program.name)
def checkAccess(self, data, check, mutator): # check if the profile in URL is a really student if not data.url_profile.is_student: raise exception.NotFound( message='The requested user is not a student.') try: check.isHost() except exception.UserError: check.hasProfile() # check if the profile in URL kwargs is the current profile if data.profile.key() != data.url_profile.key(): raise exception.Forbidden( message='You do not have access to this data')
def get(self, data, check, mutator): """Allows hosts to download the student forms.""" if url_names.CONSENT_FORM_GET_PARAM in data.GET: download = data.url_ndb_profile.student_data.consent_form elif url_names.ENROLLMENT_FORM_GET_PARAM in data.GET: download = data.url_ndb_profile.student_data.enrollment_form else: raise exception.BadRequest(message='No file requested') # download has been requested if download: return bs_helper.sendBlob(blobstore.BlobInfo(download)) else: raise exception.NotFound(message='File not found')
def canViewDocument(self): """Checks if the specified user can see the document. """ assert isSet(self.data.document) if not self.data.document: raise exception.NotFound(message=DEF_NO_DOCUMENT) self.isProgramVisible() if self.data.document.read_access == 'public': return raise exception.Forbidden(message=DEF_NOT_PUBLIC_DOCUMENT)
def get(self, data, check, mutator): """Handles download of the forms otherwise resumes normal rendering.""" if 'consent_form' not in data.GET and 'enrollment_form' not in data.GET: # no download request has been specified return super(StudentFormUpload, self).get(data, check, mutator) elif 'consent_form' in data.GET: download = data.ndb_profile.student_data.consent_form elif 'enrollment_form' in data.GET: download = data.ndb_profile.student_data.enrollment_form # download has been requested if download: return bs_helper.sendBlob(blobstore.BlobInfo(download)) else: raise exception.NotFound(message='File not found')
def isProgramRunning(self): """Checks whether the program is running now by making sure the current data is between program start and end and the program is visible to normal users. """ if not self.data.program: raise exception.NotFound(message=DEF_NO_SUCH_PROGRAM) self.isProgramVisible() if self.data.timeline.programActive(): return raise exception.Forbidden(message=DEF_PROGRAM_NOT_RUNNING % self.data.program.name)
def studentEvaluationFromKwargs(self, raise_not_found=True): """Sets the student evaluation in RequestData object. Args: raise_not_found: iff False do not send 404 response. """ # kwargs which defines a survey fields = ['sponsor', 'program', 'survey'] key_name = '/'.join(['gsoc_program'] + [self.data.kwargs[field] for field in fields]) self.data.student_evaluation = ProjectSurvey.get_by_key_name(key_name) if raise_not_found and not self.data.student_evaluation: raise exception.NotFound(message=DEF_NO_STUDENT_EVALUATION % key_name)
def orgAppRecord(self, org_id): """Sets the org app record corresponding to the given org id. Args: org_id: The link_id of the organization. """ assert access_checker.isSet(self.data.program) q = OrgAppRecord.all() q.filter('org_id', org_id) q.filter('program', self.data.program) record = q.get() if not record: raise exception.NotFound(message=DEF_NO_ORG_APP_RECORD_FOUND) self.data.org_app_record = record
def gradingSurveyRecordFromKwargs(self): """Sets a GradingSurveyRecord entry in the RequestData object. """ if not ('group' in self.data.kwargs and 'id' in self.data.kwargs): raise exception.BadRequest( message=access_checker.DEF_NOT_VALID_REQUEST) # url regexp ensures that it is a digit record_id = long(self.data.kwargs['record']) group_id = long(self.data.kwargs['group']) record = GSoCGradingRecord.get_by_id(record_id, parent=self.data.url_project) if not record or record.grading_survey_group.key().id() != group_id: raise exception.NotFound(message=DEF_NO_RECORD_FOUND) self.data.record = record
def _getOrganization(self): """Returns the organization field.""" if not self._isSet(self._organization): if self.kwargs.get('organization'): fields = [ self.program.key().id_or_name(), self.kwargs.get('organization') ] org_key_name = '/'.join(fields) self._organization = self.models.ndb_org_model.get_by_id( org_key_name) if not self._organization: raise exception.NotFound( message="There is no organization for url '%s'" % org_key_name) else: self._organization = None return self._organization
def url_ndb_profile(self): """Returns url_profile property. This property represents profile entity for a person whose identifier is a part of the URL of the processed request for the program whose identifier is also a part of the URL. Returns: Retrieved profile entity. Raises: exception.UserError: if no profile entity is found. """ if not self._isSet(self._url_ndb_profile): self._url_ndb_profile = self._getUrlNdbProfileKey().get() if not self._url_ndb_profile: raise exception.NotFound(message='Requested profile does not exist.') return self._url_ndb_profile
def canCreateOrgProfile(self): """Checks if the current user is an admin or a backup admin for the org app and also check whether the organization application is accepted. """ app_record = self.data.org_app_record if not app_record: raise exception.NotFound(message=DEF_ORG_APP_NOT_FOUND % app_record.org_id) if self.data.user.key() not in [ app_record.main_admin.key(), app_record.backup_admin.key() ]: raise exception.Forbidden(message=DEF_NOT_ADMIN_FOR_ORG_APP) if app_record.status != 'accepted': raise exception.Forbidden(message=DEF_ORG_APP_NOT_ACCEPTED % (app_record.org_id))
def isProgramVisible(self): """Checks whether the program exists and is visible to the user. Visible programs are either in the visible. Programs are always visible to hosts. """ if not self.data.program: raise exception.NotFound(message=DEF_NO_SUCH_PROGRAM) if self.data.program.status == program_model.STATUS_VISIBLE: return # TODO(nathaniel): Sure this is weird, but it's a consequence # of boolean-question-named methods having return-None-or-raise- # exception semantics. try: self.isHost() return except exception.UserError: raise exception.Forbidden(message=DEF_PROGRAM_NOT_VISIBLE % self.data.program.name)
def checkAccess(self, data, check, mutator): if not data.org_app: raise exception.NotFound( message=access_checker.DEF_NO_ORG_APP % data.program.name) mutator.orgAppRecordIfIdInKwargs() assert access_checker.isSet(data.org_app) # FIXME: There will never be organization in kwargs show_url = None if 'organization' in data.kwargs: # TODO(nathaniel): make this .organization() call unnecessary. Like, # more than it already is (see the note above). data.redirect.organization() show_url = data.redirect.urlOf('gci_show_org_app') check.isSurveyActive(data.org_app, show_url) if data.org_app_record: check.canRetakeOrgApp() else: check.canTakeOrgApp()
def checkAccess(self, data, check, mutator): check.isHost() if not data.org_app: raise exception.NotFound(message=access_checker.DEF_NO_ORG_APP % data.program.name)
def checkAccess(self, data, check, mutator): check.isProgramVisible() if not data.program.events_page: raise exception.NotFound( message='No events document is defined for program.')