def wrapped(self): """Decorator wrapper method. """ content = self.cleaned_data.get(field_name) # clean_html_content is called when writing data into GAE rather than # when reading data from GAE. This short-circuiting of the sanitizer # only affects html authored by developers. The isDeveloper test for # example allows developers to add javascript. if user.isDeveloper(): return content content = sanitize_html_string(content) return content
def components(self): """Returns the list components that are active on the page. """ components = [] if self.data.student_info: components += self._getStudentComponents() elif self.data.is_org_admin: components += self._getOrgAdminComponents() components += self._getMentorComponents() elif self.data.is_mentor: components += self._getMentorComponents() else: components += self._getLoneUserComponents() if self.data.is_host or user_logic.isDeveloper(): components += self._getHostComponents() return components
def user(self): """Returns the user field.""" if not self._isSet(self._user): self._user = user_logic.current() # developer may view the page as another user if self._user and user_logic.isDeveloper(user=self._user): settings = settings_logic.getUserSettings( ndb.Key.from_old_key(self._user.key())) if settings.view_as is not None: user = user_model.User.get(settings.view_as.to_old_key()) if user: self._user = user else: # TODO(daniel): use main LINKER object when merged linker = links.Linker() user_settings_url = linker.user( self._user, urls.UrlNames.USER_SETTINGS) raise exception.BadRequest( message=VIEW_AS_USER_DOES_NOT_EXIST % user_settings_url) return self._user