Changeset 1006 for WAeUP_SRP/trunk/skins/waeup_student

Timestamp:

7 Dec 2006, 18:18:28 (18 years ago)

Author:

joachim

Message:

student_search fixed for ClearanceOfficers?
getStudentInfo checks for access to not owned Student-Ids and logs them.
search Pins shows all used PIN's

Location:

WAeUP_SRP/trunk/skins/waeup_student

Files:

• getStudentInfo.py (modified) (1 diff)
• search_students.py (modified) (3 diffs)
• search_students_form.pt (modified) (1 diff)

WAeUP_SRP/trunk/skins/waeup_student/getStudentInfo.py

@@ -20 +20 @@
 path_info = request.get('PATH_INFO').split('/')
 
+import logging
+logger = logging.getLogger('getStudentInfo')
+
 info = {}
 member_id = str(member)
+#from Products.zdb import set_trace
+#set_trace()
+student_id = None
 if student is None:
-    if mtool.isAnonymousUser():
-        return None
-    elif not context.isStudent() and 'students' in path_info:
-        student_id = path_info[path_info.index('students')+1]
-    else:
+    while True:
+        if mtool.isAnonymousUser():
+            return None
+        try:
+            requested_id = path_info[path_info.index('students')+1]
+        except ValueError:
+            student_id = member_id
+            break
+        if not context.isStudent() and 'students' in path_info:
+            student_id = requested_id
+            break
+        if member_id != requested_id:
+            logger.info("Student %s tried to access %s" % (member_id,requested_id))
+            student_id = member_id
+            #mtool.assertViewable(context)
+            break
         student_id = member_id
+        break
 else:
     student_id = student.getId()
+
 roles = member.getRoles()
 student_path = "%s/campus/students/%s" % (context.portal_url.getPortalPath(),student_id)
 student = context.restrictedTraverse(student_path,default=None)
-#from Products.zdb import set_trace
-#set_trace()
 
-if student is None or student.portal_type != 'Student':
+if student is None or student.portal_type != "Student":
     return None
 ##res = context.portal_catalog(id = student_id,portal_type='Student')

WAeUP_SRP/trunk/skins/waeup_student/search_students.py

@@ -49 +49 @@
 path_info = request.get('PATH_INFO').split('/')
 validate = request.has_key("cpsdocument_edit_button")
+
+state = "all"
+if "ClearanceOfficers" in member.getGroups():
+    state = "clearance_requested"
 default = {'search_mode': 'name',
-        'review_state': 'all',
+        'review_state': state,
         'search_string': ''
         }
@@ -152 +156 @@
 if items:
     for item in items:
-        #if context.isClearanceOfficer(info):
+        stcat = context.students_catalog
+        record = stcat(id = item)[0]
         info = {}
+        for field in stcat.schema() + stcat.indexes():
+            info[field] = getattr(record, field)
         if "ClearanceOfficers" in member.getGroups():
             co_view = True
-##            droles = member.getRolesInContext(item)
-##            if "ClearanceOfficer" in droles:
-##                info = context.getStudentInfo(item)
-##                students.append(info)
+            res = context.portal_catalog(portal_type='Student', id = item)
+            if len(res) != 1:
+                continue
+            droles = member.getRolesInContext(res[0].getObject())
+            info['review_state'] = res[0].review_state
+            if "ClearanceOfficer" in droles:
+                students.append(info)
         else:
-            #info = context.getStudentInfo(item)
-            info = context.students_catalog(id = item)
             if len(info) == 1:
-                students.append(info[0])
+                students.append(info)
 
     return context.search_students_form(rendered = rend,
                              psm = "",
-                             #psm = "%d,%d matching Students found QS = %s" %\
-                             #       (len(review_set),len(search_set),query_step),
-                             #psm = "%d found QS = %s items: %s" % (len(items),query_step,items),
                              students = students,
                              allowed = True,
@@ -177 +182 @@
 return context.search_students_form(rendered = rend,
                              psm = "No student found!",
-                             #psm = """Step: %s found: %s Your search for "%s" in %s with state %s failed.<br\>%s""" % (query_step,len(items),st,what,state,bools),
                              students = students,
                              allowed = True,

WAeUP_SRP/trunk/skins/waeup_student/search_students_form.pt

@@ -63 +63 @@
                 <td tal:condition="options/co_view|nothing">
                        <a href="id" 
-                          tal:attributes="href string:${student/student/clearance/absolute_url}/external_clearance_edit_form"
+                          tal:attributes="href string:${context/portal_url}/campus/students/${student/id}/clearance/external_clearance_edit_form"
                           target="edit"
                           onclick="javascript:window.open('','edit','width=600, height=700, directories=no, toolbar=no, location=no, menubar=no, scrollbars=yes, status=no, resizable=no, dependent=no')"