Changeset 2975 for WAeUP_SRP

Timestamp:

3 Jan 2008, 17:20:02 (17 years ago)

Author:

joachim

Message:

 

Location:

WAeUP_SRP/base

Files:

• WAeUPTool.py (modified) (1 diff)
• skins/waeup_epayment/getPaymentInfo.py (modified) (1 diff)
• skins/waeup_student/getApplicationInfo.py (modified) (1 diff)
• skins/waeup_student/getClearanceInfo.py (modified) (1 diff)
• skins/waeup_student/getStudentFolderInfo.py (modified) (2 diffs)
• skins/waeup_student/getStudyCourseInfo.py (modified) (1 diff)

WAeUP_SRP/base/WAeUPTool.py

@@ -98 +98 @@
         wf_def = getattr(self.portal_workflow,wf_definition)
         wf_def.updateRoleMappingsFor(ob)
+    ###)
+
+    security.declareProtected(View,'getAccessInfo') ###(
+    def getAccessInfo(self,context):
+        "return a dict with access_info"
+        logger = logging.getLogger('WAeUPTool.getAccessInfo')
+        mtool = self.portal_membership
+        member = mtool.getAuthenticatedMember()
+        member_id = str(member)
+        info = {}
+        is_anonymous = info['is_anonymous'] = mtool.isAnonymousUser()
+        is_student = info['is_student'] = ord(member_id[1]) > 48 and ord(member_id[1]) <= 57
+        is_staff = info['is_staff'] = not is_anonymous and not is_student
+        roles = member.getRolesInContext(context)
+        is_sectionofficer = info['is_sectionofficer'] = not is_student and ("SectionOfficer" in roles or
+                                                                            "SectionManager" in roles or
+                                                                            "Manager" in roles)
+        is_allowed = info['is_allowed'] = not is_anonymous
+        requested_id = context.getStudentId()
+        student_id  = None
+        if not is_student and requested_id:
+            student_id  = requested_id
+        elif is_anonymous or member_id != requested_id:
+            logger.info('%s tried to access %s of %s' % (member_id,context.portal_type,requested_id))
+        else:
+            student_id = member_id
+        info['student_id'] = student_id
+        return info
     ###)
 

WAeUP_SRP/base/skins/waeup_epayment/getPaymentInfo.py

@@ -21 +21 @@
         pass
 
-request = context.REQUEST
-mtool = context.portal_membership
-wf = context.portal_workflow
-member = mtool.getAuthenticatedMember()
-member_id = str(member)
+# request = context.REQUEST
+# mtool = context.portal_membership
+# wf = context.portal_workflow
+# member = mtool.getAuthenticatedMember()
+# member_id = str(member)
 
-if mtool.isAnonymousUser():
+# if mtool.isAnonymousUser():
+#     return None
+# info = {}
+# requested_id = context.getStudentId()
+# if requested_id and not context.isStaff() and member_id != requested_id:
+#     logger.info('%s tried to access %s' % (member_id,requested_id))
+#     return None
+# elif context.isStaff():
+#     student_id = requested_id
+# else:
+#     student_id = member_id
+info = context.waeup_tool.getAccessInfo(context)
+student_id = info['student_id']
+if student_id is None:
     return None
-info = {}
-requested_id = context.getStudentId()
-if requested_id and not context.isStaff() and member_id != requested_id:
-    logger.info('%s tried to access %s' % (member_id,requested_id))
-    return None
-elif context.isStaff():
-    student_id = requested_id
-else:
-    student_id = member_id
 
 

WAeUP_SRP/base/skins/waeup_student/getApplicationInfo.py

@@ -14 +14 @@
 
 request = context.REQUEST
-mtool = context.portal_membership
-wf = context.portal_workflow
-member = mtool.getAuthenticatedMember()
-member_id = str(member)
-path_info = request.get('PATH_INFO').split('/')
-##from Products.zdb import set_trace
-##set_trace()
-if mtool.isAnonymousUser():
+# mtool = context.portal_membership
+# wf = context.portal_workflow
+# member = mtool.getAuthenticatedMember()
+# member_id = str(member)
+# path_info = request.get('PATH_INFO').split('/')
+# ##from Products.zdb import set_trace
+# ##set_trace()
+# if mtool.isAnonymousUser():
+#     return None
+# info = {}
+# requested_id = context.getStudentId()
+# if requested_id and not context.isStaff() and member_id != requested_id:
+#     import logging
+#     logger = logging.getLogger('Skins.getApplicationInfo')
+#     logger.info('%s tried to access application object of %s' % (member_id,requested_id))
+#     student_id = requested_id
+#     return None
+# elif context.isStaff():
+#     student_id = requested_id
+# else:
+#     student_id = member_id
+info = context.waeup_tool.getAccessInfo(context)
+student_id = info['student_id']
+if student_id is None:
     return None
-info = {}
-requested_id = context.getStudentId()
-if requested_id and not context.isStaff() and member_id != requested_id:
-    import logging
-    logger = logging.getLogger('Skins.getApplicationInfo')
-    logger.info('%s tried to access application object of %s' % (member_id,requested_id))
-    student_id = requested_id
-    return None
-elif context.isStaff():
-    student_id = requested_id
-else:
-    student_id = member_id
 
 info['has_passport'] = context.waeup_tool.picturesExist(('passport',), student_id)

WAeUP_SRP/base/skins/waeup_student/getClearanceInfo.py

@@ -23 +23 @@
 path_info = request.get('PATH_INFO').split('/')
 
-if mtool.isAnonymousUser():
+# if mtool.isAnonymousUser():
+#     return None
+# info = {}
+# #from Products.zdb import set_trace
+# #set_trace()
+# requested_id = context.getStudentId()
+# if requested_id and not context.isStaff() and member_id != requested_id:
+#     logger.info('%s tried to access %s' % (member_id,requested_id))
+#     return None
+# elif context.isStaff():
+#     student_id = requested_id
+# else:
+#     student_id = member_id
+
+info = context.waeup_tool.getAccessInfo(context)
+student_id = info['student_id']
+if student_id is None:
     return None
-info = {}
-#from Products.zdb import set_trace
-#set_trace()
-requested_id = context.getStudentId()
-if requested_id and not context.isStaff() and member_id != requested_id:
-    logger.info('%s tried to access %s' % (member_id,requested_id))
-    return None
-elif context.isStaff():
-    student_id = requested_id
-else:
-    student_id = member_id
-
 
 students_object = context.portal_url.getPortalObject().campus.students

WAeUP_SRP/base/skins/waeup_student/getStudentFolderInfo.py

@@ -35 +35 @@
 
 
-info = {}
 member_id = str(member)
 #from Products.zdb import set_trace;set_trace()
-is_student = info['is_student'] = context.isStudent()
-is_staff = info['is_staff'] = context.isStaff()
-is_sectionofficer = info['is_sectionofficer'] = context.isSectionOfficer()
-while True:
-    if mtool.isAnonymousUser():
-        return None
-    requested_id = context.getStudentId()
-    if not is_student and requested_id:
-        student_id = requested_id
-        break
-    if member_id != requested_id:
-        logger.info('%s tried to access %s' % (member_id,requested_id))
-        student_id = member_id
-        mtool.assertViewable(context)
-        break
-    student_id = member_id
-    break
+# info = {}
+# is_student = info['is_student'] = context.isStudent()
+# is_staff = info['is_staff'] = context.isStaff()
+# is_sectionofficer = info['is_sectionofficer'] = context.isSectionOfficer()
+# while True:
+#     if mtool.isAnonymousUser():
+#         return None
+#     requested_id = context.getStudentId()
+#     if not is_student and requested_id:
+#         student_id = requested_id
+#         break
+#     if member_id != requested_id:
+#         logger.info('%s tried to access %s' % (member_id,requested_id))
+#         student_id = member_id
+#         mtool.assertViewable(context)
+#         break
+#     student_id = member_id
+#     break
+info = context.waeup_tool.getAccessInfo(context)
+student_id = info['student_id']
+if student_id is None:
+    return None
+
 student_path_root = "%s/campus/students/%s" % (context.portal_url.getPortalPath(),student_id)
 student_path = "%s/campus/students/%s" % (context.portal_url(),student_id)
@@ -102 +107 @@
     row['type'] = subobject.portal_type
     review_state = row['review_state'] = wf.getInfoFor(subobject,'review_state',None)
-    row['is_editable'] = (is_student and review_state == "opened") or is_sectionofficer
+    row['is_editable'] = (info['is_student'] and review_state == "opened") or info['is_sectionofficer']
     sv_link = s_view_links.get(subobject.portal_type,None) or "waeup_document_view"
     row['s_view_link'] = "%s/%s" % (url,sv_link)

WAeUP_SRP/base/skins/waeup_student/getStudyCourseInfo.py

@@ -30 +30 @@
 
 wftool = context.portal_workflow
-path_info = request.get('PATH_INFO').split('/')
+# path_info = request.get('PATH_INFO').split('/')
 
-info = {}
-info['is_so'] = context.isSectionOfficer()
+# info = {}
+info = context.waeup_tool.getAccessInfo(context)
+student_id = info['student_id']
+if student_id is None:
+    return None
+
+#info['is_so'] = context.isSectionOfficer()
+info['is_so'] = info['is_sectionofficer']
 info['action'] = "%s" % context.absolute_url()
 info['choosen_ids'] = request.get('ids',[])
 course  = info['doc'] = context.getContent()
-student_id = context.getStudentId()
+#student_id = context.getStudentId()
 student_record = context.students_catalog.getRecordByKey(student_id)
 if not student_record: