[open-ils-commits] r1121 - in servres/trunk/conifer/syrup: . views (gfawcett)
svn at svn.open-ils.org
svn at svn.open-ils.org
Mon Dec 27 19:40:50 EST 2010
Author: gfawcett
Date: 2010-12-27 19:40:49 -0500 (Mon, 27 Dec 2010)
New Revision: 1121
Modified:
servres/trunk/conifer/syrup/models.py
servres/trunk/conifer/syrup/views/_common.py
Log:
fix access control bug: closed sites are only accessible by instructors.
Modified: servres/trunk/conifer/syrup/models.py
===================================================================
--- servres/trunk/conifer/syrup/models.py 2010-12-27 21:58:07 UTC (rev 1120)
+++ servres/trunk/conifer/syrup/models.py 2010-12-28 00:40:49 UTC (rev 1121)
@@ -403,10 +403,24 @@
or bool(self.members().filter(user=user)))
def is_open_to(self, user):
- return self.access == 'ANON' \
- or (self.access == 'LOGIN' and user.is_authenticated()) \
- or user.is_staff \
- or self.is_member(user)
+ level = self.access
+ if level == 'ANON' or user.is_staff:
+ return True
+ if not user.is_authenticated():
+ return False
+ if level == 'LOGIN':
+ return True
+ try:
+ mbr = self.members().get(user=user)
+ except:
+ return False
+ if level == 'CLOSE':
+ return mbr.role == u'INSTR'
+ elif level == u'MEMBR':
+ return True
+ else:
+ raise Exception('Cannot determine access level '
+ 'for user %s in site %s' % (user, self))
@classmethod
def taught_by(cls, user):
Modified: servres/trunk/conifer/syrup/views/_common.py
===================================================================
--- servres/trunk/conifer/syrup/views/_common.py 2010-12-27 21:58:07 UTC (rev 1120)
+++ servres/trunk/conifer/syrup/views/_common.py 2010-12-28 00:40:49 UTC (rev 1121)
@@ -85,6 +85,8 @@
else:
if site.access=='LOGIN':
msg = _('Please log in, so that you can enter this site.')
+ elif site.access=='CLOSE':
+ msg = _('Sorry, but you can no longer access this site.')
else:
msg = _('Only site members are allowed here.')
return _access_denied(request, msg)
More information about the open-ils-commits
mailing list