Revision c5b0bbb7
| b/snf-astakos-app/astakos/im/functions.py | ||
|---|---|---|
| 346 | 346 |
raise ProjectNotFound(m) |
| 347 | 347 |
|
| 348 | 348 |
|
| 349 |
def checkAllowed(entity, request_user, admin_only=False): |
|
| 350 |
if isinstance(entity, Project): |
|
| 351 |
application = entity.application |
|
| 352 |
elif isinstance(entity, ProjectApplication): |
|
| 353 |
application = entity |
|
| 354 |
else: |
|
| 355 |
m = "%s not a Project nor a ProjectApplication" % (entity,) |
|
| 356 |
raise ValueError(m) |
|
| 357 |
|
|
| 358 |
if not request_user or request_user.is_project_admin(): |
|
| 359 |
return |
|
| 349 |
ALLOWED_CHECKS = [ |
|
| 350 |
(lambda u, a: not u or u.is_project_admin()), |
|
| 351 |
(lambda u, a: a.owner == u), |
|
| 352 |
(lambda u, a: a.applicant == u), |
|
| 353 |
(lambda u, a: a.chain.overall_state() == Project.O_ACTIVE |
|
| 354 |
or bool(a.chain.projectmembership_set.any_accepted().filter(person=u))), |
|
| 355 |
] |
|
| 356 |
|
|
| 357 |
ADMIN_LEVEL = 0 |
|
| 358 |
OWNER_LEVEL = 1 |
|
| 359 |
APPLICANT_LEVEL = 2 |
|
| 360 |
ANY_LEVEL = 3 |
|
| 361 |
|
|
| 362 |
|
|
| 363 |
def _check_yield(b, silent=False): |
|
| 364 |
if b: |
|
| 365 |
return True |
|
| 360 | 366 |
|
| 361 |
if not admin_only and application.owner == request_user:
|
|
| 362 |
return |
|
| 367 |
if silent:
|
|
| 368 |
return False
|
|
| 363 | 369 |
|
| 364 | 370 |
m = _(astakos_messages.NOT_ALLOWED) |
| 365 | 371 |
raise ProjectForbidden(m) |
| 366 | 372 |
|
| 367 | 373 |
|
| 374 |
def membership_check_allowed(membership, request_user, |
|
| 375 |
level=OWNER_LEVEL, silent=False): |
|
| 376 |
r = project_check_allowed( |
|
| 377 |
membership.project, request_user, level, silent=True) |
|
| 378 |
|
|
| 379 |
return _check_yield(r or membership.person == request_user, silent) |
|
| 380 |
|
|
| 381 |
|
|
| 382 |
def project_check_allowed(project, request_user, |
|
| 383 |
level=OWNER_LEVEL, silent=False): |
|
| 384 |
return app_check_allowed(project.application, request_user, level, silent) |
|
| 385 |
|
|
| 386 |
|
|
| 387 |
def app_check_allowed(application, request_user, |
|
| 388 |
level=OWNER_LEVEL, silent=False): |
|
| 389 |
checks = (f(request_user, application) for f in ALLOWED_CHECKS[:level+1]) |
|
| 390 |
return _check_yield(any(checks), silent) |
|
| 391 |
|
|
| 392 |
|
|
| 368 | 393 |
def checkAlive(project): |
| 369 | 394 |
if not project.is_alive: |
| 370 | 395 |
m = _(astakos_messages.NOT_ALIVE_PROJECT) % project.id |
| ... | ... | |
| 372 | 397 |
|
| 373 | 398 |
|
| 374 | 399 |
def accept_membership_project_checks(project, request_user): |
| 375 |
checkAllowed(project, request_user)
|
|
| 400 |
project_check_allowed(project, request_user)
|
|
| 376 | 401 |
checkAlive(project) |
| 377 | 402 |
|
| 378 | 403 |
join_policy = project.application.member_join_policy |
| ... | ... | |
| 414 | 439 |
raise ProjectConflict(m) |
| 415 | 440 |
|
| 416 | 441 |
project = membership.project |
| 417 |
checkAllowed(project, request_user)
|
|
| 442 |
project_check_allowed(project, request_user)
|
|
| 418 | 443 |
checkAlive(project) |
| 419 | 444 |
|
| 420 | 445 |
|
| ... | ... | |
| 436 | 461 |
m = _(astakos_messages.NOT_MEMBERSHIP_REQUEST) |
| 437 | 462 |
raise ProjectConflict(m) |
| 438 | 463 |
|
| 439 |
if membership.person != request_user: |
|
| 440 |
msg = _(astakos_messages.NOT_ALLOWED) |
|
| 441 |
raise ProjectForbidden(msg) |
|
| 442 |
|
|
| 464 |
membership_check_allowed(membership, request_user, level=ADMIN_LEVEL) |
|
| 443 | 465 |
project = membership.project |
| 444 | 466 |
checkAlive(project) |
| 445 | 467 |
|
| ... | ... | |
| 459 | 481 |
raise ProjectConflict(m) |
| 460 | 482 |
|
| 461 | 483 |
project = membership.project |
| 462 |
checkAllowed(project, request_user)
|
|
| 484 |
project_check_allowed(project, request_user)
|
|
| 463 | 485 |
checkAlive(project) |
| 464 | 486 |
|
| 465 | 487 |
leave_policy = project.application.member_leave_policy |
| ... | ... | |
| 513 | 535 |
m = _(astakos_messages.NOT_ACCEPTED_MEMBERSHIP) |
| 514 | 536 |
raise ProjectConflict(m) |
| 515 | 537 |
|
| 516 |
if membership.person != request_user: |
|
| 517 |
msg = _(astakos_messages.NOT_ALLOWED) |
|
| 518 |
raise ProjectForbidden(msg) |
|
| 519 |
|
|
| 538 |
membership_check_allowed(membership, request_user, level=ADMIN_LEVEL) |
|
| 520 | 539 |
project = membership.project |
| 521 | 540 |
checkAlive(project) |
| 522 | 541 |
|
| ... | ... | |
| 649 | 668 |
project = None |
| 650 | 669 |
if project_id is not None: |
| 651 | 670 |
project = get_project_for_update(project_id) |
| 652 |
|
|
| 653 |
if (request_user and |
|
| 654 |
(not project.application.owner == request_user and |
|
| 655 |
not request_user.is_superuser |
|
| 656 |
and not request_user.is_project_admin())): |
|
| 657 |
m = _(astakos_messages.NOT_ALLOWED) |
|
| 658 |
raise ProjectForbidden(m) |
|
| 671 |
project_check_allowed(project, request_user, level=APPLICANT_LEVEL) |
|
| 659 | 672 |
|
| 660 | 673 |
policies = validate_resource_policies(resources) |
| 661 | 674 |
|
| ... | ... | |
| 744 | 757 |
def cancel_application(application_id, request_user=None, reason=""): |
| 745 | 758 |
get_project_of_application_for_update(application_id) |
| 746 | 759 |
application = get_application(application_id) |
| 747 |
checkAllowed(application, request_user)
|
|
| 760 |
app_check_allowed(application, request_user, level=APPLICANT_LEVEL)
|
|
| 748 | 761 |
|
| 749 | 762 |
if not application.can_cancel(): |
| 750 | 763 |
m = _(astakos_messages.APPLICATION_CANNOT_CANCEL % |
| ... | ... | |
| 760 | 773 |
def dismiss_application(application_id, request_user=None, reason=""): |
| 761 | 774 |
get_project_of_application_for_update(application_id) |
| 762 | 775 |
application = get_application(application_id) |
| 763 |
checkAllowed(application, request_user)
|
|
| 776 |
app_check_allowed(application, request_user, level=APPLICANT_LEVEL)
|
|
| 764 | 777 |
|
| 765 | 778 |
if not application.can_dismiss(): |
| 766 | 779 |
m = _(astakos_messages.APPLICATION_CANNOT_DISMISS % |
| ... | ... | |
| 775 | 788 |
get_project_of_application_for_update(application_id) |
| 776 | 789 |
application = get_application(application_id) |
| 777 | 790 |
|
| 778 |
checkAllowed(application, request_user, admin_only=True)
|
|
| 791 |
app_check_allowed(application, request_user, level=ADMIN_LEVEL)
|
|
| 779 | 792 |
|
| 780 | 793 |
if not application.can_deny(): |
| 781 | 794 |
m = _(astakos_messages.APPLICATION_CANNOT_DENY % |
| ... | ... | |
| 809 | 822 |
project = get_project_of_application_for_update(app_id) |
| 810 | 823 |
application = get_application(app_id) |
| 811 | 824 |
|
| 812 |
checkAllowed(application, request_user, admin_only=True)
|
|
| 825 |
app_check_allowed(application, request_user, level=ADMIN_LEVEL)
|
|
| 813 | 826 |
|
| 814 | 827 |
if not application.can_approve(): |
| 815 | 828 |
m = _(astakos_messages.APPLICATION_CANNOT_APPROVE % |
| ... | ... | |
| 850 | 863 |
|
| 851 | 864 |
def terminate(project_id, request_user=None): |
| 852 | 865 |
project = get_project_for_update(project_id) |
| 853 |
checkAllowed(project, request_user, admin_only=True)
|
|
| 866 |
project_check_allowed(project, request_user, level=ADMIN_LEVEL)
|
|
| 854 | 867 |
checkAlive(project) |
| 855 | 868 |
|
| 856 | 869 |
project.terminate() |
| ... | ... | |
| 862 | 875 |
|
| 863 | 876 |
def suspend(project_id, request_user=None): |
| 864 | 877 |
project = get_project_for_update(project_id) |
| 865 |
checkAllowed(project, request_user, admin_only=True)
|
|
| 878 |
project_check_allowed(project, request_user, level=ADMIN_LEVEL)
|
|
| 866 | 879 |
checkAlive(project) |
| 867 | 880 |
|
| 868 | 881 |
project.suspend() |
| ... | ... | |
| 874 | 887 |
|
| 875 | 888 |
def resume(project_id, request_user=None): |
| 876 | 889 |
project = get_project_for_update(project_id) |
| 877 |
checkAllowed(project, request_user, admin_only=True)
|
|
| 890 |
project_check_allowed(project, request_user, level=ADMIN_LEVEL)
|
|
| 878 | 891 |
|
| 879 | 892 |
if not project.is_suspended: |
| 880 | 893 |
m = _(astakos_messages.NOT_SUSPENDED_PROJECT) % project.id |
Also available in: Unified diff