Commit bf0c0a2a authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

Perform membership checks during add member form validation

parent 366b281c
......@@ -52,11 +52,12 @@ from django.db import transaction
from django.utils.encoding import smart_unicode
from django.core import validators
from django.contrib.auth.models import AnonymousUser
from django.core.exceptions import PermissionDenied
from astakos.im.models import (
AstakosUser, EmailChange, Invitation,
Resource, PendingThirdPartyUser, get_latest_terms, RESOURCE_SEPARATOR,
ProjectApplication)
ProjectApplication, Project)
from astakos.im.settings import (
INVITATIONS_PER_LEVEL, BASEURL, SITENAME, RECAPTCHA_PRIVATE_KEY,
RECAPTCHA_ENABLED, DEFAULT_CONTACT_EMAIL, LOGGING_LEVEL,
......@@ -64,7 +65,8 @@ from astakos.im.settings import (
MODERATION_ENABLED, PROJECT_MEMBER_JOIN_POLICIES,
PROJECT_MEMBER_LEAVE_POLICIES)
from astakos.im.widgets import DummyWidget, RecaptchaWidget
from astakos.im.functions import send_change_email, submit_application
from astakos.im.functions import (
send_change_email, submit_application, do_accept_membership_checks)
from astakos.im.util import reserved_email, get_query, model_to_dict
from astakos.im import auth_providers
......@@ -102,7 +104,8 @@ class LocalUserCreationForm(UserCreationForm, StoreUserMixin):
"""
Extends the built in UserCreationForm in several ways:
* Adds email, first_name, last_name, recaptcha_challenge_field, recaptcha_response_field field.
* Adds email, first_name, last_name, recaptcha_challenge_field,
* recaptcha_response_field field.
* The username field isn't visible and it is assigned a generated id.
* User created is not active.
"""
......@@ -841,17 +844,29 @@ class ProjectSortForm(forms.Form):
class AddProjectMembersForm(forms.Form):
q = forms.CharField(
max_length=800, widget=forms.Textarea, label=_('Add members'),
help_text=_(astakos_messages.ADD_PROJECT_MEMBERS_Q_HELP),
required=True)
help_text=_(astakos_messages.ADD_PROJECT_MEMBERS_Q_HELP), required=True)
def __init__(self, *args, **kwargs):
application_id = kwargs.pop('application_id', None)
if application_id:
self.project = Project.objects.get(application__id=application_id)
self.request_user = kwargs.pop('request_user', None)
super(AddProjectMembersForm, self).__init__(*args, **kwargs)
def clean(self):
try:
do_accept_membership_checks(self.project, self.request_user)
except PermissionDenied, e:
raise forms.ValidationError(e)
q = self.cleaned_data.get('q') or ''
users = q.split(',')
users = list(u.strip() for u in users if u)
db_entries = AstakosUser.objects.filter(email__in=users)
unknown = list(set(users) - set(u.email for u in db_entries))
if unknown:
raise forms.ValidationError(_(astakos_messages.UNKNOWN_USERS) % ','.join(unknown))
raise forms.ValidationError(
_(astakos_messages.UNKNOWN_USERS) % ','.join(unknown))
self.valid_users = db_entries
return self.cleaned_data
......
......@@ -444,9 +444,7 @@ def accept_membership(project_application_id, user, request_user=None):
project_id = get_project_id_of_application_id(project_application_id)
return do_accept_membership(project_id, user, request_user)
def do_accept_membership(project_id, user, request_user=None):
project = get_project_for_update(project_id)
def do_accept_membership_checks(project, request_user):
if request_user and \
(not project.application.owner == request_user and \
not request_user.is_superuser):
......@@ -462,6 +460,13 @@ def do_accept_membership(project_id, user, request_user=None):
if project.violates_members_limit(adding=1):
raise PermissionDenied(_(astakos_messages.MEMBER_NUMBER_LIMIT_REACHED))
def do_accept_membership(
project_id, user, request_user=None, bypass_checks=False):
project = get_project_for_update(project_id)
if not bypass_checks:
do_accept_membership_checks(project, request_user)
membership = get_membership_for_update(project, user)
membership.accept()
trigger_sync()
......@@ -487,16 +492,22 @@ def reject_membership(project_application_id, user, request_user=None):
project_id = get_project_id_of_application_id(project_application_id)
return do_reject_membership(project_id, user, request_user)
def do_reject_membership(project_id, user, request_user=None):
project = get_project_for_update(project_id)
def do_reject_membership_checks(project, request_user):
if request_user and \
(not project.application.owner == request_user and \
not request_user.is_superuser):
raise PermissionDenied(_(astakos_messages.NOT_ALLOWED))
if not project.is_alive:
raise PermissionDenied(_(astakos_messages.NOT_ALIVE_PROJECT) % project.__dict__)
raise PermissionDenied(
_(astakos_messages.NOT_ALIVE_PROJECT) % project.__dict__)
def do_reject_membership(
project_id, user, request_user=None, bypass_checks=False):
project = get_project_for_update(project_id)
if not bypass_checks:
do_reject_membership_checks(project, request_user)
membership = get_membership_for_update(project, user)
membership.reject()
......@@ -521,15 +532,21 @@ def remove_membership(project_application_id, user, request_user=None):
project_id = get_project_id_of_application_id(project_application_id)
return do_remove_membership(project_id, user, request_user)
def do_remove_membership(project_id, user, request_user=None):
project = get_project_for_update(project_id)
def do_remove_membership_checks(project, membership):
if request_user and \
(not project.application.owner == request_user and \
not request_user.is_superuser):
raise PermissionDenied(_(astakos_messages.NOT_ALLOWED))
if not project.is_alive:
raise PermissionDenied(_(astakos_messages.NOT_ALIVE_PROJECT) % project.__dict__)
raise PermissionDenied(
_(astakos_messages.NOT_ALIVE_PROJECT) % project.__dict__)
def do_remove_membership(
project_id, user, request_user=None, bypass_checks=False):
project = get_project_for_update(project_id)
if not bypass_checks:
do_remove_membership_checks(project, request_user)
leave_policy = project.application.member_leave_policy
if leave_policy == CLOSED_POLICY:
......@@ -557,7 +574,8 @@ def enroll_member(project_application_id, user, request_user=None):
def do_enroll_member(project_id, user, request_user=None):
membership = create_membership(project_id, user)
return do_accept_membership(project_id, user, request_user)
return do_accept_membership(
project_id, user, request_user, bypass_checks=True)
def leave_project(project_application_id, user_id):
"""
......@@ -568,9 +586,7 @@ def leave_project(project_application_id, user_id):
project_id = get_project_id_of_application_id(project_application_id)
return do_leave_project(project_id, user_id)
def do_leave_project(project_id, user_id):
project = get_project_for_update(project_id)
def do_leave_project_checks(project):
if not project.is_alive:
m = _(astakos_messages.NOT_ALIVE_PROJECT) % project.__dict__
raise PermissionDenied(m)
......@@ -579,6 +595,12 @@ def do_leave_project(project_id, user_id):
if leave_policy == CLOSED_POLICY:
raise PermissionDenied(_(astakos_messages.MEMBER_LEAVE_POLICY_CLOSED))
def do_leave_project(project_id, user_id, bypass_checks=False):
project = get_project_for_update(project_id)
if not bypass_checks:
do_leave_project_checks(projetc)
membership = get_membership_for_update(project, user_id)
if leave_policy == AUTO_ACCEPT_POLICY:
membership.remove()
......@@ -597,9 +619,7 @@ def join_project(project_application_id, user_id):
project_id = get_project_id_of_application_id(project_application_id)
return do_join_project(project_id, user_id)
def do_join_project(project_id, user_id):
project = get_project_for_update(project_id)
def do_join_project_checks(project):
if not project.is_alive:
m = _(astakos_messages.NOT_ALIVE_PROJECT) % project.__dict__
raise PermissionDenied(m)
......@@ -608,6 +628,12 @@ def do_join_project(project_id, user_id):
if join_policy == CLOSED_POLICY:
raise PermissionDenied(_(astakos_messages.MEMBER_JOIN_POLICY_CLOSED))
def do_join_project(project_id, user_id, bypass_checks=False):
project = get_project_for_update(project_id)
if not bypass_checks:
do_join_project_checks(project)
membership = create_membership(project, user_id)
if (join_policy == AUTO_ACCEPT_POLICY and
......@@ -617,7 +643,8 @@ def do_join_project(project_id, user_id):
return membership
def submit_application(
application, resource_policies, applicant, comments, precursor_application=None):
application, resource_policies, applicant, comments,
precursor_application=None):
application.submit(
resource_policies, applicant, comments, precursor_application)
......
......@@ -1097,7 +1097,10 @@ def project_update(request, application_id):
def project_detail(request, application_id):
addmembers_form = AddProjectMembersForm()
if request.method == 'POST':
addmembers_form = AddProjectMembersForm(request.POST)
addmembers_form = AddProjectMembersForm(
request.POST,
application_id=int(application_id),
request_user=request.user)
if addmembers_form.is_valid():
try:
rollback = False
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment