← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/rpc/decorators.py

  • Committer: William Grant
  • Date: 2009-02-24 13:29:44 UTC
  • Revision ID: grantw@unimelb.edu.au-20090224132944-lm29zd1li1rjg77p
Privileges (apart from admin) are now offering-local, not global.

Offering privileges are granted by Enrolment.role, and global admin
by User.admin. ivle.caps is dead.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/rpc/decorators.py
18
18
           func(req, *args, **kwargs)
19
19
        return method_or_die
20
20
 
21
 
class require_cap(object):
22
 
    '''Require that the logged in user has the specified capability.'''
23
 
    def __init__(self, cap):
24
 
        self.cap = cap
 
21
def require_admin(func):
 
22
    '''Require that the logged in user is an admin.'''
 
23
    def admin_or_die(req, *args, **kwargs):
 
24
       if not req.user or not req.user.admin:
 
25
            raise Unauthorized()
 
26
       func(req, *args, **kwargs)
 
27
    return admin_or_die
 
28
 
 
29
class require_role_anywhere(object):
 
30
    '''Require that the logged in user has a role in any offering.'''
 
31
    def __init__(self, *roles):
 
32
        self.roles = roles
25
33
 
26
34
    def __call__(self, func):
27
 
        def cap_or_die(req, *args, **kwargs):
28
 
           if not req.user or not req.user.hasCap(self.cap):
 
35
        def role_or_die(req, *args, **kwargs):
 
36
            if not req.user:
29
37
                raise Unauthorized()
30
 
           func(req, *args, **kwargs)
31
 
        return cap_or_die
32
 
 
 
38
 
 
39
            if req.user.admin:
 
40
                return func(req, *args, **kwargs)
 
41
 
 
42
            roles = set((e.role for e in req.user.active_enrolments))
 
43
 
 
44
            for role in self.roles:
 
45
                if role in roles:
 
46
                    return func(req, *args, **kwargs)
 
47
            raise Unauthorized()
 
48
        return role_or_die