« back to all changes in this revision
Viewing changes to ivle/webapp/userservice/__init__.py
- browse files at revision 1606
- compare with another revision
- compare with revision 1839
- download diff
- download tarball
- view history from revision 1606
- Committer: William Grant
- Date: 2010-02-16 04:11:46 UTC
- Revision ID: grantw@unimelb.edu.au-20100216041146-rvfbuwin7fncc0nw
Restrict privileges on group-related userservice actions to users with admin_groups on the offering.
- files modified:
- ivle/rpc/decorators.py
added
removed
ivle/webapp/userservice/__init__.py
109
109
from ivle.webapp.security import get_user_details
110
110
import ivle.pulldown_subj
111
111
112
from ivle.rpc.decorators import require_method, require_role_anywhere, \
113
require_admin
112
from ivle.rpc.decorators import require_method, require_admin
114
113
115
114
from ivle.auth import AuthError, authenticate
116
115
import urllib
285
284
286
285
offering = req.store.get(ivle.database.Offering, offeringid)
287
286
287
if 'admin_groups' not in offering.get_permissions(req.user, req.config):
288
raise Unauthorized()
289
288
290
dict_projectsets = []
289
291
for p in offering.project_sets:
290
292
dict_projectsets.append({
299
301
req.write(response)
300
302
301
303
@require_method('POST')
302
@require_role_anywhere('tutor', 'lecturer')
303
304
def handle_create_group(req, fields):
304
305
"""Required cap: CAP_MANAGEGROUPS
305
306
Creates a project group in a specific project set
321
322
except:
322
323
raise BadRequest("projectsetid must be an integer")
323
324
325
projectset = req.store.get(ivle.database.ProjectSet, projectsetid)
326
if projectset is None:
327
raise BadRequest("Invalid projectsetid")
328
if 'admin_groups' not in projectset.offering.get_permissions(
329
req.user, req.config):
330
raise Unauthorized()
331
324
332
# Get optional fields
325
333
nick = fields.getfirst('nick').value
326
334
if nick is not None:
327
335
nick = unicode(nick)
328
336
329
337
group = ivle.database.ProjectGroup(name=groupnm,
330
project_set_id=projectsetid,
338
project_set=projectset,
331
339
nick=nick,
332
340
created_by=req.user,
333
341
epoch=datetime.datetime.now())
389
397
raise BadRequest("offeringid must be an integer")
390
398
offering = req.store.get(ivle.database.Offering, offeringid)
391
399
400
if 'admin_groups' not in offering.get_permissions(req.user, req.config):
401
raise Unauthorized()
392
402
393
403
offeringmembers = [{'login': user.login,
394
404
'fullname': user.fullname
413
423
req.write(response)
414
424
415
425
@require_method('POST')
416
@require_role_anywhere('tutor', 'lecturer')
417
426
def handle_assign_group(req, fields):
418
427
""" Required cap: CAP_MANAGEGROUPS
419
428
Assigns a user to a project group
429
438
group = req.store.get(ivle.database.ProjectGroup, int(groupid))
430
439
user = ivle.database.User.get_by_login(req.store, login)
431
440
441
if 'admin_groups' not in group.project_set.offering.get_permissions(
442
req.user, req.config):
443
raise Unauthorized()
444
432
445
# Add membership to database
433
446
# We can't keep a transaction open until the end here, as usrmgt-server
434
447
# needs to see the changes!
454
467
return(cjson.encode({'response': 'okay'}))
455
468
456
469
@require_method('POST')
457
@require_role_anywhere('tutor', 'lecturer')
458
470
def handle_unassign_group(req, fields):
459
471
"""Remove a user from a project group.
460
472
473
485
group = req.store.get(ivle.database.ProjectGroup, int(groupid))
474
486
user = ivle.database.User.get_by_login(req.store, login)
475
487
488
if 'admin_groups' not in group.project_set.offering.get_permissions(
489
req.user, req.config):
490
raise Unauthorized()
491
476
492
# Remove membership from the database
477
493
# We can't keep a transaction open until the end here, as usrmgt-server
478
494
# needs to see the changes!
Loggerhead is a web-based interface for Breezy
Version: 2.0.1