Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

Fix group prerequisite bug, fix some logic problems.

Browse source
This commit is contained in:
Ricky Zhou (周家杰) 2008-03-18 18:58:38 -04:00
parent 823c7c6743
commit 90064bdb63
1 changed files with 25 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

73
fas/fas/auth.py
View file

@ -17,49 +17,42 @@ def isAdmin(person):
try: try:
if person.group_roles[admingroup].role_status == 'approved': if person.group_roles[admingroup].role_status == 'approved':
return True return True
else:
return False
except KeyError: except KeyError:
return False return False
return False return False
def canAdminGroup(person, group): def canAdminGroup(person, group, role=None):
''' '''
Returns True if the user is allowed to act as an admin for a group Returns True if the user is allowed to act as an admin for a group
''' '''
if isAdmin(person) or (group.owner == person): if isAdmin(person) or (group.owner == person):
return True return True
else: if not role:
try: try:
role = PersonRoles.query.filter_by(group=group, member=person).one() role = PersonRoles.query.filter_by(group=group, member=person).one()
except IndexError: except InvalidRequestError:
''' Not in the group ''' ''' Not in the group '''
return False return False
except InvalidRequestError: if role.role_status == 'approved' and role.role_type == 'administrator':
return False return True
if role.role_status == 'approved' and role.role_type == 'administrator':
return True
return False return False
def canSponsorGroup(person, group): def canSponsorGroup(person, group):
''' '''
Returns True if the user is allowed to act as a sponsor for a group Returns True if the user is allowed to act as a sponsor for a group
''' '''
if isAdmin(person) or \
group.owner == person:
return True
try: try:
if isAdmin(person) or \ role = PersonRoles.query.filter_by(group=group, member=person).one()
group.owner == person: except InvalidRequestError:
return True ''' Not in the group '''
else:
try:
role = PersonRoles.query.filter_by(group=group, member=person).one()
except IndexError:
''' Not in the group '''
return False
if role.role_status == 'approved' and role.role_type == 'sponsor':
return True
return False
except:
return False return False
if (role.role_status == 'approved' and role.role_type == 'sponsor') \
or canAdminGroup(person, group, role):
return True
return False
def isApproved(person, group): def isApproved(person, group):
''' '''
@ -68,8 +61,6 @@ def isApproved(person, group):
try: try:
if person.group_roles[group.name].role_status == 'approved': if person.group_roles[group.name].role_status == 'approved':
return True return True
else:
return False
except KeyError: except KeyError:
return False return False
return False return False
@ -82,8 +73,6 @@ def CLADone(person):
try: try:
if person.group_roles[cla_done_group].role_status == 'approved': if person.group_roles[cla_done_group].role_status == 'approved':
return True return True
else:
return False
except KeyError: except KeyError:
return False return False
return False return False
@ -96,8 +85,7 @@ def canEditUser(person, target):
return True return True
elif isAdmin(person): elif isAdmin(person):
return True return True
else: return False
return False
def canCreateGroup(person, group): def canCreateGroup(person, group):
''' '''
@ -106,8 +94,7 @@ def canCreateGroup(person, group):
# Should groupname restrictions go here? # Should groupname restrictions go here?
if isAdmin(person): if isAdmin(person):
return True return True
else: return False
return False
def canEditGroup(person, group): def canEditGroup(person, group):
''' '''
@ -115,8 +102,7 @@ def canEditGroup(person, group):
''' '''
if canAdminGroup(person, group): if canAdminGroup(person, group):
return True return True
else: return False
return False
def canViewGroup(person, group): def canViewGroup(person, group):
''' '''
@ -126,12 +112,9 @@ def canViewGroup(person, group):
# only people that can admin the group can view it # only people that can admin the group can view it
privilegedViewGroups = config.get('privileged_view_groups') privilegedViewGroups = config.get('privileged_view_groups')
if re.compile(privilegedViewGroups).match(group.name): if re.compile(privilegedViewGroups).match(group.name):
if canAdminGroup(person, group): if not canAdminGroup(person, group):
return True
else:
return False return False
else: return True
return True
def canApplyGroup(person, group, applicant): def canApplyGroup(person, group, applicant):
''' '''
@ -150,9 +133,7 @@ def canApplyGroup(person, group, applicant):
if (person == applicant) or \ if (person == applicant) or \
canSponsorGroup(person, group): canSponsorGroup(person, group):
return True return True
else: return False
turbogears.flash(_('%s membership required before application to this group is allowed') % prerequisite.name)
return False
def canSponsorUser(person, group, target): def canSponsorUser(person, group, target):
''' '''
@ -161,8 +142,7 @@ def canSponsorUser(person, group, target):
# This is just here in case we want to add more complex checks in the future # This is just here in case we want to add more complex checks in the future
if canSponsorGroup(person, group): if canSponsorGroup(person, group):
return True return True
else: return False
return False
def canRemoveUser(person, group, target): def canRemoveUser(person, group, target):
''' '''
@ -177,8 +157,7 @@ def canRemoveUser(person, group, target):
elif ((person == target) and (group.user_can_remove == True)) or \ elif ((person == target) and (group.user_can_remove == True)) or \
canSponsorGroup(person, group): canSponsorGroup(person, group):
return True return True
else: return False
return False
def canUpgradeUser(person, group, target): def canUpgradeUser(person, group, target):
''' '''
@ -194,8 +173,7 @@ def canUpgradeUser(person, group, target):
elif canSponsorGroup(person, group) and \ elif canSponsorGroup(person, group) and \
not canSponsorGroup(target, group): not canSponsorGroup(target, group):
return True return True
else: return False
return False
def canDowngradeUser(person, group, target): def canDowngradeUser(person, group, target):
''' '''
@ -210,6 +188,5 @@ def canDowngradeUser(person, group, target):
elif canSponsorGroup(person, group) and \ elif canSponsorGroup(person, group) and \
not canAdminGroup(person, group): not canAdminGroup(person, group):
return True return True
else: return False
return False