Changeset f78b0c in indico

Timestamp:

02/18/10 18:21:33 (3 years ago)

Author:

Pedro Ferreira <jose.pedro.ferreira@…>

Branches:

master, burotel, hello-world-walkthrough, ipv6, new-webex, prov-dual-interface, v0.97-series, v0.98-series, v0.98.2, v0.98.3, v0.98b1, v0.98b2, v0.99, 051b2622c51afb171a1dedb46a0df4fbb0cbd02e, d9941f8582b36b24821a11ea5ba16fda6a457fb1

Children:

d73a0b

Parents:

b7c7c8

Message:

[FIX] Added verification to user basket listing

• so that it doesn't fail when people are using access keys;
• fixes #206
• made the timetable access key-enabled - slight refactoring of the services;

Location:

indico/MaKaC

Files:

• services/implementation/base.py (modified) (6 diffs)
• services/implementation/user.py (modified) (6 diffs)
• webinterface/wcomponents.py (modified) (1 diff)

indico/MaKaC/services/implementation/base.py

@@ -249 +249 @@
 
 
-
 class ProtectedService(ServiceBase):
     """
-    A ProtectedService can only be accessed by authenticated users
-    """
-
-    def _checkSessionUser(self):
-        """
-        Checks that the current user exists (is authenticated)
-        """
-        if self._getUser() == None:
-            self._doProcess = False
-            raise ServiceAccessError("ERR-P4", "You are currently not authenticated. Please log in again.")
-
-    def _checkProtection(self):
-        """
-        Overloads ServiceBase._checkProtection, assuring that the user
-        is authenticated
-        """
-        ServiceBase._checkProtection(self)
-        self._checkSessionUser()
+    ProtectedService is a parent class for ProtectedDisplayService and ProtectedModificationService
+    """
 
 
@@ -277 +260 @@
     are authorized to "see" the target resource
     """
-    
+
     def _checkProtection( self ):
         """
@@ -284 +267 @@
         """
         if not self._target.canView( self.getAW() ):
-            
+
             from MaKaC.conference import Link, LocalFile
 
@@ -304 +287 @@
 class LoggedOnlyService(ProtectedService):
     """
-    Nothing new relating to ProtectedService,
-    but the name is nicer, and didn't want to break
-    the Protected(.*)Service name scheme
-    """
-    pass
-
-            
+    Only accessible to users who are logged in (access keys not allowed)
+    """
+
+    def _checkProtection( self ):
+        self._checkSessionUser()
+
+    def _checkSessionUser(self):
+        """
+        Checks that the current user exists (is authenticated)
+        """
+
+        if self._getUser() == None:
+            self._doProcess = False
+            raise ServiceAccessError("ERR-P4", "You are currently not authenticated. Please log in again.")
+
+
 
 class ProtectedModificationService(ProtectedService):
@@ -338 +330 @@
                 raise ServiceAccessError("ERR-P6", "Conference %s is closed"%target.getConference().getId())
 
-class AdminService(ProtectedService):
+class AdminService(LoggedOnlyService):
     """
     A AdminService can only be accessed by administrators
@@ -347 +339 @@
         """
 
-        ProtectedService._checkProtection(self)
+        LoggedOnlyService._checkProtection(self)
 
         if not self._getUser().isAdmin():

indico/MaKaC/services/implementation/user.py

@@ -1 +1 @@
 from MaKaC.services.implementation.base import ProtectedDisplayService
-from MaKaC.services.implementation.base import LoggedOnlyService
+from MaKaC.services.implementation.base import LoggedOnlyService, ProtectedService
 from MaKaC.services.implementation.base import ServiceBase
 
@@ -13 +13 @@
 
 class UserListEvents(LoggedOnlyService):
-    
-    def _checkParams(self):
-        LoggedOnlyService._checkParams(self)
-        
-        self._time = self._params.get('time',None)      
-        self._target = self.getAW().getUser()  
-    
+
+    def _checkParams(self):
+        LoggedOnlyService._checkParams(self)
+
+        self._time = self._params.get('time',None)
+        self._target = self.getAW().getUser()
+
     def __exportElemDataFactory(self, moment):
         return lambda elem: {
@@ -33 +33 @@
             'evtType': elem[0].getVerboseType()
         }
-    
-    def _getAnswer( self):
-        
+
+    def _getAnswer( self):
+
         events = []
-        
+
         self._target.getTimedLinkedEvents().sync()
-        
+
         if (not self._time) or self._time == 'past':
             events.extend( map( self.__exportElemDataFactory('past'),
                                self._target.getTimedLinkedEvents().getPast()))
-        
+
         if (not self._time) or self._time == 'present':
-            events.extend( map(self.__exportElemDataFactory('present'), 
+            events.extend( map(self.__exportElemDataFactory('present'),
                               self._target.getTimedLinkedEvents().getPresent()))
-        
+
         if (not self._time) or self._time == 'future':
-            events.extend( map(self.__exportElemDataFactory('future'), 
+            events.extend( map(self.__exportElemDataFactory('future'),
                               self._target.getTimedLinkedEvents().getFuture()))
-        
+
         jsonData = {}
-        
+
         for event in events:
             if jsonData.has_key(event['id']):
@@ -59 +59 @@
             else:
                 jsonData[event['id']] = event
-        
+
         return jsonData;
 
@@ -105 +105 @@
             else:
                 raise ServiceError("ERR-U2","Element not in list!")
-        
-
-class UserListBasket(LoggedOnlyService):
-    
-    def _checkParams(self):
-        LoggedOnlyService._checkParams(self)  
-        
-        self._target = self.getAW().getUser()
-
-    def _getAnswer( self):
-        
-        users = []
-        
-        userDict = self._target.getPersonalInfo().getBasket().getUsers()
-        
-        for user in userDict.itervalues():
-            users.append(DictPickler.pickle(user))
-            
-        return users
-        
+
+class UserListBasket(ProtectedService):
+
+    """
+    Service that lists the users belonging to the the user's "favorites"
+    Should return None in case the user is not logged in.
+    """
+
+    def _checkParams(self):
+        ProtectedService._checkParams(self)
+
+        self._target = self.getAW().getUser()
+
+    def _getAnswer( self):
+
+        if self._target:
+            users = self._target.getPersonalInfo().getBasket().getUsers().values()
+            return DictPickler.pickle(users)
+        else:
+            return None
+
+
 class UserGetPersonalInfo(LoggedOnlyService):
-    
-    def _checkParams(self):
-        LoggedOnlyService._checkParams(self)  
-        
-        self._target = self.getAW().getUser()
-       
-
-    def _getAnswer( self):            
+
+    def _checkParams(self):
+        LoggedOnlyService._checkParams(self)
+
+        self._target = self.getAW().getUser()
+
+
+    def _getAnswer( self):
         return DictPickler.pickle(self._target.getPersonalInfo())
 
 class UserGetEmail(LoggedOnlyService):
-    
-    def _checkParams(self):
-        LoggedOnlyService._checkParams(self)          
-        self._target = self.getAW().getUser()
-       
+
+    def _checkParams(self):
+        LoggedOnlyService._checkParams(self)
+        self._target = self.getAW().getUser()
+
 
     def _getAnswer( self):
@@ -150 +152 @@
 
 class UserSetPersonalInfo(LoggedOnlyService):
-    
-    def _checkParams(self):
-        LoggedOnlyService._checkParams(self)  
-        
+
+    def _checkParams(self):
+        LoggedOnlyService._checkParams(self)
+
         self._target = self.getAW().getUser()
         self._info = self._params.get("value",None)
 
     def _getAnswer( self):
-        
+
         if self._info == None:
             return UserGetPersonalInfo(self._params, self._aw.getIP(), self._aw.getSession()).process()
-        
+
         pInfo = self._target.getPersonalInfo()
-        
+
         DictPickler.update(pInfo, self._info)
         return DictPickler.pickle(pInfo)

indico/MaKaC/webinterface/wcomponents.py

@@ -4331 +4331 @@
     def __addBasketPeople(self, peopleList):
 
-        basket = self._rh._getUser().getPersonalInfo().getBasket().getUsers()
-
-        peopleList += """<option value=""></option>"""
-
-        for userId in basket:
-            peopleList += """<option class="favoriteItem" value="%s">%s</option>"""%(userId,basket[userId].getStraightFullName())
-
-        return peopleList
+        user = self._rh._getUser()
+
+        # add extra options if the user is logged in
+        if user:
+            basket = user.getPersonalInfo().getBasket().getUsers()
+
+            peopleList += """<option value=""></option>"""
+
+            for userId in basket:
+                peopleList += """<option class="favoriteItem" value="%s">%s</option>"""%(userId,basket[userId].getStraightFullName())
+
+            return peopleList
+        # just add nothing if the user is not logged in
+        else:
+            return ""
 
     def __init__(self,personType, displayName=""):