From 060a19efd498ebf156bcc02bb36d9b1c2dc37119 Mon Sep 17 00:00:00 2001 From: Andrew Williams Date: Sat, 10 Dec 2011 18:49:12 +0000 Subject: [PATCH] Add restrictions based on API key accessMask --- app/hr/admin.py | 2 +- app/hr/forms.py | 18 +++++++++++++----- app/hr/models.py | 6 ++++-- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/app/hr/admin.py b/app/hr/admin.py index fe40bcf..761c234 100644 --- a/app/hr/admin.py +++ b/app/hr/admin.py @@ -41,7 +41,7 @@ class BlacklistSourceAdmin(admin.ModelAdmin): admin.site.register(BlacklistSource, BlacklistSourceAdmin) class ApplicationConfigAdmin(admin.ModelAdmin): - list_display = ('corporation', 'is_accepting', 'api_required', 'api_view') + list_display = ('corporation', 'is_accepting', 'api_required', 'api_accessmask', 'api_view') admin.site.register(ApplicationConfig, ApplicationConfigAdmin) diff --git a/app/hr/forms.py b/app/hr/forms.py index 9eb877f..e3bec66 100644 --- a/app/hr/forms.py +++ b/app/hr/forms.py @@ -38,9 +38,9 @@ class ApplicationForm(forms.Form): corporation = forms.ModelChoiceField(queryset=EVEPlayerCorporation.objects.filter(application_config__is_accepting=True), required=True, empty_label=None) def __init__(self, *args, **kwargs): - user = kwargs.pop('user', None) + self.user = kwargs.pop('user', None) super(ApplicationForm, self).__init__(*args, **kwargs) - self.fields['character'].queryset = EVEPlayerCharacter.objects.filter(eveaccount__user=user, eveaccount__api_status=API_STATUS_OK).distinct() + self.fields['character'].queryset = EVEPlayerCharacter.objects.filter(eveaccount__user=self.user, eveaccount__api_status=API_STATUS_OK).distinct() def clean_character(self): if not 'character' in self.cleaned_data or not self.cleaned_data['character']: @@ -57,9 +57,17 @@ class ApplicationForm(forms.Form): if char and corp: if char.corporation == corp: - raise forms.ValidationError("%s is already a member of %s" % (char, corp)) - if not char.account.api_keytype == corp.application_config.api_required: - raise forms.ValidationError("%s requires a %s API key for this application" % (corp, corp.application_config.get_api_required_display())) + raise forms.ValidationError("%s is already a member of %s." % (char, corp)) + if not char.eveaccount_set.filter(user=self.user, api_keytype=corp.application_config.api_required).count(): + raise forms.ValidationError("%s requires a %s API key for this application." % (corp, corp.application_config.get_api_required_display())) + if corp.application_config.api_accessmask: + access = False + for acc in char.eveaccount_set.filter(user=self.user, api_keytype=corp.application_config.api_required): + if acc.check_access(corp.application_config.api_accessmask): + access = True + break + if not access: + raise forms.ValidationError("%s requires a API key with greater access than the one you have added, please add a key with the correct access." % (corp, corp.application_config.api_accessmask)) return self.cleaned_data diff --git a/app/hr/models.py b/app/hr/models.py index 78f80da..7730239 100644 --- a/app/hr/models.py +++ b/app/hr/models.py @@ -167,8 +167,10 @@ class ApplicationConfig(models.Model): corporation = models.OneToOneField(EVEPlayerCorporation, blank=False, verbose_name="Corporation", related_name="application_config") is_accepting = models.BooleanField(verbose_name="Accepting Applications", help_text="Defines if the corporation is accepting applications") - api_required = models.IntegerField(choices=API_KEYTYPE_CHOICES, default=1, verbose_name="Minimum API Key Level", - help_text="This defines the minimum level of API needed to create a application") + api_required = models.IntegerField(choices=API_KEYTYPE_CHOICES, default=1, verbose_name="API Key Type", + help_text="This defines the type of API key needed to create a application") + api_accessmask = models.IntegerField(verbose_name="Minimum Access Level", + help_text="Defines the minimum level API accepted as valid, provided as a CAK accessMask") api_view = models.BooleanField(verbose_name="View Applicant APIs", help_text="This allows HR staff to see the applicant's API keys")