fix access control bug: closed sites are only accessible by instructors.

git-svn-id: svn://svn.open-ils.org/ILS-Contrib/servres/trunk@1121 6d9bc8c9-1ec2-4278-b937-99fde70a366f

diff --git a/conifer/syrup/models.py b/conifer/syrup/models.py
index c09ef78..ca5ff42 100644 (file)
--- a/conifer/syrup/models.py
+++ b/conifer/syrup/models.py
@@ -403,10 +403,24 @@ class Site(BaseModel):
                 or bool(self.members().filter(user=user)))
 
     def is_open_to(self, user):
-        return self.access == 'ANON' \
-            or (self.access == 'LOGIN' and user.is_authenticated()) \
-            or user.is_staff \
-            or self.is_member(user)
+        level = self.access
+        if level == 'ANON' or user.is_staff:
+            return True
+        if not user.is_authenticated():
+            return False
+        if level == 'LOGIN':
+            return True
+        try:
+            mbr = self.members().get(user=user)
+        except:
+            return False
+        if level == 'CLOSE':
+            return mbr.role == u'INSTR'
+        elif level == u'MEMBR':
+            return True
+        else:
+            raise Exception('Cannot determine access level '
+                            'for user %s in site %s' % (user, self))
 
     @classmethod
     def taught_by(cls, user):

diff --git a/conifer/syrup/views/_common.py b/conifer/syrup/views/_common.py
index 2161816..183766e 100644 (file)
--- a/conifer/syrup/views/_common.py
+++ b/conifer/syrup/views/_common.py
@@ -85,6 +85,8 @@ def members_only(handler):
         else:
             if site.access=='LOGIN':
                 msg = _('Please log in, so that you can enter this site.')
+            elif site.access=='CLOSE':
+                msg = _('Sorry, but you can no longer access this site.')
             else:
                 msg = _('Only site members are allowed here.')
             return _access_denied(request, msg)