From 5f95551114d77fadc4a0dc525aa7df42ff924923 Mon Sep 17 00:00:00 2001
From: gfawcett <gfawcett@6d9bc8c9-1ec2-4278-b937-99fde70a366f>
Date: Thu, 13 Jan 2011 00:49:53 +0000
Subject: [PATCH] added "Restricted" access level: auth'd users may browse, but
 only members can download ELEC documents.

At the request of the Leddy team.

git-svn-id: svn://svn.open-ils.org/ILS-Contrib/servres/trunk@1194 6d9bc8c9-1ec2-4278-b937-99fde70a366f
---
 conifer/syrup/models.py                    | 20 +++++++++++++++++---
 conifer/syrup/views/items.py               |  9 +++++++++
 conifer/syrup/views/sites.py               |  3 ++-
 conifer/templates/components/site.xhtml    |  7 ++++++-
 conifer/templates/item/item_metadata.xhtml |  2 +-
 5 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/conifer/syrup/models.py b/conifer/syrup/models.py
index 3cabd0b..e8cd4e0 100644
--- a/conifer/syrup/models.py
+++ b/conifer/syrup/models.py
@@ -236,6 +236,7 @@ class Site(BaseModel):
     ACCESS_CHOICES = [
         ('ANON',  _('World-accessible')),
         ('LOGIN', _('Accessible to all logged-in users')),
+        ('RESTR', _('Accessible to all logged-in users, but only course-site members can read electronic documents.')),
         ('MEMBR', _('Accessible to course-site members')),
         ('CLOSE', _('Accessible only to course-site owners'))]
 
@@ -406,7 +407,7 @@ class Site(BaseModel):
             return True
         if not user.is_authenticated():
             return False
-        if level == 'LOGIN':
+        if level in ('LOGIN', 'RESTR'):
             return True
         memberships = self.members().filter(user=user)
         if not memberships:
@@ -419,6 +420,19 @@ class Site(BaseModel):
             raise Exception('Cannot determine access level '
                             'for user %s in site %s' % (user, self))
 
+    def allows_downloads_to(self, user):
+        """
+        Return True if this site allows this user to download
+        electronic documents. For 'restricted' sites, we allow any
+        logged-in user to visit, but only members can download
+        documents.
+        """
+        level = self.access
+        if level == 'RESTR':
+            return user.is_staff or self.is_member(user)
+        else:
+            return self.is_open_to(user)
+        
     @classmethod
     def taught_by(cls, user):
         """Return a set of Sites for which this user is an Instructor."""
@@ -439,7 +453,7 @@ class Site(BaseModel):
         elif user.is_staff:
             return Q()
         else:
-            return (Q(access__in=('LOGIN','ANON')) \
+            return (Q(access__in=('RESTR','LOGIN','ANON')) \
                         | Q(group__membership__user=user))
 
 #------------------------------------------------------------
@@ -817,7 +831,7 @@ class Item(BaseModel):
         elif user.is_staff:
             return Q()
         else:
-            return (Q(site__access__in=('LOGIN','ANON')) \
+            return (Q(site__access__in=('RESTR','LOGIN','ANON')) \
                         | Q(site__group__membership__user=user))
 
 #------------------------------------------------------------
diff --git a/conifer/syrup/views/items.py b/conifer/syrup/views/items.py
index b51251b..ea74f01 100644
--- a/conifer/syrup/views/items.py
+++ b/conifer/syrup/views/items.py
@@ -27,10 +27,13 @@ def item_metadata(request, site_id, item_id):
         return _heading_detail(request, item)
     else:
         item_declaration_required = item.needs_declaration_from(request.user)
+        access_forbidden = (item.item_type == 'ELEC' 
+                            and not item.site.allows_downloads_to(request.user))
         custom_declaration = callhook('download_declaration')
         return g.render('item/item_metadata.xhtml', site=item.site,
                         item_declaration_required=item_declaration_required,
                         custom_declaration=custom_declaration,
+                        access_forbidden=access_forbidden,
                         item=item)
 
 @members_only
@@ -362,6 +365,12 @@ def item_download(request, site_id, item_id, filename):
     item = get_object_or_404(models.Item, pk=item_id, site__id=site_id)
     assert item.item_type == 'ELEC', _('Can only download ELEC documents!')
 
+    access_forbidden = (item.item_type == 'ELEC' 
+                        and not item.site.allows_downloads_to(request.user))
+    if access_forbidden:
+        return simple_message(_('Access denied.'), 
+                              _('Sorry, but you are not allowed to access this resource.'))
+
     # don't allow download of items that need a declaration.
     item_declaration_required = item.needs_declaration_from(request.user)
     if item_declaration_required:
diff --git a/conifer/syrup/views/sites.py b/conifer/syrup/views/sites.py
index cc81790..35f6899 100644
--- a/conifer/syrup/views/sites.py
+++ b/conifer/syrup/views/sites.py
@@ -87,7 +87,8 @@ def edit_site_permissions(request, site_id):
     # the ones in 'models'.
     choices = [
         (u'ANON',  _(u'Everyone: no login required.')),
-        (u'LOGIN', _(u'Members and non-members: login required.')),
+        (u'LOGIN', _(u'Login required.')),
+        (u'RESTR', _(u'Login required; only members can access electronic documents.')),
         (u'MEMBR', _(u'Members only.')),
         (u'CLOSE', _(u'Instructors only: this site is closed.')),
         ]
diff --git a/conifer/templates/components/site.xhtml b/conifer/templates/components/site.xhtml
index 509b099..5c9eda6 100644
--- a/conifer/templates/components/site.xhtml
+++ b/conifer/templates/components/site.xhtml
@@ -1,5 +1,6 @@
 <?python
 searchtext = _('search this site...')
+downloads_allowed = site.allows_downloads_to(user)
 ?>
 <html xmlns="http://www.w3.org/1999/xhtml"
       xmlns:py="http://genshi.edgewall.org/"
@@ -69,7 +70,11 @@ searchtext = _('search this site...')
       <div class="availability avail_nonphys" py:if="item.item_type != 'PHYS'">
       </div>
       <div class="mainline ${item.item_type=='HEADING' and 'headingmainline' or ''}">
-		<a href="${item.item_url()}" class="mainlink">${item}</a> 
+	<span py:if="item.item_type=='ELEC' and not downloads_allowed">
+	  <img title="Sorry, this document is not available to you."
+	       src="${ROOT}/static/tango/lock.png"/></span>
+	  <a href="${item.item_url()}" class="mainlink"
+	     py:strip="item.item_type=='ELEC' and not downloads_allowed">${item}</a> 
       </div>
       <div class="author_pub" py:if="item.author or item.publisher or item.published">
 	<span py:with="vt=item.video_type()"><span class="videotype" py:if="vt">[${vt}]</span></span>
diff --git a/conifer/templates/item/item_metadata.xhtml b/conifer/templates/item/item_metadata.xhtml
index a4804b4..4bc550b 100644
--- a/conifer/templates/item/item_metadata.xhtml
+++ b/conifer/templates/item/item_metadata.xhtml
@@ -62,7 +62,7 @@ callnum = item.call_number()
       <tr py:if="item.url"><th>URL</th><td><a href="${item.url}">${item.url}</a></td></tr>
     </table>
 
-    <div py:if="item.item_type=='ELEC'">
+    <div py:if="item.item_type=='ELEC' and not access_forbidden">
       <h2 class="metadata_subhead">Download the document</h2>
       <div class="errors" py:if="not item.copyright_status_ok()">
 	Note: this item is awaiting <a href="edit/">copyright clearance</a>. Only staff and instructors may download it.
-- 
2.11.0