diff -r 000000000000 -r 0d40e90630ef web/lib/django/contrib/auth/decorators.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/web/lib/django/contrib/auth/decorators.py Wed Jan 20 00:34:04 2010 +0100 @@ -0,0 +1,81 @@ +try: + from functools import update_wrapper +except ImportError: + from django.utils.functional import update_wrapper # Python 2.3, 2.4 fallback. + +from django.contrib.auth import REDIRECT_FIELD_NAME +from django.http import HttpResponseRedirect +from django.utils.http import urlquote + +def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME): + """ + Decorator for views that checks that the user passes the given test, + redirecting to the log-in page if necessary. The test should be a callable + that takes the user object and returns True if the user passes. + """ + def decorate(view_func): + return _CheckLogin(view_func, test_func, login_url, redirect_field_name) + return decorate + +def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME): + """ + Decorator for views that checks that the user is logged in, redirecting + to the log-in page if necessary. + """ + actual_decorator = user_passes_test( + lambda u: u.is_authenticated(), + redirect_field_name=redirect_field_name + ) + if function: + return actual_decorator(function) + return actual_decorator + +def permission_required(perm, login_url=None): + """ + Decorator for views that checks whether a user has a particular permission + enabled, redirecting to the log-in page if necessary. + """ + return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url) + +class _CheckLogin(object): + """ + Class that checks that the user passes the given test, redirecting to + the log-in page if necessary. If the test is passed, the view function + is invoked. The test should be a callable that takes the user object + and returns True if the user passes. + + We use a class here so that we can define __get__. This way, when a + _CheckLogin object is used as a method decorator, the view function + is properly bound to its instance. + """ + def __init__(self, view_func, test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME): + if not login_url: + from django.conf import settings + login_url = settings.LOGIN_URL + self.view_func = view_func + self.test_func = test_func + self.login_url = login_url + self.redirect_field_name = redirect_field_name + + # We can't blindly apply update_wrapper because it udpates __dict__ and + # if the view function is already a _CheckLogin object then + # self.test_func and friends will get stomped. However, we also can't + # *not* update the wrapper's dict because then view function attributes + # don't get updated into the wrapper. So we need to split the + # difference: don't let update_wrapper update __dict__, but then update + # the (parts of) __dict__ that we care about ourselves. + update_wrapper(self, view_func, updated=()) + for k in view_func.__dict__: + if k not in self.__dict__: + self.__dict__[k] = view_func.__dict__[k] + + def __get__(self, obj, cls=None): + view_func = self.view_func.__get__(obj, cls) + return _CheckLogin(view_func, self.test_func, self.login_url, self.redirect_field_name) + + def __call__(self, request, *args, **kwargs): + if self.test_func(request.user): + return self.view_func(request, *args, **kwargs) + path = urlquote(request.get_full_path()) + tup = self.login_url, self.redirect_field_name, path + return HttpResponseRedirect('%s?%s=%s' % tup)