5 from django.shortcuts import get_object_or_404 |
5 from django.shortcuts import get_object_or_404 |
6 from django.core.urlresolvers import reverse |
6 from django.core.urlresolvers import reverse |
7 from django.http import HttpResponseRedirect |
7 from django.http import HttpResponseRedirect |
8 from django.utils.http import urlquote |
8 from django.utils.http import urlquote |
9 from django.db.models import Q |
9 from django.db.models import Q |
10 |
10 from piston.utils import rc |
11 import logging |
11 import logging |
12 |
12 |
13 from cm.models import * |
13 from cm.models import * |
14 from cm import cm_settings |
14 from cm import cm_settings |
15 from cm.exception import UnauthorizedException |
15 from cm.exception import UnauthorizedException |
208 _check_global_perm.__doc__ = view_func.__doc__ |
208 _check_global_perm.__doc__ = view_func.__doc__ |
209 _check_global_perm.__dict__ = view_func.__dict__ |
209 _check_global_perm.__dict__ = view_func.__dict__ |
210 |
210 |
211 return _check_global_perm |
211 return _check_global_perm |
212 return _dec |
212 return _dec |
213 |
213 |
214 def has_perm_on_text(perm_name, must_be_logged_in=False, redirect_field_name=REDIRECT_FIELD_NAME): |
214 def has_perm_on_text_api(perm_name, must_be_logged_in=False, redirect_field_name=REDIRECT_FIELD_NAME): |
|
215 return _has_perm_on_text(perm_name, must_be_logged_in, redirect_field_name, api=True) |
|
216 |
|
217 def has_perm_on_text(perm_name, must_be_logged_in=False, redirect_field_name=REDIRECT_FIELD_NAME, api=False): |
|
218 return _has_perm_on_text(perm_name, must_be_logged_in, redirect_field_name, api) |
|
219 |
|
220 def _has_perm_on_text(perm_name, must_be_logged_in=False, redirect_field_name=REDIRECT_FIELD_NAME, api=False): |
215 """ |
221 """ |
216 decorator protection checking for perm for logged in user |
222 decorator protection checking for perm for logged in user |
217 force logged in (i.e. redirect to connection screen if not if must_be_logged_in |
223 force logged in (i.e. redirect to connection screen if not if must_be_logged_in |
218 """ |
224 """ |
219 def _dec(view_func): |
225 def _dec(view_func): |
220 def _check_local_perm(request, *args, **kwargs): |
226 def _check_local_perm(request, *args, **kwargs): |
221 if cm_settings.NO_SECURITY: |
227 if cm_settings.NO_SECURITY: |
222 return view_func(request, *args, **kwargs) |
228 return view_func(request, *args, **kwargs) |
223 |
229 |
224 if must_be_logged_in and not is_authenticated(request): |
230 if must_be_logged_in and not is_authenticated(request): |
225 login_url = reverse('login') |
231 if not api: |
226 return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path()))) |
232 login_url = reverse('login') |
|
233 return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path()))) |
|
234 else: |
|
235 return rc.FORBIDDEN |
|
236 |
227 |
237 |
228 if 'key' in kwargs: |
238 if 'key' in kwargs: |
229 text = get_object_or_404(Text, key=kwargs['key']) |
239 text = get_object_or_404(Text, key=kwargs['key']) |
230 else: |
240 else: |
231 raise Exception('no security check possible') |
241 raise Exception('no security check possible') |
232 |
242 |
233 if has_perm(request, perm_name, text=text): |
243 # in api, the view has an object as first parameter, request is args[0] |
|
244 if not api: |
|
245 req = request |
|
246 else: |
|
247 req = args[0] |
|
248 if has_perm(req, perm_name, text=text): |
234 return view_func(request, *args, **kwargs) |
249 return view_func(request, *args, **kwargs) |
235 #else: |
250 #else: |
236 # TODO: (? useful ?) if some user have the perm and not logged-in : redirect to login |
251 # TODO: (? useful ?) if some user have the perm and not logged-in : redirect to login |
237 #if not request.user.is_authenticated() and number_has_perm_on_text(permission, text_id) > 0: |
252 #if not request.user.is_authenticated() and number_has_perm_on_text(permission, text_id) > 0: |
238 # return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path()))) |
253 # return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path()))) |
239 # else : unauthorized |
254 # else : unauthorized |
240 |
255 |
241 raise UnauthorizedException('No perm %s' % perm_name) |
256 if not api: |
|
257 raise UnauthorizedException('No perm %s' % perm_name) |
|
258 else: |
|
259 return rc.FORBIDDEN |
|
260 |
242 _check_local_perm.__doc__ = view_func.__doc__ |
261 _check_local_perm.__doc__ = view_func.__doc__ |
243 _check_local_perm.__dict__ = view_func.__dict__ |
262 _check_local_perm.__dict__ = view_func.__dict__ |
244 |
263 |
245 return _check_local_perm |
264 return _check_local_perm |
246 return _dec |
265 return _dec |