Mercurial Mercurial > comt / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge with b8672f57ba3cd4e876277a13c69621446b940052
authorraph
Thu, 15 Jul 2010 17:07:15 +0200
changeset 295 7c40b98f627f
parent 294 c2c262ac1273 (current diff)
parent 286 b8672f57ba3c (diff)
child 296 6959c2875f47
Merge with b8672f57ba3cd4e876277a13c69621446b940052
buildout.cfg file | annotate | diff | comparison | revisions
src/cm/security.py file | annotate | diff | comparison | revisions 
--- a/buildout.cfg	Thu Jul 15 16:23:58 2010 +0200
+++ b/buildout.cfg	Thu Jul 15 17:07:15 2010 +0200
@@ -6,6 +6,7 @@
 	django-extensions
 	django-piston
 	omelette
+unzip = true
 develop = .
 
 [python]
@@ -30,6 +31,7 @@
 	django-flash
 	django-tagging
 #	django-piston
+# api dependency
 #	django-css	
 #	chardet
 	feedparser
--- a/src/cm/middleware.py	Thu Jul 15 16:23:58 2010 +0200
+++ b/src/cm/middleware.py	Thu Jul 15 17:07:15 2010 +0200
@@ -2,6 +2,7 @@
 from django.conf import settings
 from django.http import HttpResponseServerError,HttpResponseRedirect
 from django.core.urlresolvers import reverse
+from urllib import urlencode
 
 class CmMiddleware(object):
     
@@ -11,7 +12,8 @@
             traceback.print_exc()
         if type(exception) == UnauthorizedException:
             if request.user.is_anonymous():
-                login_url = reverse('login') + '?next=%s' %request.META['PATH_INFO']
+                query = urlencode({'next': request.META['PATH_INFO'], 'q' : request.META['QUERY_STRING'] })
+                login_url = reverse('login') + '?'  + query
                 return HttpResponseRedirect(login_url)
             else:
                 redirect_url = reverse('unauthorized')
--- a/src/cm/security.py	Thu Jul 15 16:23:58 2010 +0200
+++ b/src/cm/security.py	Thu Jul 15 17:07:15 2010 +0200
@@ -198,8 +198,7 @@
     def _dec(view_func):
         def _check_global_perm(request, *args, **kwargs):
             if must_be_logged_in and not is_authenticated(request):
-                login_url = reverse('login')
-                return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path())))
+                raise UnauthorizedException('Should be logged in')
             
             if has_perm(request, perm_name, text=None): 
                 return view_func(request, *args, **kwargs)
@@ -229,8 +228,7 @@
 
             if must_be_logged_in and not is_authenticated(request):
                 if not api:
-                    login_url = reverse('login')
-                    return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path())))
+                    raise UnauthorizedException('Should be logged in')
                 else:
                     return rc.FORBIDDEN
 
--- a/src/cm/templates/site/login_form.html	Thu Jul 15 16:23:58 2010 +0200
+++ b/src/cm/templates/site/login_form.html	Thu Jul 15 17:07:15 2010 +0200
@@ -27,6 +27,9 @@
 {% if request.GET.next %}
 <input type="hidden" name="next" value="{{ request.GET.next }}">
 {% endif %}
+{% if request.GET.q %}
+<input type="hidden" name="q" value="{{ request.GET.q }}">
+{% endif %}
 
 </form>
 
--- a/src/cm/views/user.py	Thu Jul 15 16:23:58 2010 +0200
+++ b/src/cm/views/user.py	Thu Jul 15 17:07:15 2010 +0200
@@ -544,8 +544,12 @@
     
     display_message(request, _(u"You're logged in!"))
     next = request.POST.get('next', None)
+    q = request.POST.get('q', None)
     if next and next.startswith('/'):
-        return HttpResponseRedirect(next)
+        if q:
+            return HttpResponseRedirect(next + '?' + q)
+        else:
+            return HttpResponseRedirect(next)
     else:
         return HttpResponseRedirect(reverse('index'))
comt