diff --git a/ietf/secr/groups/tests.py b/ietf/secr/groups/tests.py index 139392e7d..2974e3da4 100644 --- a/ietf/secr/groups/tests.py +++ b/ietf/secr/groups/tests.py @@ -77,7 +77,7 @@ class GroupsTest(TestCase): make_test_data() group = Group.objects.all()[0] url = reverse('groups_view', kwargs={'acronym':group.acronym}) - response = self.client.get(url) + response = self.client.get(url, REMOTE_USER=SECR_USER) self.assertEqual(response.status_code, 200) # ------- Test Edit -------- # diff --git a/ietf/secr/middleware/secauth.py b/ietf/secr/middleware/secauth.py index da8b55bcf..95178fa78 100644 --- a/ietf/secr/middleware/secauth.py +++ b/ietf/secr/middleware/secauth.py @@ -1,21 +1,15 @@ import re from django.conf import settings -from django.shortcuts import render_to_response +from django.contrib.auth.decorators import login_required +from ietf.ietfauth.utils import has_role, role_required -from ietf.ietfauth.utils import has_role - class SecAuthMiddleware(object): """ - Middleware component that performs custom auth check for every - request except those excluded by SECR_AUTH_UNRESTRICTED_URLS. - - Since authentication is performed externally at the apache level - REMOTE_USER should contain the name of the authenticated - user. If the user is a secretariat than access is granted. - Otherwise return a 401 error page. + Middleware component that performs custom auth check for secretariat + apps. request except those excluded by SECR_AUTH_UNRESTRICTED_URLS. To use, add the class to MIDDLEWARE_CLASSES and define SECR_AUTH_UNRESTRICTED_URLS in your settings.py. @@ -28,30 +22,32 @@ class SecAuthMiddleware(object): Also sets custom request attributes: user_is_secretariat - user_is_chair - user_is_ad - ) - """ def __init__(self): self.unrestricted = [re.compile(pattern) for pattern in settings.SECR_AUTH_UNRESTRICTED_URLS] + def is_unrestricted_url(self,path): + for pattern in self.unrestricted: + if pattern.match(path): + return True + return False + def process_view(self, request, view_func, view_args, view_kwargs): - # need to initialize user, it doesn't get set when running tests for example - if request.path.startswith('/secr/'): - request.user_is_secretariat = False - - if request.user.is_anonymous(): - return render_to_response('401.html') - - # do custom check + # set custom request attribute if has_role(request.user, 'Secretariat'): request.user_is_secretariat = True - - return None + else: + request.user_is_secretariat = False - return None + if request.path.startswith('/secr/announcement/'): + return login_required(view_func)(request,*view_args,**view_kwargs) + elif self.is_unrestricted_url(request.path): + return role_required('WG Chair','Secretariat')(view_func)(request,*view_args,**view_kwargs) + else: + return role_required('Secretariat')(view_func)(request,*view_args,**view_kwargs) + else: + return None diff --git a/ietf/secr/sreq/tests.py b/ietf/secr/sreq/tests.py index 89c778e14..21278fdc9 100644 --- a/ietf/secr/sreq/tests.py +++ b/ietf/secr/sreq/tests.py @@ -12,13 +12,13 @@ class SreqUrlTests(TestCase): def test_urls(self): draft = make_test_data() - r = self.client.get("/secr/") + r = self.client.get("/secr/",REMOTE_USER=SECR_USER) self.assertEqual(r.status_code, 200) - r = self.client.get("/secr/sreq/") + r = self.client.get("/secr/sreq/",REMOTE_USER=SECR_USER) self.assertEqual(r.status_code, 200) - r = self.client.get("/secr/sreq/%s/new/" % draft.group.acronym) + r = self.client.get("/secr/sreq/%s/new/" % draft.group.acronym, REMOTE_USER=SECR_USER) self.assertEqual(r.status_code, 200) class MainTestCase(TestCase): @@ -42,8 +42,8 @@ class SubmitRequestCase(TestCase): 'id_attendees':'10', 'id_conflict1':'', 'id_comments':'need projector'} - self.client.login( REMOTE_USER=SECR_USER) - r = self.client.post(url,post_data) + self.client.login(REMOTE_USER=SECR_USER) + r = self.client.post(url,post_data,REMOTE_USER=SECR_USER) self.assertEqual(r.status_code, 200) """ #assert False, self.client.session..__dict__