From 37b758b04e32c5f5aa8ebcc3563ee8577f811aa9 Mon Sep 17 00:00:00 2001
From: Ryan Cross <rcross@amsl.com>
Date: Thu, 13 Mar 2014 00:06:16 +0000
Subject: [PATCH 1/2] changes to support django authentication  - Legacy-Id:
 7454

---
 ietf/secr/middleware/secauth.py | 47 +++++++++++++++------------------
 1 file changed, 21 insertions(+), 26 deletions(-)

diff --git a/ietf/secr/middleware/secauth.py b/ietf/secr/middleware/secauth.py
index 0b87fe7ab..77a0144f0 100644
--- a/ietf/secr/middleware/secauth.py
+++ b/ietf/secr/middleware/secauth.py
@@ -1,20 +1,13 @@
 from django.conf import settings
-from django.http import HttpResponseForbidden
-from django.shortcuts import render_to_response
+from django.contrib.auth.decorators import login_required
+from ietf.ietfauth.utils import has_role, role_required
 
-from ietf.ietfauth.utils import has_role
-            
 import re
 
 class SecAuthMiddleware(object):
     """
-    Middleware component that performs custom auth check for every
-    request except those excluded by SECR_AUTH_UNRESTRICTED_URLS.
-
-    Since authentication is performed externally at the apache level
-    REMOTE_USER should contain the name of the authenticated
-    user.  If the user is a secretariat than access is granted.  
-    Otherwise return a 401 error page.
+    Middleware component that performs custom auth check for secretariat
+    apps.  request except those excluded by SECR_AUTH_UNRESTRICTED_URLS.
 
     To use, add the class to MIDDLEWARE_CLASSES and define
     SECR_AUTH_UNRESTRICTED_URLS in your settings.py.
@@ -27,30 +20,32 @@ class SecAuthMiddleware(object):
 
     Also sets custom request attributes:
     user_is_secretariat
-    user_is_chair
-    user_is_ad
-    )
-
     """
  
     def __init__(self):
         self.unrestricted = [re.compile(pattern) for pattern in
             settings.SECR_AUTH_UNRESTRICTED_URLS]
 
+    def is_unrestricted_url(self,path):
+        for pattern in self.unrestricted:
+            if pattern.match(path):
+                return True
+        return False
+        
     def process_view(self, request, view_func, view_args, view_kwargs):
-        # need to initialize user, it doesn't get set when running tests for example
-
         if request.path.startswith('/secr/'):
-            request.user_is_secretariat = False
-            
-            if request.user.is_anonymous():
-                return render_to_response('401.html')
-
-            # do custom check
+            # set custom request attribute
             if has_role(request.user, 'Secretariat'):
                 request.user_is_secretariat = True
-                    
-            return None
+            else:
+                request.user_is_secretariat = False
 
-        return None
+            if request.path.startswith('/secr/announcement/'):
+                return login_required(view_func)(request,*view_args,**view_kwargs)
+            elif self.is_unrestricted_url(request.path):
+                return role_required('WG Chair','Secretariat')(view_func)(request,*view_args,**view_kwargs)
+            else:
+                return role_required('Secretariat')(view_func)(request,*view_args,**view_kwargs)
+        else:
+            return None
         

From 0b5fc98290af1ee9f3d7e91d4dd2704cdb6b5deb Mon Sep 17 00:00:00 2001
From: Ryan Cross <rcross@amsl.com>
Date: Thu, 27 Mar 2014 16:08:27 +0000
Subject: [PATCH 2/2] fix tests to work with secauth middleware changes  -
 Legacy-Id: 7549

---
 ietf/secr/groups/tests.py |  2 +-
 ietf/secr/sreq/tests.py   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ietf/secr/groups/tests.py b/ietf/secr/groups/tests.py
index a5477e7a3..0363999cc 100644
--- a/ietf/secr/groups/tests.py
+++ b/ietf/secr/groups/tests.py
@@ -77,7 +77,7 @@ class GroupsTest(TestCase):
         draft = make_test_data()
         group = Group.objects.all()[0]
         url = reverse('groups_view', kwargs={'acronym':group.acronym})
-        response = self.client.get(url)
+        response = self.client.get(url, REMOTE_USER=SECR_USER)
         self.assertEqual(response.status_code, 200)
 
     # ------- Test Edit -------- #
diff --git a/ietf/secr/sreq/tests.py b/ietf/secr/sreq/tests.py
index 798bf03a7..3c2ac4e7a 100644
--- a/ietf/secr/sreq/tests.py
+++ b/ietf/secr/sreq/tests.py
@@ -15,13 +15,13 @@ class SreqUrlTests(TestCase):
     def test_urls(self):
         draft = make_test_data()
 
-        r = self.client.get("/secr/")
+        r = self.client.get("/secr/",REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 
-        r = self.client.get("/secr/sreq/")
+        r = self.client.get("/secr/sreq/",REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 
-        r = self.client.get("/secr/sreq/%s/new/" % draft.group.acronym)
+        r = self.client.get("/secr/sreq/%s/new/" % draft.group.acronym, REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 
 class MainTestCase(TestCase):
@@ -45,8 +45,8 @@ class SubmitRequestCase(TestCase):
                      'id_attendees':'10',
                      'id_conflict1':'',
                      'id_comments':'need projector'}
-        self.client.login(  REMOTE_USER=SECR_USER)
-        r = self.client.post(url,post_data)
+        self.client.login(REMOTE_USER=SECR_USER)
+        r = self.client.post(url,post_data,REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 """
         #assert False, self.client.session..__dict__