changes to support django authentication

- Legacy-Id: 7454
2014-03-13 00:06:16 +00:00 · 2014-03-13 00:06:16 +00:00 · 37b758b04e
parent a0311b7ee8
commit 37b758b04e
1 changed files with 21 additions and 26 deletions
--- a/ietf/secr/middleware/secauth.py
+++ b/ietf/secr/middleware/secauth.py
@ -1,20 +1,13 @@
 from django.conf import settings
-from django.http import HttpResponseForbidden
-from django.shortcuts import render_to_response
+from django.contrib.auth.decorators import login_required
+from ietf.ietfauth.utils import has_role, role_required

-from ietf.ietfauth.utils import has_role
-            
 import re

 class SecAuthMiddleware(object):
    """
-    Middleware component that performs custom auth check for every
-    request except those excluded by SECR_AUTH_UNRESTRICTED_URLS.
-
-    Since authentication is performed externally at the apache level
-    REMOTE_USER should contain the name of the authenticated
-    user.  If the user is a secretariat than access is granted.  
-    Otherwise return a 401 error page.
+    Middleware component that performs custom auth check for secretariat
+    apps.  request except those excluded by SECR_AUTH_UNRESTRICTED_URLS.

    To use, add the class to MIDDLEWARE_CLASSES and define
    SECR_AUTH_UNRESTRICTED_URLS in your settings.py.
@ -27,30 +20,32 @@ class SecAuthMiddleware(object):

    Also sets custom request attributes:
    user_is_secretariat
-    user_is_chair
-    user_is_ad
-    )
-
    """
 
    def __init__(self):
        self.unrestricted = [re.compile(pattern) for pattern in
            settings.SECR_AUTH_UNRESTRICTED_URLS]

+    def is_unrestricted_url(self,path):
+        for pattern in self.unrestricted:
+            if pattern.match(path):
+                return True
+        return False
+        
    def process_view(self, request, view_func, view_args, view_kwargs):
-        # need to initialize user, it doesn't get set when running tests for example
-
        if request.path.startswith('/secr/'):
-            request.user_is_secretariat = False
-            
-            if request.user.is_anonymous():
-                return render_to_response('401.html')
-
-            # do custom check
+            # set custom request attribute
            if has_role(request.user, 'Secretariat'):
                request.user_is_secretariat = True
-                    
-            return None
+            else:
+                request.user_is_secretariat = False

-        return None
+            if request.path.startswith('/secr/announcement/'):
+                return login_required(view_func)(request,*view_args,**view_kwargs)
+            elif self.is_unrestricted_url(request.path):
+                return role_required('WG Chair','Secretariat')(view_func)(request,*view_args,**view_kwargs)
+            else:
+                return role_required('Secretariat')(view_func)(request,*view_args,**view_kwargs)
+        else:
+            return None