altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 4 Packages Projects Releases Wiki Activity
datatracker/ietf/ietfauth/decorators.py
Ole Laursen 980d4e6444 Move new schema models from redesign/ to ietf/ 
- Legacy-Id: 3855
2012-01-24 17:17:24 +00:00

105 lines
4.6 KiB
Python
Raw Blame History

# Portion Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies).
# All rights reserved. Contact: Pasi Eronen <pasi.eronen@nokia.com>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# * Neither the name of the Nokia Corporation and/or its
# subsidiary(-ies) nor the names of its contributors may be used
# to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
from django.utils.http import urlquote
from django.conf import settings
from django.db.models import Q
from django.http import HttpResponseRedirect, HttpResponseForbidden
from django.contrib.auth import REDIRECT_FIELD_NAME
def passes_test_decorator(test_func, message):
"""
Decorator creator that creates a decorator for checking that user
passes the test, redirecting to login or returning a 403
error. The test function should be on the form fn(user) ->
true/false.
"""
def decorate(view_func):
def inner(request, *args, **kwargs):
if not request.user.is_authenticated():
return HttpResponseRedirect('%s?%s=%s' % (settings.LOGIN_URL, REDIRECT_FIELD_NAME, urlquote(request.get_full_path())))
elif test_func(request.user):
return view_func(request, *args, **kwargs)
else:
return HttpResponseForbidden(message)
return inner
return decorate
def group_required(*group_names):
"""Decorator for views that checks that the user is logged in,
and belongs to (at least) one of the listed groups."""
return passes_test_decorator(lambda u: u.groups.filter(name__in=group_names),
"Restricted to group%s %s" % ("s" if len(group_names) != 1 else "", ",".join(group_names)))
def has_role(user, role_names):
"""Determines whether user has any of the given standard roles
given. Role names must be a list or, in case of a single value, a
string."""
if isinstance(role_names, str) or isinstance(role_names, unicode):
role_names = [ role_names ]
if not user or not user.is_authenticated():
return False
from ietf.person.models import Person
try:
person = user.get_profile()
except Person.DoesNotExist:
return False
role_qs = {
"Area Director": Q(person=person, name="ad", group__type="area", group__state="active"),
"Secretariat": Q(person=person, name="secr", group__acronym="secretariat"),
"IANA": Q(person=person, name="auth", group__acronym="iana"),
"WG Chair": Q(person=person,name="chair", group__type="wg", group__state="active"),
"WG Secretary": Q(person=person,name="secr", group__type="wg", group__state="active"),
}
filter_expr = Q()
for r in role_names:
filter_expr |= role_qs[r]
from ietf.group.models import Role
return bool(Role.objects.filter(filter_expr)[:1])
def role_required(*role_names):
"""View decorator for checking that the user is logged in and
has one of the listed roles."""
return passes_test_decorator(lambda u: has_role(u, role_names),
"Restricted to role%s %s" % ("s" if len(role_names) != 1 else "", ",".join(role_names)))
if settings.USE_DB_REDESIGN_PROXY_CLASSES:
# overwrite group_required
group_required = lambda *group_names: role_required(*[n.replace("Area_Director", "Area Director") for n in group_names])
Reference in a new issue View git blame Copy permalink