Beispiel #1
0
    def wrapper(*args, **kw):
        request = args[1]
        version_id = kw.get('version_id')
        addon_id = kw.get('addon_id')
        if version_id:
            try:
                version = Version.objects.get(addon=addon_id, pk=version_id)
                addon = version.addon
            except Version.DoesNotExist:
                return rc.NOT_HERE

            if not acl.check_ownership(request, addon):
                return rc.FORBIDDEN

            return f(*args, addon=addon, version=version)

        elif addon_id:
            try:
                addon = Addon.objects.get(pk=addon_id)
            except:
                return rc.NOT_HERE

            if not acl.check_ownership(request, addon):
                return rc.FORBIDDEN

            return f(*args, addon=addon)
Beispiel #2
0
    def handle(self, bundle, request, **kwargs):
        form = ReceiptForm(bundle.data)

        if not form.is_valid():
            raise self.form_errors(form)

        bundle.obj = form.cleaned_data['app']

        # Developers get handled quickly.
        if check_ownership(request,
                           bundle.obj,
                           require_owner=False,
                           ignore_disabled=True,
                           admin=False):
            return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER)

        # The app must be public and if its a premium app, you
        # must have purchased it.
        if not bundle.obj.is_public():
            log.info('App not public: %s' % bundle.obj.pk)
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        if (bundle.obj.is_premium()
                and not bundle.obj.has_purchased(request.amo_user)):
            log.info('App not purchased: %s' % bundle.obj.pk)
            raise ImmediateHttpResponse(response=HttpPaymentRequired())

        # Anonymous users will fall through, they don't need anything else
        # handling.
        if request.user.is_authenticated():
            return self.record(bundle, request, apps.INSTALL_TYPE_USER)
Beispiel #3
0
def download_file(request, file_id, type=None):
    file = get_object_or_404(File.objects, pk=file_id)
    addon = get_object_or_404(Addon.objects.all().no_transforms(),
                              pk=file.version.addon_id)

    if (addon.status == amo.STATUS_DISABLED
        and not acl.check_ownership(request, addon)):
        raise http.Http404()

    attachment = (type == 'attachment' or not request.APP.browser)

    if file.datestatuschanged:
        published = datetime.now() - file.datestatuschanged
    else:
        published = timedelta(minutes=0)

    if attachment:
        host = posixpath.join(settings.LOCAL_MIRROR_URL, '_attachments')
    elif (addon.status == file.status == amo.STATUS_PUBLIC
          and published > timedelta(minutes=settings.MIRROR_DELAY)
          and not settings.DEBUG):
        host = settings.MIRROR_URL  # Send it to the mirrors.
    else:
        host = settings.LOCAL_MIRROR_URL
    loc = posixpath.join(*map(smart_str, [host, addon.id, file.filename]))
    response = http.HttpResponseRedirect(loc)
    response['X-Target-Digest'] = file.hash
    return response
Beispiel #4
0
def collection_detail(request, username, slug):
    c = get_object_or_404(Collection.objects,
                          author__nickname=username, slug=slug)
    base = c.addons.all() & Addon.objects.listed(request.APP)
    filter = CollectionAddonFilter(request, base,
                                   key='sort', default='popular')
    notes = get_notes(c)
    count = CollectionAddon.objects.filter(
        Addon.objects.valid_q(prefix='addon__'), collection=c.id).count()
    addons = amo.utils.paginate(request, filter.qs, per_page=15, count=count)

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    perms = {
        'view_stats': acl.check_ownership(request, c, require_owner=False),
    }

    tag_ids = c.top_tags
    tags = Tag.objects.filter(id__in=tag_ids) if tag_ids else []
    return jingo.render(request, 'bandwagon/collection_detail.html',
                        {'collection': c, 'filter': filter,
                         'addons': addons, 'notes': notes,
                         'author_collections': others, 'tags': tags,
                         'perms': perms})
Beispiel #5
0
    def handle(self, bundle, request, **kwargs):
        form = ReceiptForm(bundle.data)

        if not form.is_valid():
            raise self.form_errors(form)

        bundle.obj = form.cleaned_data['app']

        # Developers get handled quickly.
        if check_ownership(request, bundle.obj, require_owner=False,
                           ignore_disabled=True, admin=False):
            return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER)

        # The app must be public and if its a premium app, you
        # must have purchased it.
        if not bundle.obj.is_public():
            log.info('App not public: %s' % bundle.obj.pk)
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        if (bundle.obj.is_premium() and
                not bundle.obj.has_purchased(request.amo_user)):
            log.info('App not purchased: %s' % bundle.obj.pk)
            raise ImmediateHttpResponse(response=HttpPaymentRequired())

        # Anonymous users will fall through, they don't need anything else
        # handling.
        if request.user.is_authenticated():
            return self.record(bundle, request, apps.INSTALL_TYPE_USER)
Beispiel #6
0
def install_type(request, app):
    if check_ownership(request,
                       app,
                       require_owner=False,
                       ignore_disabled=True,
                       admin=False):
        return INSTALL_TYPE_DEVELOPER
    return INSTALL_TYPE_USER
Beispiel #7
0
def app_header(context, app, page_type=''):
    t = env.get_template('lookup/helpers/app_header.html')

    is_author = acl.check_ownership(context['request'], app)
    is_operator = any(g.name == 'Operators' for g in context['request'].groups)
    is_admin = acl.action_allowed(context['request'], 'Users', 'Edit')
    is_staff = acl.action_allowed(context['request'], 'Apps', 'Configure')
    is_reviewer = acl.check_reviewer(context['request'])
    return jinja2.Markup(t.render(app=app, page_type=page_type,
                                  is_admin=is_admin, is_staff=is_staff,
                                  is_reviewer=is_reviewer, is_author=is_author,
                                  is_operator=is_operator))
Beispiel #8
0
def collection_detail(request, username, slug):
    c = get_collection(request, username, slug)
    if not c.listed:
        if not request.user.is_authenticated():
            return redirect_for_login(request)
        if not acl.check_collection_ownership(request, c):
            raise PermissionDenied

    if request.GET.get('format') == 'rss':
        return http.HttpResponsePermanentRedirect(c.feed_url())

    base = Addon.objects.valid() & c.addons.all()
    filter = CollectionAddonFilter(request,
                                   base,
                                   key='sort',
                                   default='popular')
    notes = get_notes(c)
    # Go directly to CollectionAddon for the count to avoid joins.
    count = CollectionAddon.objects.filter(Addon.objects.valid_q(
        amo.VALID_STATUSES, prefix='addon__'),
                                           collection=c.id)
    addons = paginate(request, filter.qs, per_page=15, count=count.count())

    # The add-on query is not related to the collection, so we need to manually
    # hook them up for invalidation.  Bonus: count invalidation.
    keys = [addons.object_list.flush_key(), count.flush_key()]
    caching.invalidator.add_to_flush_list({c.flush_key(): keys})

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    # `perms` is defined in django.contrib.auth.context_processors. Gotcha!
    user_perms = {
        'view_stats': acl.check_ownership(request, c, require_owner=False),
    }

    tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
    return render_cat(
        request, 'bandwagon/collection_detail.html', {
            'collection': c,
            'filter': filter,
            'addons': addons,
            'notes': notes,
            'author_collections': others,
            'tags': tags,
            'user_perms': user_perms
        })
Beispiel #9
0
def app_header(context, app, page_type=''):
    t = env.get_template('lookup/helpers/app_header.html')

    is_author = acl.check_ownership(context['request'], app)
    is_operator = any(g.name == 'Operators' for g in context['request'].groups)
    is_admin = acl.action_allowed(context['request'], 'Users', 'Edit')
    is_staff = acl.action_allowed(context['request'], 'Apps', 'Configure')
    is_reviewer = acl.check_reviewer(context['request'])
    return jinja2.Markup(
        t.render(app=app,
                 page_type=page_type,
                 is_admin=is_admin,
                 is_staff=is_staff,
                 is_reviewer=is_reviewer,
                 is_author=is_author,
                 is_operator=is_operator))
Beispiel #10
0
def collection_detail(request, username, slug):
    c = get_collection(request, username, slug)
    if not c.listed:
        if not request.user.is_authenticated():
            return redirect_for_login(request)
        if not acl.check_collection_ownership(request, c):
            raise PermissionDenied

    if request.GET.get("format") == "rss":
        return http.HttpResponsePermanentRedirect(c.feed_url())

    base = Addon.objects.valid() & c.addons.all()
    filter = CollectionAddonFilter(request, base, key="sort", default="popular")
    notes = get_notes(c)
    # Go directly to CollectionAddon for the count to avoid joins.
    count = CollectionAddon.objects.filter(Addon.objects.valid_q(amo.VALID_STATUSES, prefix="addon__"), collection=c.id)
    addons = paginate(request, filter.qs, per_page=15, count=count.count())

    # The add-on query is not related to the collection, so we need to manually
    # hook them up for invalidation.  Bonus: count invalidation.
    keys = [addons.object_list.flush_key(), count.flush_key()]
    caching.invalidator.add_to_flush_list({c.flush_key(): keys})

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    # `perms` is defined in django.contrib.auth.context_processors. Gotcha!
    user_perms = {"view_stats": acl.check_ownership(request, c, require_owner=False)}

    tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
    return render(
        request,
        "bandwagon/collection_detail.html",
        {
            "collection": c,
            "filter": filter,
            "addons": addons,
            "notes": notes,
            "author_collections": others,
            "tags": tags,
            "user_perms": user_perms,
        },
    )
Beispiel #11
0
def review_list(request, addon_id, review_id=None, user_id=None):
    addon = get_object_or_404(Addon.objects.valid(), id=addon_id)
    q = (Review.objects.valid().filter(addon=addon)
         .order_by('-created'))

    ctx = {'addon': addon,
           'grouped_ratings': GroupedRating.get(addon_id)}
    ctx.update(flag_context())

    ctx['form'] = forms.ReviewForm(None)

    if review_id is not None:
        ctx['page'] = 'detail'
        # If this is a dev reply, find the first msg for context.
        review = get_object_or_404(Review.objects.all(), pk=review_id)
        if review.reply_to_id:
            review_id = review.reply_to_id
            ctx['reply'] = review
        q = q.filter(pk=review_id)
    elif user_id is not None:
        ctx['page'] = 'user'
        q = q.filter(user=user_id)
    else:
        ctx['page'] = 'list'
        q = q.filter(is_latest=True)

    ctx['reviews'] = reviews = amo.utils.paginate(request, q)
    if not reviews.object_list:
        raise http.Http404()

    ctx['replies'] = Review.get_replies(reviews.object_list)
    if request.user.is_authenticated():
        ctx['review_perms'] = {
            'is_admin': acl.action_allowed(request, 'Admin', 'EditAnyAddon'),
            'is_editor': acl.action_allowed(request, 'Editor', '%'),
            'is_author': acl.check_ownership(request, addon,
                                             require_owner=True),
            'can_delete': acl.action_allowed(request, 'Editors',
                                             'DeleteReview'),
        }
        ctx['flags'] = get_flags(request, reviews.object_list)
    else:
        ctx['review_perms'] = {}
    return jingo.render(request, 'reviews/review_list.html', ctx)
Beispiel #12
0
def collection_detail(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        return http.HttpResponseForbidden()

    if request.GET.get('format') == 'rss':
        return redirect(c.feed_url(), permanent=True)

    base = Addon.objects.valid() & c.addons.all()
    filter = CollectionAddonFilter(request, base,
                                   key='sort', default='popular')
    notes = get_notes(c)
    # Go directly to CollectionAddon for the count to avoid joins.
    count = CollectionAddon.objects.filter(
        Addon.objects.valid_q(amo.VALID_STATUSES, prefix='addon__'),
        collection=c.id)
    addons = paginate(request, filter.qs, per_page=15, count=count.count())

    # The add-on query is not related to the collection, so we need to manually
    # hook them up for invalidation.  Bonus: count invalidation.
    keys = [addons.object_list.flush_key(),
            count.flush_key()]
    caching.invalidator.add_to_flush_list({c.flush_key(): keys})

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    # `perms` is defined in django.contrib.auth.context_processors. Gotcha!
    user_perms = {
        'view_stats': acl.check_ownership(request, c, require_owner=False),
    }

    tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
    return render(request, 'bandwagon/collection_detail.html',
                  {'collection': c, 'filter': filter, 'addons': addons,
                   'notes': notes, 'author_collections': others, 'tags': tags,
                   'user_perms': user_perms})
Beispiel #13
0
def reply(request, addon_id, review_id):
    addon = get_object_or_404(Addon.objects.valid(), id=addon_id)
    is_admin = acl.action_allowed(request, 'Admin', 'EditAnyAddon')
    is_author = acl.check_ownership(request, addon, require_owner=True)
    if not (is_admin or is_author):
        return http.HttpResponseForbidden()

    review = get_object_or_404(Review.objects, pk=review_id, addon=addon_id)
    form = forms.ReviewReplyForm(request.POST or None)
    if request.method == 'POST':
        if form.is_valid():
            d = dict(reply_to=review, addon=addon,
                     defaults=dict(user=request.amo_user))
            reply, new = Review.objects.get_or_create(**d)
            for key, val in _review_details(request, addon, form).items():
                setattr(reply, key, val)
            reply.save()
            action = 'New' if new else 'Edited'
            log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
            return redirect('reviews.detail', addon_id, review_id)
    ctx = dict(review=review, form=form, addon=addon)
    ctx.update(flag_context())
    return jingo.render(request, 'reviews/reply.html', ctx)
Beispiel #14
0
    def handle(self, bundle, request, **kwargs):
        form = ReceiptForm(bundle.data)

        if not form.is_valid():
            raise self.form_errors(form)

        bundle.obj = form.cleaned_data['app']

        # Developers get handled quickly.
        if check_ownership(request, bundle.obj, require_owner=False,
                           ignore_disabled=True, admin=False):
            return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER)

        # The app must be public and if its a premium app, you
        # must have purchased it.
        if not bundle.obj.is_public():
            log.info('App not public: %s' % bundle.obj.pk)
            raise http_error(http.HttpForbidden, 'App not public.')

        if (bundle.obj.is_premium() and
            not bundle.obj.has_purchased(request.amo_user)):
            # Apps that are premium but have no charge will get an
            # automatic purchase record created. This will ensure that
            # the receipt will work into the future if the price changes.
            if bundle.obj.premium and not bundle.obj.premium.has_price():
                log.info('Create purchase record: {0}'.format(bundle.obj.pk))
                AddonPurchase.objects.get_or_create(addon=bundle.obj,
                    user=request.amo_user, type=CONTRIB_NO_CHARGE)
            else:
                log.info('App not purchased: %s' % bundle.obj.pk)
                raise http_error(HttpPaymentRequired, 'You have not purchased this app.')

        # Anonymous users will fall through, they don't need anything else
        # handling.
        if request.user.is_authenticated():
            return self.record(bundle, request, apps.INSTALL_TYPE_USER)
Beispiel #15
0
def install_type(request, app):
    if check_ownership(request, app, require_owner=False,
                       ignore_disabled=True, admin=False):
        return INSTALL_TYPE_DEVELOPER
    return INSTALL_TYPE_USER