def wrapper(*args, **kw):
request = args[1]
version_id = kw.get('version_id')
addon_id = kw.get('addon_id')
if version_id:
try:
version = Version.objects.get(addon=addon_id, pk=version_id)
addon = version.addon
except Version.DoesNotExist:
return rc.NOT_HERE
if not acl.check_ownership(request, addon):
return rc.FORBIDDEN
return f(*args, addon=addon, version=version)
elif addon_id:
try:
addon = Addon.objects.get(pk=addon_id)
except:
return rc.NOT_HERE
if not acl.check_ownership(request, addon):
return rc.FORBIDDEN
return f(*args, addon=addon)
def handle(self, bundle, request, **kwargs):
form = ReceiptForm(bundle.data)
if not form.is_valid():
raise self.form_errors(form)
bundle.obj = form.cleaned_data['app']
# Developers get handled quickly.
if check_ownership(request,
bundle.obj,
require_owner=False,
ignore_disabled=True,
admin=False):
return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER)
# The app must be public and if its a premium app, you
# must have purchased it.
if not bundle.obj.is_public():
log.info('App not public: %s' % bundle.obj.pk)
raise ImmediateHttpResponse(response=http.HttpForbidden())
if (bundle.obj.is_premium()
and not bundle.obj.has_purchased(request.amo_user)):
log.info('App not purchased: %s' % bundle.obj.pk)
raise ImmediateHttpResponse(response=HttpPaymentRequired())
# Anonymous users will fall through, they don't need anything else
# handling.
if request.user.is_authenticated():
return self.record(bundle, request, apps.INSTALL_TYPE_USER)
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.objects.all().no_transforms(),
pk=file.version.addon_id)
if (addon.status == amo.STATUS_DISABLED
and not acl.check_ownership(request, addon)):
raise http.Http404()
attachment = (type == 'attachment' or not request.APP.browser)
if file.datestatuschanged:
published = datetime.now() - file.datestatuschanged
else:
published = timedelta(minutes=0)
if attachment:
host = posixpath.join(settings.LOCAL_MIRROR_URL, '_attachments')
elif (addon.status == file.status == amo.STATUS_PUBLIC
and published > timedelta(minutes=settings.MIRROR_DELAY)
and not settings.DEBUG):
host = settings.MIRROR_URL # Send it to the mirrors.
else:
host = settings.LOCAL_MIRROR_URL
loc = posixpath.join(*map(smart_str, [host, addon.id, file.filename]))
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def collection_detail(request, username, slug):
c = get_object_or_404(Collection.objects,
author__nickname=username, slug=slug)
base = c.addons.all() & Addon.objects.listed(request.APP)
filter = CollectionAddonFilter(request, base,
key='sort', default='popular')
notes = get_notes(c)
count = CollectionAddon.objects.filter(
Addon.objects.valid_q(prefix='addon__'), collection=c.id).count()
addons = amo.utils.paginate(request, filter.qs, per_page=15, count=count)
if c.author_id:
qs = Collection.objects.listed().filter(author=c.author)
others = amo.utils.randslice(qs, limit=4, exclude=c.id)
else:
others = []
perms = {
'view_stats': acl.check_ownership(request, c, require_owner=False),
}
tag_ids = c.top_tags
tags = Tag.objects.filter(id__in=tag_ids) if tag_ids else []
return jingo.render(request, 'bandwagon/collection_detail.html',
{'collection': c, 'filter': filter,
'addons': addons, 'notes': notes,
'author_collections': others, 'tags': tags,
'perms': perms})
def handle(self, bundle, request, **kwargs):
form = ReceiptForm(bundle.data)
if not form.is_valid():
raise self.form_errors(form)
bundle.obj = form.cleaned_data['app']
# Developers get handled quickly.
if check_ownership(request, bundle.obj, require_owner=False,
ignore_disabled=True, admin=False):
return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER)
# The app must be public and if its a premium app, you
# must have purchased it.
if not bundle.obj.is_public():
log.info('App not public: %s' % bundle.obj.pk)
raise ImmediateHttpResponse(response=http.HttpForbidden())
if (bundle.obj.is_premium() and
not bundle.obj.has_purchased(request.amo_user)):
log.info('App not purchased: %s' % bundle.obj.pk)
raise ImmediateHttpResponse(response=HttpPaymentRequired())
# Anonymous users will fall through, they don't need anything else
# handling.
if request.user.is_authenticated():
return self.record(bundle, request, apps.INSTALL_TYPE_USER)
def install_type(request, app):
if check_ownership(request,
app,
require_owner=False,
ignore_disabled=True,
admin=False):
return INSTALL_TYPE_DEVELOPER
return INSTALL_TYPE_USER
def app_header(context, app, page_type=''):
t = env.get_template('lookup/helpers/app_header.html')
is_author = acl.check_ownership(context['request'], app)
is_operator = any(g.name == 'Operators' for g in context['request'].groups)
is_admin = acl.action_allowed(context['request'], 'Users', 'Edit')
is_staff = acl.action_allowed(context['request'], 'Apps', 'Configure')
is_reviewer = acl.check_reviewer(context['request'])
return jinja2.Markup(t.render(app=app, page_type=page_type,
is_admin=is_admin, is_staff=is_staff,
is_reviewer=is_reviewer, is_author=is_author,
is_operator=is_operator))
def collection_detail(request, username, slug):
c = get_collection(request, username, slug)
if not c.listed:
if not request.user.is_authenticated():
return redirect_for_login(request)
if not acl.check_collection_ownership(request, c):
raise PermissionDenied
if request.GET.get('format') == 'rss':
return http.HttpResponsePermanentRedirect(c.feed_url())
base = Addon.objects.valid() & c.addons.all()
filter = CollectionAddonFilter(request,
base,
key='sort',
default='popular')
notes = get_notes(c)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(Addon.objects.valid_q(
amo.VALID_STATUSES, prefix='addon__'),
collection=c.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# The add-on query is not related to the collection, so we need to manually
# hook them up for invalidation. Bonus: count invalidation.
keys = [addons.object_list.flush_key(), count.flush_key()]
caching.invalidator.add_to_flush_list({c.flush_key(): keys})
if c.author_id:
qs = Collection.objects.listed().filter(author=c.author)
others = amo.utils.randslice(qs, limit=4, exclude=c.id)
else:
others = []
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {
'view_stats': acl.check_ownership(request, c, require_owner=False),
}
tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
return render_cat(
request, 'bandwagon/collection_detail.html', {
'collection': c,
'filter': filter,
'addons': addons,
'notes': notes,
'author_collections': others,
'tags': tags,
'user_perms': user_perms
})
def app_header(context, app, page_type=''):
t = env.get_template('lookup/helpers/app_header.html')
is_author = acl.check_ownership(context['request'], app)
is_operator = any(g.name == 'Operators' for g in context['request'].groups)
is_admin = acl.action_allowed(context['request'], 'Users', 'Edit')
is_staff = acl.action_allowed(context['request'], 'Apps', 'Configure')
is_reviewer = acl.check_reviewer(context['request'])
return jinja2.Markup(
t.render(app=app,
page_type=page_type,
is_admin=is_admin,
is_staff=is_staff,
is_reviewer=is_reviewer,
is_author=is_author,
is_operator=is_operator))
def collection_detail(request, username, slug):
c = get_collection(request, username, slug)
if not c.listed:
if not request.user.is_authenticated():
return redirect_for_login(request)
if not acl.check_collection_ownership(request, c):
raise PermissionDenied
if request.GET.get("format") == "rss":
return http.HttpResponsePermanentRedirect(c.feed_url())
base = Addon.objects.valid() & c.addons.all()
filter = CollectionAddonFilter(request, base, key="sort", default="popular")
notes = get_notes(c)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(Addon.objects.valid_q(amo.VALID_STATUSES, prefix="addon__"), collection=c.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# The add-on query is not related to the collection, so we need to manually
# hook them up for invalidation. Bonus: count invalidation.
keys = [addons.object_list.flush_key(), count.flush_key()]
caching.invalidator.add_to_flush_list({c.flush_key(): keys})
if c.author_id:
qs = Collection.objects.listed().filter(author=c.author)
others = amo.utils.randslice(qs, limit=4, exclude=c.id)
else:
others = []
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {"view_stats": acl.check_ownership(request, c, require_owner=False)}
tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
return render(
request,
"bandwagon/collection_detail.html",
{
"collection": c,
"filter": filter,
"addons": addons,
"notes": notes,
"author_collections": others,
"tags": tags,
"user_perms": user_perms,
},
)
def review_list(request, addon_id, review_id=None, user_id=None):
addon = get_object_or_404(Addon.objects.valid(), id=addon_id)
q = (Review.objects.valid().filter(addon=addon)
.order_by('-created'))
ctx = {'addon': addon,
'grouped_ratings': GroupedRating.get(addon_id)}
ctx.update(flag_context())
ctx['form'] = forms.ReviewForm(None)
if review_id is not None:
ctx['page'] = 'detail'
# If this is a dev reply, find the first msg for context.
review = get_object_or_404(Review.objects.all(), pk=review_id)
if review.reply_to_id:
review_id = review.reply_to_id
ctx['reply'] = review
q = q.filter(pk=review_id)
elif user_id is not None:
ctx['page'] = 'user'
q = q.filter(user=user_id)
else:
ctx['page'] = 'list'
q = q.filter(is_latest=True)
ctx['reviews'] = reviews = amo.utils.paginate(request, q)
if not reviews.object_list:
raise http.Http404()
ctx['replies'] = Review.get_replies(reviews.object_list)
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin': acl.action_allowed(request, 'Admin', 'EditAnyAddon'),
'is_editor': acl.action_allowed(request, 'Editor', '%'),
'is_author': acl.check_ownership(request, addon,
require_owner=True),
'can_delete': acl.action_allowed(request, 'Editors',
'DeleteReview'),
}
ctx['flags'] = get_flags(request, reviews.object_list)
else:
ctx['review_perms'] = {}
return jingo.render(request, 'reviews/review_list.html', ctx)
def collection_detail(request, username, slug):
c = get_collection(request, username, slug)
if not (c.listed or acl.check_collection_ownership(request, c)):
return http.HttpResponseForbidden()
if request.GET.get('format') == 'rss':
return redirect(c.feed_url(), permanent=True)
base = Addon.objects.valid() & c.addons.all()
filter = CollectionAddonFilter(request, base,
key='sort', default='popular')
notes = get_notes(c)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(
Addon.objects.valid_q(amo.VALID_STATUSES, prefix='addon__'),
collection=c.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# The add-on query is not related to the collection, so we need to manually
# hook them up for invalidation. Bonus: count invalidation.
keys = [addons.object_list.flush_key(),
count.flush_key()]
caching.invalidator.add_to_flush_list({c.flush_key(): keys})
if c.author_id:
qs = Collection.objects.listed().filter(author=c.author)
others = amo.utils.randslice(qs, limit=4, exclude=c.id)
else:
others = []
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {
'view_stats': acl.check_ownership(request, c, require_owner=False),
}
tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
return render(request, 'bandwagon/collection_detail.html',
{'collection': c, 'filter': filter, 'addons': addons,
'notes': notes, 'author_collections': others, 'tags': tags,
'user_perms': user_perms})
def reply(request, addon_id, review_id):
addon = get_object_or_404(Addon.objects.valid(), id=addon_id)
is_admin = acl.action_allowed(request, 'Admin', 'EditAnyAddon')
is_author = acl.check_ownership(request, addon, require_owner=True)
if not (is_admin or is_author):
return http.HttpResponseForbidden()
review = get_object_or_404(Review.objects, pk=review_id, addon=addon_id)
form = forms.ReviewReplyForm(request.POST or None)
if request.method == 'POST':
if form.is_valid():
d = dict(reply_to=review, addon=addon,
defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for key, val in _review_details(request, addon, form).items():
setattr(reply, key, val)
reply.save()
action = 'New' if new else 'Edited'
log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
return redirect('reviews.detail', addon_id, review_id)
ctx = dict(review=review, form=form, addon=addon)
ctx.update(flag_context())
return jingo.render(request, 'reviews/reply.html', ctx)
def handle(self, bundle, request, **kwargs):
form = ReceiptForm(bundle.data)
if not form.is_valid():
raise self.form_errors(form)
bundle.obj = form.cleaned_data['app']
# Developers get handled quickly.
if check_ownership(request, bundle.obj, require_owner=False,
ignore_disabled=True, admin=False):
return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER)
# The app must be public and if its a premium app, you
# must have purchased it.
if not bundle.obj.is_public():
log.info('App not public: %s' % bundle.obj.pk)
raise http_error(http.HttpForbidden, 'App not public.')
if (bundle.obj.is_premium() and
not bundle.obj.has_purchased(request.amo_user)):
# Apps that are premium but have no charge will get an
# automatic purchase record created. This will ensure that
# the receipt will work into the future if the price changes.
if bundle.obj.premium and not bundle.obj.premium.has_price():
log.info('Create purchase record: {0}'.format(bundle.obj.pk))
AddonPurchase.objects.get_or_create(addon=bundle.obj,
user=request.amo_user, type=CONTRIB_NO_CHARGE)
else:
log.info('App not purchased: %s' % bundle.obj.pk)
raise http_error(HttpPaymentRequired, 'You have not purchased this app.')
# Anonymous users will fall through, they don't need anything else
# handling.
if request.user.is_authenticated():
return self.record(bundle, request, apps.INSTALL_TYPE_USER)
def install_type(request, app):
if check_ownership(request, app, require_owner=False,
ignore_disabled=True, admin=False):
return INSTALL_TYPE_DEVELOPER
return INSTALL_TYPE_USER