def _wrapped_view(request, *args, **kwargs):
LOGGER.debug("Enters djaoapp.decorators.requires_provider_only")
site = get_current_site()
organization = kwargs.get('organization', None)
if site.db_name:
# We have a separate database so it is OK for a manager
# of the site to access registered ``Organization`` which
# are not subscribed yet.
if _has_valid_access(request, [get_current_broker()],
strength):
return view_func(request, *args, **kwargs)
try:
app = get_current_app()
#pylint:disable=unused-variable
redirect_url, matched, session = check_matched(
request, app, prefixes=DEFAULT_PREFIXES)
if redirect_url:
if isinstance(redirect_url, six.string_types):
return http.HttpResponseRedirect(redirect_url)
raise PermissionDenied()
except NoRuleMatch:
# By default, we are looking for provider.
slug = kwargs.get('charge', organization)
redirect_url = _fail_provider_only(
request,
organization=slug,
roledescription=roledescription,
strength=strength)
if redirect_url:
return redirect_or_denied(request, redirect_url,
redirect_field_name=redirect_field_name,
descr=_("%(auth)s is not a manager of one of"\
" %(organization)s providers.") % {'auth': request.user, 'organization': slug})
return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs):
LOGGER.debug("Enters djaoapp.decorators.requires_self_provider")
site = get_current_site()
if site.db_name:
# We have a separate database so it is OK for a manager
# of the site to access profiles of ``User`` which
# are not subscribed yet.
if _has_valid_access(request, [get_current_broker()],
strength):
return view_func(request, *args, **kwargs)
try:
app = get_current_app()
#pylint:disable=unused-variable
redirect_url, matched, session = check_matched(
request, app, prefixes=DEFAULT_PREFIXES)
if redirect_url:
if isinstance(redirect_url, six.string_types):
return http.HttpResponseRedirect(redirect_url)
raise PermissionDenied()
except NoRuleMatch:
redirect_url = _fail_self_provider(request,
user=kwargs.get(
'user', None),
strength=strength)
if redirect_url:
return redirect_or_denied(request, redirect_url,
redirect_field_name=redirect_field_name,
descr=_("%(auth)s has neither a direct"\
" relation to an organization connected to %(user)s nor a connection to one"\
" of the providers to such organization.") % {
'auth': request.user, 'user': kwargs.get('user', None)})
return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs):
try:
app = get_current_app()
redirect_url, _, _ = check_matched(
request,
app,
prefixes=[
'/api/billing/', '/api/metrics/', '/api/profile/',
'/api/users/', '/billing/', '/metrics/', '/profile/',
'/users/'
])
if redirect_url:
if isinstance(redirect_url, six.string_types):
return http.HttpResponseRedirect(redirect_url)
raise PermissionDenied()
except NoRuleMatch:
slug = kwargs.get('charge', kwargs.get('organization', None))
redirect_url = _fail_direct(request,
organization=slug,
roledescription=roledescription,
strength=strength)
if redirect_url:
return redirect_or_denied(
request,
redirect_url,
redirect_field_name=redirect_field_name,
descr="%(user)s is not a direct manager '\
' of %(organization)s." % {
'user': request.user,
'organization': slug
})
return view_func(request, *args, **kwargs)
def fail_self_provider(request, user=None, roledescription=None):
"""
Same decorator as saas.requires_self_provider with the added permissions
that managers of the site database itself are also able to access
profiles of registered yet unsubscribed ``Organization``.
"""
site = get_current_site()
if site.db_name and site.db_name != DEFAULT_DB_ALIAS:
# We have a separate database so it is OK for a manager
# of the site to access registered ``Organization`` which
# are not subscribed yet.
if _has_valid_access(request, [get_current_broker()]):
return False
try:
app = get_current_app()
#pylint:disable=unused-variable
redirect, matched, session = check_matched(request,
app,
prefixes=DEFAULT_PREFIXES)
except NoRuleMatch:
# By default, we are looking for provider.
redirect = fail_self_provider_default(request,
user=user,
roledescription=roledescription)
return redirect
def _wrapped_view(request, *args, **kwargs):
site = get_current_site()
if site.db_name:
# We have a separate database so it is OK for a manager
# of the site to access profiles of ``User`` which
# are not subscribed yet.
if _has_valid_access(request, [get_current_broker()],
strength):
return view_func(request, *args, **kwargs)
try:
app = get_current_app()
redirect_url, _, _ = check_matched(
request,
app,
prefixes=[
'/api/billing/', '/api/metrics/', '/api/profile/',
'/api/users/', '/billing/', '/metrics/', '/profile/',
'/users/'
])
if redirect_url:
if isinstance(redirect_url, six.string_types):
return http.HttpResponseRedirect(redirect_url)
raise PermissionDenied()
except NoRuleMatch:
if _fail_self_provider(request,
user=kwargs.get('user', None),
strength=strength):
raise PermissionDenied("%(auth)s has neither a direct"\
" relation to an organization connected to %(user)s nor a connection to one"\
"of the providers to such organization." % {
'auth': request.user, 'user': kwargs.get('user', None)})
return view_func(request, *args, **kwargs)
def fail_direct(request, organization=None, roledescription=None):
try:
app = get_current_app()
#pylint:disable=unused-variable
redirect, matched, session = check_matched(request,
app,
prefixes=DEFAULT_PREFIXES)
except NoRuleMatch:
redirect = fail_direct_default(request,
organization=organization,
roledescription=roledescription)
return redirect
def fail_authenticated(request, verification_key=None):
"""
Decorator for views that checks that the user is authenticated.
``django.contrib.auth.decorators.login_required`` will automatically
redirect to the login page. We wante to redirect to the activation
page when required, as well as raise a ``PermissionDenied``
instead when Content-Type is showing we are dealing with an API request.
"""
try:
app = get_current_app()
#pylint:disable=unused-variable
redirect, matched, session = check_matched(request,
app,
prefixes=DEFAULT_PREFIXES)
except NoRuleMatch:
redirect = fail_authenticated_default(request)
if redirect:
if verification_key:
contact = Contact.objects.filter(
Q(email_verification_key=verification_key)
| Q(phone_verification_key=verification_key)).first()
if not contact:
# Not a `Contact`, let's try `Role`.
role_model = get_role_model()
try:
role = role_model.objects.filter(
Q(grant_key=verification_key)
| Q(request_key=verification_key)).get()
contact, _ = Contact.objects.prepare_email_verification(
role.user, role.user.email)
verification_key = contact.email_verification_key
except role_model.DoesNotExist:
pass
if contact and has_invalid_password(contact.user):
redirect = request.build_absolute_uri(
reverse('registration_activate',
args=(verification_key, )))
return redirect
def _wrapped_view(request, *args, **kwargs):
LOGGER.debug("Enters djaoapp.decorators.requires_direct")
try:
app = get_current_app()
#pylint:disable=unused-variable
redirect_url, matched, session = check_matched(request, app,
prefixes=DEFAULT_PREFIXES)
if redirect_url:
if isinstance(redirect_url, six.string_types):
return http.HttpResponseRedirect(redirect_url)
raise PermissionDenied()
except NoRuleMatch:
slug = kwargs.get('charge', kwargs.get('organization', None))
redirect_url = _fail_direct(request, organization=slug,
roledescription=roledescription, strength=strength)
if redirect_url:
return redirect_or_denied(request, redirect_url,
redirect_field_name=redirect_field_name,
descr=_("%(auth)s is not a direct manager"\
" of %(organization)s.") % {'auth': request.user, 'organization': slug})
return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs):
site = get_current_site()
organization = kwargs.get('organization', None)
if site.db_name:
# We have a separate database so it is OK for a manager
# of the site to access registered ``Organization`` which
# are not subscribed yet.
if _has_valid_access(request, [get_current_broker()],
strength):
return view_func(request, *args, **kwargs)
try:
app = get_current_app()
redirect_url, _, _ = check_matched(
request,
app,
prefixes=[
'/api/billing/', '/api/metrics/', '/api/profile/',
'/api/users/', '/billing/', '/metrics/', '/profile/',
'/users/'
])
if redirect_url:
if isinstance(redirect_url, six.string_types):
return http.HttpResponseRedirect(redirect_url)
raise PermissionDenied()
except NoRuleMatch:
# By default, we are looking for provider.
slug = kwargs.get('charge', organization)
redirect_url = _fail_provider_only(
request,
organization=slug,
roledescription=roledescription,
strength=strength)
if redirect_url:
return redirect_or_denied(request, redirect_url,
"%(user)s is not a manager of one of"\
" %(slug)s providers." % {'user': request.user, 'slug': slug})
return view_func(request, *args, **kwargs)
