def __call__(self, request):
response = self.get_response(request)
app = get_active_app(request)
if app is None:
return response
else:
if not app.enabled:
if request.user.is_staff:
return handler_404(
request, PermissionDenied,
"This app is disabled. A user with admin permissions "
"can enable this app from the app settings page.")
else:
return handler_404(request, PermissionDenied)
elif user_can_access_app(request.user, app):
return response
else:
return handler_404(request, PermissionDenied)
def test_handler_404(self, mock_render):
mock_request = mock.MagicMock()
mock_render.return_value = '404'
context = {'error_code': '404',
'error_title': 'Page Not Found',
'error_message': "We are unable to find the page you requested. Please, check the address and "
"try again.",
'error_image': '/static/tethys_portal/images/error_404.png'}
self.assertEquals('404', handler_404(mock_request))
mock_render.assert_called_once_with(mock_request, 'tethys_portal/error.html', context, status=404)
def test_handler_404(self, mock_render):
mock_request = mock.MagicMock()
mock_render.return_value = '404'
context = {
'error_code':
'404',
'error_title':
'Page Not Found',
'error_message':
"We are unable to find the page you requested. Please, check the address and "
"try again.",
'error_image':
'/static/tethys_portal/images/error_404.png'
}
self.assertEquals('404', handler_404(mock_request))
mock_render.assert_called_once_with(mock_request,
'tethys_portal/error.html',
context,
status=404)
def _wrapped_controller(*args, **kwargs):
# With OR check, we assume the permission test passes upfront
# Find request (varies position if class method is wrapped)
# e.g.: func(request, *args, **kwargs) vs. method(self, request, *args, **kwargs)
request_args_index = None
the_self = None
for index, arg in enumerate(args):
if isinstance(arg, HttpRequest):
request_args_index = index
# Args are everything after the request object
if request_args_index is not None:
request = args[request_args_index]
else:
raise ValueError("No HttpRequest object provided.")
if request_args_index > 0:
the_self = args[0]
args = args[request_args_index + 1:]
# OR Loop
if use_or:
pass_permission_test = False
for perm in perms:
# If any one of the permission evaluates to True, the test passes
if has_permission(request, perm):
pass_permission_test = True
break
# AND Loop
else:
# Assume pass test
pass_permission_test = True
for perm in perms:
# If any one of the permissions evaluates to False, the test fails
if not has_permission(request, perm):
pass_permission_test = False
break
if not pass_permission_test:
if not raise_exception:
# If user is authenticated...
if request.user.is_authenticated:
# User feedback
messages.add_message(request, messages.WARNING,
message)
# Default redirect URL
redirect_url = reverse('app_library')
# If there is a referer (i.e.: we followed a link to get here)
if 'HTTP_REFERER' in request.META:
# Try to redirect to the referer URL
referer = request.META['HTTP_REFERER']
parsed_referer = urlparse(referer)
# But avoid an infinite redirect loop (if referer is self somehow)
if parsed_referer.path != request.path:
# e.g. hostname:port
request_host_parts = request.get_host().split(
':')
# Only attempt redirect if host names are the same
if len(
request_host_parts
) > 0 and parsed_referer.hostname == request_host_parts[
0]:
redirect_url = parsed_referer.path
# Redirect to apps library with message
return redirect(redirect_url)
# If not authenticated...
else:
# User feedback
messages.add_message(
request, messages.INFO,
"You must be logged in to access this feature.")
# Redirect to login page
return redirect(
reverse('accounts:login') + '?next=' +
request.path)
else:
# Return Error 404: Not Found in production to prevent directory enumeration
if not getattr(settings, 'DEBUG', False):
return tethys_portal_error.handler_404(request)
return tethys_portal_error.handler_403(request)
# Call the controller
if the_self is not None:
response = controller_func(the_self, request, *args, **kwargs)
else:
response = controller_func(request, *args, **kwargs)
return response