def authenticate_with_password(request, restriction_id):
"""
Handle a submission of PasswordViewRestrictionForm to grant view access over a
subtree that is protected by a PageViewRestriction
"""
restriction = get_object_or_404(CollectionViewRestriction,
id=restriction_id)
if request.method == 'POST':
form = PasswordViewRestrictionForm(request.POST, instance=restriction)
if form.is_valid():
restriction.mark_as_passed(request)
return redirect(form.cleaned_data['return_url'])
else:
form = PasswordViewRestrictionForm(instance=restriction)
action_url = reverse('wagtaildocs_authenticate_with_password',
args=[restriction.id])
password_required_template = getattr(
settings, 'DOCUMENT_PASSWORD_REQUIRED_TEMPLATE',
'wagtaildocs/password_required.html')
context = {'form': form, 'action_url': action_url}
return TemplateResponse(request, password_required_template, context)
def authenticate_with_password(request, restriction_id):
"""
Handle a submission of PasswordViewRestrictionForm to grant view access over a
subtree that is protected by a PageViewRestriction
"""
restriction = get_object_or_404(CollectionViewRestriction, id=restriction_id)
if request.method == 'POST':
form = PasswordViewRestrictionForm(request.POST, instance=restriction)
if form.is_valid():
restriction.mark_as_passed(request)
return redirect(form.cleaned_data['return_url'])
else:
form = PasswordViewRestrictionForm(instance=restriction)
action_url = reverse('wagtaildocs_authenticate_with_password', args=[restriction.id])
password_required_template = getattr(settings, 'DOCUMENT_PASSWORD_REQUIRED_TEMPLATE', 'wagtaildocs/password_required.html')
context = {
'form': form,
'action_url': action_url
}
return TemplateResponse(request, password_required_template, context)
def authenticate_with_password(request, page_view_restriction_id, page_id):
"""
Handle a submission of PasswordViewRestrictionForm to grant view access over a
subtree that is protected by a PageViewRestriction
"""
restriction = get_object_or_404(PageViewRestriction,
id=page_view_restriction_id)
page = get_object_or_404(Page, id=page_id).specific
if request.method == 'POST':
form = PasswordViewRestrictionForm(request.POST, instance=restriction)
if form.is_valid():
return_url = form.cleaned_data['return_url']
if not url_has_allowed_host_and_scheme(
return_url, request.get_host(), request.is_secure()):
return_url = settings.LOGIN_REDIRECT_URL
restriction.mark_as_passed(request)
return redirect(return_url)
else:
form = PasswordViewRestrictionForm(instance=restriction)
action_url = reverse('wagtailcore_authenticate_with_password',
args=[restriction.id, page.id])
return page.serve_password_required_response(request, form, action_url)
def authenticate_with_password(request, restriction_id):
"""
Handle a submission of PasswordViewRestrictionForm to grant view access over a
subtree that is protected by a PageViewRestriction
"""
restriction = get_object_or_404(CollectionViewRestriction,
id=restriction_id)
if request.method == "POST":
form = PasswordViewRestrictionForm(request.POST, instance=restriction)
if form.is_valid():
return_url = form.cleaned_data["return_url"]
if not url_has_allowed_host_and_scheme(
return_url, request.get_host(), request.is_secure()):
return_url = settings.LOGIN_REDIRECT_URL
restriction.mark_as_passed(request)
return redirect(return_url)
else:
form = PasswordViewRestrictionForm(instance=restriction)
action_url = reverse("wagtaildocs_authenticate_with_password",
args=[restriction.id])
password_required_template = getattr(
settings,
"DOCUMENT_PASSWORD_REQUIRED_TEMPLATE",
"wagtaildocs/password_required.html",
)
context = {"form": form, "action_url": action_url}
return TemplateResponse(request, password_required_template, context)
def authenticate_with_password(request, page_view_restriction_id, page_id):
restriction = get_object_or_404(PageViewRestriction, id=page_view_restriction_id)
page = get_object_or_404(Page, id=page_id).specific
if request.method == 'POST':
form = PasswordViewRestrictionForm(request.POST, instance=restriction)
if form.is_valid():
restriction.mark_as_passed(request)
return redirect(form.cleaned_data['return_url'])
else:
form = PasswordViewRestrictionForm(instance=restriction)
action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
return page.serve_password_required_response(request, form, action_url)
def check_view_restrictions(document, request):
"""
Check whether there are any view restrictions on this document which are
not fulfilled by the given request object. If there are, return an
HttpResponse that will notify the user of that restriction (and possibly
include a password / login form that will allow them to proceed). If
there are no such restrictions, return None
"""
for restriction in document.collection.get_view_restrictions():
if not restriction.accept_request(request):
if restriction.restriction_type == BaseViewRestriction.PASSWORD:
from wagtail.core.forms import PasswordViewRestrictionForm
form = PasswordViewRestrictionForm(
instance=restriction,
initial={'return_url': request.get_full_path()})
action_url = reverse('wagtaildocs_authenticate_with_password',
args=[restriction.id])
password_required_template = getattr(
settings, 'DOCUMENT_PASSWORD_REQUIRED_TEMPLATE',
'wagtaildocs/password_required.html')
context = {'form': form, 'action_url': action_url}
return TemplateResponse(request, password_required_template,
context)
elif restriction.restriction_type in [
BaseViewRestriction.LOGIN, BaseViewRestriction.GROUPS
]:
return require_wagtail_login(next=request.get_full_path())
def check_view_restrictions(page, request, serve_args, serve_kwargs):
"""
Check whether there are any view restrictions on this page which are
not fulfilled by the given request object. If there are, return an
HttpResponse that will notify the user of that restriction (and possibly
include a password / login form that will allow them to proceed). If
there are no such restrictions, return None
"""
for restriction in page.get_view_restrictions():
if not restriction.accept_request(request):
if restriction.restriction_type == PageViewRestriction.PASSWORD:
from wagtail.core.forms import PasswordViewRestrictionForm
form = PasswordViewRestrictionForm(
instance=restriction,
initial={"return_url": request.get_full_path()},
)
action_url = reverse(
"wagtailcore_authenticate_with_password",
args=[restriction.id, page.id],
)
return page.serve_password_required_response(request, form, action_url)
elif restriction.restriction_type in [
PageViewRestriction.LOGIN,
PageViewRestriction.GROUPS,
]:
return require_wagtail_login(next=request.get_full_path())
def detail_view(self,
request,
page_view_restriction_id=None,
page_id=None):
restriction = get_object_or_404(PageViewRestriction,
id=page_view_restriction_id)
page = get_object_or_404(Page, id=page_id).specific
post = request.data.copy()
post["return_url"] = "/required_for_validation"
form = PasswordViewRestrictionForm(post, instance=restriction)
if not form.is_valid():
return Response(status=status.HTTP_401_UNAUTHORIZED)
data = page.get_component_data({
"request": request,
})
return Response(data)
