def setup_viewer(request, file_obj): data = { 'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': '' } if (acl.check_addons_reviewer(request) or acl.check_addon_ownership( request, file_obj.version.addon, viewer=True, ignore_disabled=True)): data['validate_url'] = reverse( 'devhub.json_file_validation', args=[file_obj.version.addon.slug, file_obj.id]) if acl.check_addons_reviewer(request): data['file_link'] = { 'text': _('Back to review'), 'url': reverse('editors.review', args=[data['addon'].slug]) } else: data['file_link'] = { 'text': _('Back to addon'), 'url': reverse('addons.detail', args=[data['addon'].pk]) } return data
def setup_viewer(request, file_obj): data = {'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': ''} if (acl.check_addons_reviewer(request) or acl.check_addon_ownership(request, file_obj.version.addon, viewer=True, ignore_disabled=True)): addon = file_obj.version.addon data['validate_url'] = reverse('devhub.json_file_validation', args=[addon.slug, file_obj.id]) if acl.check_addons_reviewer(request): data['annotate_url'] = reverse('devhub.annotate_file_validation', args=[addon.slug, file_obj.id]) data['automated_signing'] = file_obj.automated_signing if file_obj.has_been_validated: data['validation_data'] = file_obj.validation.processed_validation if acl.check_addons_reviewer(request): data['file_link'] = {'text': _('Back to review'), 'url': reverse('editors.review', args=[data['addon'].slug])} else: data['file_link'] = {'text': _('Back to addon'), 'url': reverse('addons.detail', args=[data['addon'].pk])} return data
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) # General case: addon is listed. if addon.is_listed: if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership( request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile( request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() else: if not owner_or_unlisted_reviewer(request, addon): raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) # General case: addon is listed. if addon.is_listed: if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile( request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() else: if not owner_or_unlisted_reviewer(request, addon): raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile(request, file.guarded_file_path, content_type='application/x-xpinstall') log.info(u'download file {file_id}: addon/file disabled or user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404() if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)): log.info(u'download file {file_id}: addon is unlisted but user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def allowed(request, file): allowed = acl.check_addons_reviewer(request) if not allowed: try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 if addon.view_source and addon.status in amo.REVIEWED_STATUSES: allowed = True else: allowed = acl.check_addon_ownership(request, addon, viewer=True, dev=True) if not allowed: raise PermissionDenied return True
def allowed(request, file): allowed = acl.check_addons_reviewer(request) if not allowed: try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 if addon.view_source and addon.status in amo.REVIEWED_STATUSES: allowed = True else: allowed = acl.check_addon_ownership(request, addon, viewer=True, dev=True) if not allowed: raise PermissionDenied return True
def allowed(request, file): try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 # General case: addon is listed. if addon.is_listed: if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or acl.check_addons_reviewer(request) or acl.check_addon_ownership(request, addon, viewer=True, dev=True)): return True # Public and sources are visible, or reviewer. raise PermissionDenied # Listed but not allowed. # Not listed? Needs an owner or an "unlisted" admin. else: if owner_or_unlisted_reviewer(request, addon): return True raise http.Http404 # Not listed, not owner or admin.
def allowed(request, file): try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 # General case: addon is listed. if addon.is_listed: if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or acl.check_addons_reviewer(request) or acl.check_addon_ownership( request, addon, viewer=True, dev=True)): return True # Public and sources are visible, or reviewer. raise PermissionDenied # Listed but not allowed. # Not listed? Needs an owner or an "unlisted" admin. else: if owner_or_unlisted_reviewer(request, addon): return True raise http.Http404 # Not listed, not owner or admin.
def wrapper(request, *args, **kw): if _view_on_get(request) or acl.check_addons_reviewer(request): return f(request, *args, **kw) raise PermissionDenied
def wrapper(request, *args, **kw): if _view_on_get(request) or acl.check_addons_reviewer(request): return f(request, *args, **kw) raise PermissionDenied
def global_settings(request): """ Storing standard AMO-wide information used in global headers, such as account links and settings. """ account_links = [] tools_links = [] context = {} tools_title = _('Tools') is_reviewer = False if request.user.is_authenticated(): amo_user = request.amo_user profile = request.user is_reviewer = (acl.check_addons_reviewer(request) or acl.check_personas_reviewer(request)) account_links.append({ 'text': _('My Profile'), 'href': profile.get_url_path() }) if amo_user.is_artist: account_links.append({ 'text': _('My Themes'), 'href': profile.get_user_url('themes') }) account_links.append({ 'text': _('Account Settings'), 'href': reverse('users.edit') }) account_links.append({ 'text': _('My Collections'), 'href': reverse('collections.user', args=[amo_user.username]) }) if amo_user.favorite_addons: account_links.append({ 'text': _('My Favorites'), 'href': reverse('collections.detail', args=[amo_user.username, 'favorites']) }) account_links.append({ 'text': _('Log out'), 'href': remora_url('/users/logout?to=' + urlquote(request.path)), }) if request.amo_user.is_developer: tools_links.append({ 'text': _('Manage My Submissions'), 'href': reverse('devhub.addons') }) tools_links += [ { 'text': _('Submit a New Add-on'), 'href': reverse('devhub.submit.1') }, { 'text': _('Submit a New Theme'), 'href': reverse('devhub.themes.submit') }, { 'text': _('Developer Hub'), 'href': reverse('devhub.index') }, ] if is_reviewer: tools_links.append({ 'text': _('Editor Tools'), 'href': reverse('editors.home') }) if acl.action_allowed(request, 'L10nTools', 'View'): tools_links.append({ 'text': _('Localizer Tools'), 'href': '/localizers' }) if (acl.action_allowed(request, 'Admin', '%') or acl.action_allowed(request, 'AdminTools', 'View')): tools_links.append({ 'text': _('Admin Tools'), 'href': reverse('zadmin.home') }) context['amo_user'] = request.amo_user else: context['amo_user'] = AnonymousUser() context.update({ 'account_links': account_links, 'settings': settings, 'amo': amo, 'tools_links': tools_links, 'tools_title': tools_title, 'ADMIN_MESSAGE': get_config('site_notice'), 'collect_timings_percent': get_collect_timings(), 'is_reviewer': is_reviewer }) return context
def global_settings(request): """ Storing standard AMO-wide information used in global headers, such as account links and settings. """ account_links = [] tools_links = [] context = {} tools_title = _('Tools') is_reviewer = False if request.user.is_authenticated(): amo_user = request.amo_user profile = request.user is_reviewer = (acl.check_addons_reviewer(request) or acl.check_personas_reviewer(request)) account_links.append({'text': _('My Profile'), 'href': profile.get_url_path()}) if amo_user.is_artist: account_links.append({'text': _('My Themes'), 'href': profile.get_user_url('themes')}) account_links.append({'text': _('Account Settings'), 'href': reverse('users.edit')}) account_links.append({ 'text': _('My Collections'), 'href': reverse('collections.user', args=[amo_user.username])}) if amo_user.favorite_addons: account_links.append( {'text': _('My Favorites'), 'href': reverse('collections.detail', args=[amo_user.username, 'favorites'])}) account_links.append({ 'text': _('Log out'), 'href': reverse('users.logout') + '?to=' + urlquote(request.path), }) if request.amo_user.is_developer: tools_links.append({'text': _('Manage My Submissions'), 'href': reverse('devhub.addons')}) links = [ {'text': _('Submit a New Add-on'), 'href': reverse('devhub.submit.1')}, {'text': _('Submit a New Theme'), 'href': reverse('devhub.themes.submit')}, {'text': _('Developer Hub'), 'href': reverse('devhub.index')}, ] if waffle.switch_is_active('signing-api'): links.append({'text': _('Manage API Keys'), 'href': reverse('devhub.api_key')}) tools_links += links if is_reviewer: tools_links.append({'text': _('Editor Tools'), 'href': reverse('editors.home')}) if acl.action_allowed(request, 'L10nTools', 'View'): tools_links.append({'text': _('Localizer Tools'), 'href': '/localizers'}) if (acl.action_allowed(request, 'Admin', '%') or acl.action_allowed(request, 'AdminTools', 'View')): tools_links.append({'text': _('Admin Tools'), 'href': reverse('zadmin.home')}) context['amo_user'] = request.amo_user else: context['amo_user'] = AnonymousUser() context.update({'account_links': account_links, 'settings': settings, 'amo': amo, 'tools_links': tools_links, 'tools_title': tools_title, 'ADMIN_MESSAGE': get_config('site_notice'), 'collect_timings_percent': get_collect_timings(), 'is_reviewer': is_reviewer}) return context
def global_settings(request): """ Storing standard AMO-wide information used in global headers, such as account links and settings. """ account_links = [] tools_links = [] context = {} tools_title = _("Tools") is_reviewer = False if request.user.is_authenticated(): user = request.user profile = request.user is_reviewer = acl.check_addons_reviewer(request) or acl.check_personas_reviewer(request) account_links.append({"text": _("My Profile"), "href": profile.get_url_path()}) if user.is_artist: account_links.append({"text": _("My Themes"), "href": profile.get_user_url("themes")}) account_links.append({"text": _("Account Settings"), "href": reverse("users.edit")}) account_links.append({"text": _("My Collections"), "href": reverse("collections.user", args=[user.username])}) if user.favorite_addons: account_links.append( {"text": _("My Favorites"), "href": reverse("collections.detail", args=[user.username, "favorites"])} ) account_links.append({"text": _("Log out"), "href": reverse("users.logout") + "?to=" + urlquote(request.path)}) if request.user.is_developer: tools_links.append({"text": _("Manage My Submissions"), "href": reverse("devhub.addons")}) links = [ {"text": _("Submit a New Add-on"), "href": reverse("devhub.submit.1")}, {"text": _("Submit a New Theme"), "href": reverse("devhub.themes.submit")}, {"text": _("Developer Hub"), "href": reverse("devhub.index")}, ] if waffle.switch_is_active("signing-api"): links.append({"text": _("Manage API Keys"), "href": reverse("devhub.api_key")}) tools_links += links if is_reviewer: tools_links.append({"text": _("Editor Tools"), "href": reverse("editors.home")}) if acl.action_allowed(request, "L10nTools", "View"): tools_links.append({"text": _("Localizer Tools"), "href": "/localizers"}) if acl.action_allowed(request, "Admin", "%") or acl.action_allowed(request, "AdminTools", "View"): tools_links.append({"text": _("Admin Tools"), "href": reverse("zadmin.home")}) context["user"] = request.user else: context["user"] = AnonymousUser() context.update( { "account_links": account_links, "settings": settings, "amo": amo, "tools_links": tools_links, "tools_title": tools_title, "ADMIN_MESSAGE": get_config("site_notice"), "is_reviewer": is_reviewer, } ) return context