def wrapper(request, addon, *args, **kw): from devhub.views import _resume if theme: kw['theme'] = addon.is_persona() elif addon.is_persona(): # Don't allow theme views if theme not passed in. raise http.Http404 fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.is_editor(request, addon): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() raise PermissionDenied
def wrapper(request, addon, *args, **kw): from devhub.views import _resume if theme: kw['theme'] = addon.is_persona() elif addon.is_persona(): # Don't allow theme views if theme not passed in. raise http.Http404 fun = lambda: f( request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.is_editor(request, addon): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() raise PermissionDenied
def user_can_delete_review(request, review): """Return whether or not the request.user can delete reviews. People who can delete reviews: * The original review author. * Editors, but only if they aren't listed as an author of the add-on. * Users in a group with "Users:Edit" privileges. * Users in a group with "Addons:Edit" privileges. Persona editors can't delete addons reviews. """ is_author = review.addon.has_author(request.user) return (review.user_id == request.user.id or not is_author and (acl.is_editor(request, review.addon) or acl.action_allowed(request, 'Users', 'Edit') or acl.action_allowed(request, 'Addons', 'Edit')))
def user_can_delete_review(request, review): """Return whether or not the request.user can delete reviews. People who can delete reviews: * The original review author. * Editors, but only if they aren't listed as an author of the add-on. * Users in a group with "Users:Edit" privileges. * Users in a group with "Addons:Edit" privileges. Persona editors can't delete addons reviews. """ is_author = review.addon.has_author(request.user) return ( review.user_id == request.user.id or not is_author and ( acl.is_editor(request, review.addon) or acl.action_allowed(request, 'Users', 'Edit') or acl.action_allowed(request, 'Addons', 'Edit')))
def review_list(request, addon, review_id=None, user_id=None, template=None): q = (Review.objects.valid().filter(addon=addon).order_by('-created')) ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review q = q.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' q = q.filter(user=user_id) if not q: raise http.Http404() else: ctx['page'] = 'list' q = q.filter(is_latest=True) ctx['reviews'] = reviews = amo.utils.paginate(request, q) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.is_editor(request, addon), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return render(request, template, ctx)
def review_list(request, addon, review_id=None, user_id=None, template=None): q = (Review.objects.valid().filter(addon=addon) .order_by('-created')) ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review q = q.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' q = q.filter(user=user_id) if not q: raise http.Http404() else: ctx['page'] = 'list' q = q.filter(is_latest=True) ctx['reviews'] = reviews = amo.utils.paginate(request, q) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.is_editor(request, addon), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return render(request, template, ctx)