def bad_end_page_create(request, bad_end_name):
if not bad_end_name:
raise Http404(ANNOUNCE_FOR_NOT_FOUND)
if 'initial_setting_data' not in request.session:
return permission_denied(request, ANNOUNCE_FOR_FORBIDDEN_PAGE)
if bad_end_name not in bad_end_detail_dict:
raise Http404(ANNOUNCE_FOR_NOT_FOUND)
bad_end_detail = bad_end_detail_dict[bad_end_name]
if 'route_flag' not in bad_end_detail:
raise Http404(ANNOUNCE_FOR_NOT_FOUND)
# 表示許可のチェック
if not bad_end_detail[
'route_flag'] != '' and 'min_route_progress' in bad_end_detail:
if request.session['initial_setting_data'][
'route_progress'] < bad_end_detail['min_route_progress']:
return permission_denied(request, ANNOUNCE_FOR_FORBIDDEN_PAGE)
else:
if not bad_end_detail['min_state_of_progress']:
raise Http404(ANNOUNCE_FOR_NOT_FOUND)
if request.session['initial_setting_data'][
'state_of_progress'] < bad_end_detail['min_state_of_progress']:
return permission_denied(request, ANNOUNCE_FOR_FORBIDDEN_PAGE)
# セッションの編集
if request.session['initial_setting_data']['route_flag'] == '':
request.session['initial_setting_data']['route_flag'] = bad_end_name
# contextを作成
data = {
'main_character_name':
request.session['initial_setting_data']['main_character_name'],
'special_move':
request.session['initial_setting_data']['special_move'],
'job_after':
request.session['initial_setting_data']['job_after'],
'state_of_progress':
request.session['initial_setting_data']['state_of_progress'],
'route_flag':
request.session['initial_setting_data']['route_flag'],
'route_progress':
request.session['initial_setting_data']['route_progress'],
}
ctx = {'data': data, 'bad_end_detail': bad_end_detail}
# template名を編集
template_name = 'bad_end_' + bad_end_name + '.html'
page_exist = True
try:
return render(request, 'base_app/text_part/' + template_name, ctx)
except TemplateDoesNotExist:
page_exist = False
raise Http404(ANNOUNCE_FOR_NOT_FOUND)
finally:
if page_exist:
# 変更を確定
# ※ https://djangoproject.jp/doc/ja/1.0/topics/http/sessions.html#id11
request.session.modified = True
def add_rfc(request, rfc_to_edit=None):
c = tools.default_context(request)
if not tools.has_access(request, "managers"):
return permission_denied(request)
new_rfc = None
c['title'] = "Add RFC"
c['new_added'] = True
c['oper_our'] = Operator.objects.filter(isDirect=True).order_by('fineName')
c['oper_foreign'] = Operator.objects.all().order_by('fineName')
# c['priorities'] = dict(ChangeRequest.PRIO_CHOICE)
if request.method == "POST":
_author = request.user
_dt = tools.date_parse_input(request.POST['rfc_date']).date()
if _dt < date.today():
return permission_denied(request)
_comments = request.POST['comments']
_prio = request.POST['prio']
_peer_hub = request.POST['peer_hub']
_oper_our = request.POST['oper_our']
_oper_foreign = request.POST['oper_foreign']
_towards = request.POST['towards']
_backwards = request.POST['backwards']
new_rfc = ChangeRequest(
author=_author,
dt=_dt,
comments=_comments,
prio=_prio,
peer_hub=_peer_hub,
oper_our=Operator.objects.get(_id=int(_oper_our)),
oper_foreign=Operator.objects.get(_id=int(_oper_foreign)),
direction=1 * int(_towards) + 2 * int(_backwards),
)
new_rfc.save()
logger.log_action(user=_author, action=logger.ACTION_ADD_RFC, rfc=new_rfc)
c['saved'] = "Saved: " + new_rfc.__str__()
c['link'] = new_rfc.id
c['new_added'] = False
c['peer_hub'] = _peer_hub
c['oper_our_previous'] = Operator.objects.get(_id=int(_oper_our))
c['oper_foreign_previous'] = Operator.objects.get(_id=int(_oper_foreign))
c['towards'] = int(_towards)
c['backwards'] = int(_backwards)
c['override'] = override.find_overriden(new_rfc)
if rfc_to_edit is not None:
# then delete old RFC and create another
c['title'] = "Edit RFC"
c['rfc_date'] = rfc_to_edit.dt
c['oper_our_previous'] = rfc_to_edit.oper_our
c['oper_foreign_previous'] = rfc_to_edit.oper_foreign
c['peer_hub'] = rfc_to_edit.peer_hub
c['comments'] = rfc_to_edit.comments
c['backwards'] = rfc_to_edit.direction // 2
c['towards'] = rfc_to_edit.direction % 2
c['new_added'] = False
rfc_to_edit.delete()
if isinstance(new_rfc, ChangeRequest):
return redirect('/detail/' + str(new_rfc.id))
return render_to_response('addRFC.html', c)
def moveout_unit_memo_add(request, unit_lease_id):
request.session["entity"] = "moveout_unit_memos"
# Check only if the unit truly exists
if unit_lease_id:
try:
UnitLeaseHistory.objects.get(id=unit_lease_id)
except UnitLeaseHistory.DoesNotExist:
return page_not_found(request)
if request.method == "POST":
form = PostMoveOutUnitMemoForm(request.POST)
if form.is_valid():
# Assure that the tenant will be added into the current property
if form.instance.property == request.session["property"]:
if form.instance.unit_lease:
form.instance.unit = form.instance.unit_lease.unit
form.instance.created_by = request.user.username
form.save()
return redirect("opmarchive.views.moveout_unit_memos")
else:
return permission_denied(request)
else:
form = PostMoveOutUnitMemoForm(
initial={"property": request.session.get("property", None), "unit_lease": unit_lease_id}
)
return render_to_response(
"archive/moveout_unit_memos/moveout_unit_memo.html", {"form": form}, context_instance=RequestContext(request)
)
def process_response(self, request, response):
storage = get_messages(request)
for message in storage:
pass
if isinstance(response, HttpResponseForbidden):
return permission_denied(request, 'error')
return response
def process_view(self, request, view_func, view_args, view_kwargs):
if view_func == login or view_func == logout:
return None
if view_func == cas_login:
return cas_login(request, *view_args, **view_kwargs)
elif view_func == cas_logout:
return cas_logout(request, *view_args, **view_kwargs)
if settings.CAS_ADMIN_PREFIX:
if not request.path.startswith(settings.CAS_ADMIN_PREFIX):
return None
elif not view_func.__module__.startswith('django.contrib.admin.'):
return None
if request.user.is_authenticated:
if request.user.has_perm('wagtailadmin.access_admin'):
"""
Implemented using wagtails permissions model
https://github.com/torchbox/wagtail/blob/master/wagtail/wagtailadmin/views/account.py#L112 # noqa
"""
return None
else:
return permission_denied(request, 'error')
return super(MoloCASMiddleware, self).process_view(
request, view_func, view_args, view_kwargs)
def get_403_page(request):
'''Controller returns the 403 error.'''
return permission_denied(
request,
PermissionDenied("error 403"),
"../templates/page403/403.html",
)
def process_view(self, request, view_func, view_args, view_kwargs):
logout = LogoutView.as_view().__name__
is_logout = view_func.__name__ == logout
is_login = view_func.__name__ == LoginView.as_view().__name__
if is_login or is_logout:
return None
if view_func.__name__ == CasLogin.__name__:
return CasLogin(request, *view_args, **view_kwargs)
elif is_logout:
return CasLogout.as_view(request, *view_args, **view_kwargs)
if settings.CAS_ADMIN_PREFIX:
if not request.path.startswith(settings.CAS_ADMIN_PREFIX):
return None
elif not view_func.__module__.startswith('django.contrib.admin.'):
return None
if request.user.is_authenticated:
if request.user.has_perm('wagtailadmin.access_admin'):
"""
Implemented using wagtails permissions model
https://github.com/torchbox/wagtail/blob/master/wagtail/wagtailadmin/views/account.py#L112 # noqa
"""
return None
else:
return permission_denied(request, HttpResponseForbidden)
return super(MoloCASMiddleware, self).process_view(
request, view_func, view_args, view_kwargs)
def dispatch(self, request, *args, **kwargs):
if request.user.is_authenticated:
template_name = settings.TEMPLATE_403_PAGE
return permission_denied(request,
MustBeLoggedOutException,
template_name=template_name)
return super(LoggedOutMixin, self).dispatch(request, *args, **kwargs)
def process_response(self, request, response):
storage = get_messages(request)
for message in storage:
pass
if isinstance(response, HttpResponseForbidden):
return permission_denied(request, HttpResponseForbidden)
return response
def handle_no_permission(self, request, *args, **kwargs):
if self.raise_exception:
raise PermissionDenied(self.get_permission_denied_message())
return permission_denied(
request,
"403: you're not authorized to access this app",
template_name='home/403.html')
def rfc_reject(request, id):
if not tools.has_access(request, "tech team"):
return permission_denied(request)
rfc = ChangeRequest.objects.get(id=id)
rfc.cur_state = 5
rfc.save()
logger.log_action(request.user, rfc, logger.ACTION_REJECT)
return redirect('/detail/' + id + '/')
def edit_avatar(request):
profile = request.user.get_profile()
if not profile.picture:
return permission_denied(request)
return render(request, "users/edit_avatar.haml",
{'picture': profile.picture,
'form': UserAvatarForm(instance=profile),
})
def raise_permission_denied_exception(request=None, exception=None):
if exception is not None:
assert request is None
return defaults.permission_denied(request, exception)
exception = PermissionDenied(message=_(
'You do not the necessary permission to access this page ({0:s}). Apologies for '
'the inconvenience.').format(request.get_full_path()), )
return exception.render(request)
def render_403(request, exception=None):
"""
Render the permission_denied template unless it's a ratelimit exception in which case use the rate limit template.
"""
if isinstance(exception, Ratelimited):
return render_429(request, exception)
return permission_denied(request, exception)
def forbidden(request):
"""
Custom 403 handler.
"""
if request.path.startswith('/api/'):
return HttpResponseForbidden('You do not have permission to access this resource',
content_type='application/json')
return defaults.permission_denied(request)
def get(self, request, *args, **kwargs):
self.object = self.get_object()
if self.request.user != self.object.owner:
return permission_denied(
self.request,
exception=
"Only creator of this object can update/delete the object.")
return self.render_to_response(self.get_context_data())
def rfc_confirm(request, id):
if not tools.has_access(request, ["managers", "tech team"]):
return permission_denied(request)
_rfc = ChangeRequest.objects.get(id=id)
_rfc.cur_state = 2
logger.log_action(user=request.user, action=logger.ACTION_CONFIRM_TRAFFIC, rfc=_rfc)
_rfc.save()
return redirect('/detail/' + id + '/')
def rfc_reject(request, id):
if not tools.has_access(request, "tech team"):
return permission_denied(request)
rfc = ChangeRequest.objects.get(id=id)
rfc.cur_state = 5
rfc.save()
logger.log_action(request.user, rfc, logger.ACTION_REJECT)
return redirect('/detail/' + id + '/')
def rfc_apply(request, id):
if not tools.has_access(request, "tech team"):
return permission_denied(request)
_rfc = ChangeRequest.objects.get(id=id)
if _rfc.cur_state == 0:
_rfc.cur_state = 1
logger.log_action(user=request.user, action=logger.ACTION_CONFIRM_ROUTE, rfc=_rfc)
_rfc.save()
return redirect('/detail/' + id + '/')
def test_custom_templates_wrong(self):
"""
Default error views should raise TemplateDoesNotExist when passed a
template that doesn't exist.
"""
request = self.request_factory.get('/')
with self.assertRaises(TemplateDoesNotExist):
bad_request(request, Exception(), template_name='nonexistent')
with self.assertRaises(TemplateDoesNotExist):
permission_denied(request, Exception(), template_name='nonexistent')
with self.assertRaises(TemplateDoesNotExist):
page_not_found(request, Http404(), template_name='nonexistent')
with self.assertRaises(TemplateDoesNotExist):
server_error(request, template_name='nonexistent')
def json_permission_denied(request, exception, *args, **kwargs):
"""Override 403 error to return a JSON Error"""
if not is_api_request(request):
return permission_denied(request, exception, *args, **kwargs)
context = {
"request_path": quote(request.path),
"exception": get_exception_message(exception),
}
return Response(context, status=status.HTTP_403_FORBIDDEN)
def handler403(request):
"""
custom 403 view
:param request:
:return:
"""
return permission_denied(request,
Exception(),
template_name='base/403.html')
def account_lead(request, ruri):
if not auth(request):
return permission_denied(request)
if request.method == "GET":
if not request.user.has_perm('travelapp.view_account'):
return permission_denied(request)
if not ruri or ruri == '/':
res = serializers.serialize('json', Account.objects.all())
else:
res = None
acc = Account.objects.filter(resource_uri=ruri)
if len(acc) != 0:
res = serializers.serialize('json', acc)
else:
d = {'err_code':ERR_CODE["ERR_INVALID_URI"],\
'message':'resource_uri no correct.'}
res = simplejson.dumps(d)
return HttpResponse(res)
elif request.method == "POST":
if not request.user.has_perm('travelapp.add_account'):
return permission_denied(request)
if ruri and ruri != '/':
d = {'err_code':ERR_CODE["ERR_INVALID_URI"],\
'message':'Not correct URI for POST request.'}
else:
form = AccountForm(request.POST)
if form.is_valid():
# Assure that the tenant will be added into the current property
form.save()
d = {'message':'OK'}
else:
d = {'err_code':ERR_CODE["ERR_INVALID_PARAM"],\
'message':'Some fields are not valid.'}
d.update(form.errors)
res = simplejson.dumps(d)
return HttpResponse(res)
def rfc_confirm(request, id):
if not tools.has_access(request, ["managers", "tech team"]):
return permission_denied(request)
_rfc = ChangeRequest.objects.get(id=id)
_rfc.cur_state = 2
logger.log_action(user=request.user,
action=logger.ACTION_CONFIRM_TRAFFIC,
rfc=_rfc)
_rfc.save()
return redirect('/detail/' + id + '/')
def permission_denied_403_custom(
request,
exception,
template_name='core/403.html'
):
return defaults.permission_denied(
request=request,
exception=exception,
template_name=template_name
)
def account_lead(request, ruri):
if not auth(request):
return permission_denied(request)
if request.method == "GET":
if not request.user.has_perm('travelapp.view_account'):
return permission_denied(request)
if not ruri or ruri == '/':
res = serializers.serialize('json', Account.objects.all())
else:
res = None
acc = Account.objects.filter(resource_uri=ruri)
if len(acc) != 0:
res = serializers.serialize('json', acc)
else:
d = {'err_code':ERR_CODE["ERR_INVALID_URI"],\
'message':'resource_uri no correct.'}
res = simplejson.dumps(d)
return HttpResponse(res)
elif request.method == "POST":
if not request.user.has_perm('travelapp.add_account'):
return permission_denied(request)
if ruri and ruri != '/':
d = {'err_code':ERR_CODE["ERR_INVALID_URI"],\
'message':'Not correct URI for POST request.'}
else:
form = AccountForm(request.POST)
if form.is_valid():
# Assure that the tenant will be added into the current property
form.save()
d = {'message': 'OK'}
else:
d = {'err_code':ERR_CODE["ERR_INVALID_PARAM"],\
'message':'Some fields are not valid.'}
d.update(form.errors)
res = simplejson.dumps(d)
return HttpResponse(res)
def oper_sync(request):
c = tools.default_context(request)
if not tools.has_access(request, "tech team"):
return permission_denied(request)
c['title'] = "Manage Operators"
if request.method == "POST":
c['result'] = sync.sync()[1]
logger.log_action(request.user, action=logger.ACTION_SYNC_OPERATORS)
c['opers'] = Operator.objects.all()
return render_to_response('sync.html', c)
def rfc_delete(request, id):
try:
_rfc = ChangeRequest.objects.get(id=id)
except ChangeRequest.DoesNotExist:
return page_not_found(request)
if not (tools.has_access(request, ["managers"]) and _rfc.cur_state == 0):
return permission_denied(request)
logger.log_action(user=request.user, action=logger.ACTION_REMOVE_RFC, rfc=_rfc)
_rfc.delete()
return redirect('/list/')
def oper_sync(request):
c = tools.default_context(request)
if not tools.has_access(request, "tech team"):
return permission_denied(request)
c['title'] = "Manage Operators"
if request.method == "POST":
c['result'] = sync.sync()[1]
logger.log_action(request.user, action=logger.ACTION_SYNC_OPERATORS)
c['opers'] = Operator.objects.all()
return render_to_response('sync.html', c)
def test_custom_templates_wrong(self):
"""
Default error views should raise TemplateDoesNotExist when passed a
template that doesn't exist.
"""
rf = RequestFactory()
request = rf.get('/')
with self.assertRaises(TemplateDoesNotExist):
bad_request(request, Exception(), template_name='nonexistent')
with self.assertRaises(TemplateDoesNotExist):
permission_denied(request, Exception(), template_name='nonexistent')
with self.assertRaises(TemplateDoesNotExist):
page_not_found(request, Http404(), template_name='nonexistent')
with self.assertRaises(TemplateDoesNotExist):
server_error(request, template_name='nonexistent')
def page_create(request, page_num):
if not page_num:
return permission_denied(request, ANNOUNCE_FOR_FORBIDDEN_PAGE)
elif 'initial_setting_data' not in request.session:
return permission_denied(request, ANNOUNCE_FOR_FORBIDDEN_PAGE)
elif request.session['initial_setting_data']['state_of_progress'] < (
page_num - 1):
return permission_denied(request, ANNOUNCE_FOR_FORBIDDEN_PAGE)
# セッションの編集
# ルートの初期化
if request.session['initial_setting_data']['route_flag'] != '':
request.session['initial_setting_data']['route_flag'] = ''
# 進行度を調整
request.session['initial_setting_data']['state_of_progress'] = page_num
# contextを作成
data = {
'main_character_name':
request.session['initial_setting_data']['main_character_name'],
'special_move':
request.session['initial_setting_data']['special_move'],
'job_after':
request.session['initial_setting_data']['job_after'],
'state_of_progress':
request.session['initial_setting_data']['state_of_progress'],
}
ctx = {'data': data}
# template名を編集
template_name = 'common_part_' + str(page_num) + '.html'
page_exist = True
try:
return render(request, 'base_app/text_part/' + template_name, ctx)
except TemplateDoesNotExist:
page_exist = False
raise Http404(ANNOUNCE_FOR_NOT_FOUND)
finally:
if page_exist:
# 変更を確定
# ※ https://djangoproject.jp/doc/ja/1.0/topics/http/sessions.html#id11
request.session.modified = True
def rfc_apply(request, id):
if not tools.has_access(request, "tech team"):
return permission_denied(request)
_rfc = ChangeRequest.objects.get(id=id)
if _rfc.cur_state == 0:
_rfc.cur_state = 1
logger.log_action(user=request.user,
action=logger.ACTION_CONFIRM_ROUTE,
rfc=_rfc)
_rfc.save()
return redirect('/detail/' + id + '/')
def untrack_rfc(request, id):
if not tools.has_access(request, "tech team"):
return permission_denied(request)
rfc = ChangeRequest.objects.get(id=id)
trackers = Tracker.objects.filter(rfc=rfc)
rfc.cur_state = 3
rfc.save(force_update=True)
for tracker in trackers:
tracker.delete()
logger.log_action(request.user, rfc, logger.ACTION_MARK_UNTRACKABLE)
return redirect('/detail/' + id + '/')
def mailing_list(request, ruri):
if not auth(request):
return permission_denied(request)
if not request.user.has_perm('travelapp.view_mailing_list'):
return permission_denied(request)
if request.method == 'GET':
if not ruri or ruri == '/':
res = serializers.serialize('json', MailingList.objects.all())
else:
res = None
acc = MailingList.objects.filter(resource_uri=ruri)
if len(acc) != 0:
res = serializers.serialize('json', acc)
else:
d = {'err_code':ERR_CODE["ERR_INVALID_URI"],\
'message':'resource_uri no correct.'}
res = simplejson.dumps(d)
return HttpResponse(res)
def dispatch(self, request, *args, **kwargs):
project = get_object_or_404(models.Project, pk=self.kwargs["pk"])
# Need to check against AnonymousUser to not break LoginRequiredMixin
if request.user != project.user and request.user != AnonymousUser():
raise Http404()
# Check whether the project is an action project
if project.name == models.ACTION_PROJECT_NAME:
return permission_denied(request, None)
return super(DeleteProjectView, self).dispatch(request, *args, **kwargs)
def untrack_rfc(request, id):
if not tools.has_access(request, "tech team"):
return permission_denied(request)
rfc = ChangeRequest.objects.get(id=id)
trackers = Tracker.objects.filter(rfc=rfc)
rfc.cur_state = 3
rfc.save(force_update=True)
for tracker in trackers:
tracker.delete()
logger.log_action(request.user, rfc, logger.ACTION_MARK_UNTRACKABLE)
return redirect('/detail/' + id + '/')
def tenant_delete(request, tid):
request.session["entity"] = "tenants"
o = get_object_or_404(Tenant, pk=tid)
if o.property == request.session["property"]:
o.delete()
else:
return permission_denied(request)
return redirect("opmarchive.views.tenants")
def handler_http_403(request, template_name='403.html'):
"""HTTP 403 error handler that understands Accept header"""
accepts = request.META.get('HTTP_ACCEPT', 'text/html')
if 'application/json' in accepts:
return JsonResponse(status=403,
content_type='application/json',
data={'error': 'permission denied'})
if 'text/html' in accepts:
return permission_denied(request, template_name=template_name)
def wrapper(*args, **kwargs):
from django.http.request import HttpRequest
from django.views.defaults import permission_denied
first = args[0]
if isinstance(first, HttpRequest):
request = first
else:
request = args[1]
if has_view_perm(request):
return func(*args, **kwargs)
return permission_denied(request, 'permission denied')
def mailing_list(request, ruri):
if not auth(request):
return permission_denied(request)
if not request.user.has_perm('travelapp.view_mailing_list'):
return permission_denied(request)
if request.method == 'GET':
if not ruri or ruri == '/':
res = serializers.serialize('json', MailingList.objects.all())
else:
res = None
acc = MailingList.objects.filter(resource_uri=ruri)
if len(acc) != 0:
res = serializers.serialize('json', acc)
else:
d = {'err_code':ERR_CODE["ERR_INVALID_URI"],\
'message':'resource_uri no correct.'}
res = simplejson.dumps(d)
return HttpResponse(res)
def rfc_edit(request, id):
c = tools.default_context(request)
c['title'] = "Edit RFC"
try:
_rfc = ChangeRequest.objects.get(id=id)
_rfc_cur_state = _rfc.cur_state
except ChangeRequest.DoesNotExist:
_rfc = None
_rfc_cur_state = 0
if not (tools.has_access(request, ["managers"]) and _rfc_cur_state == 0):
return permission_denied(request)
return add_rfc(request, _rfc)
def rfc_delete(request, id):
try:
_rfc = ChangeRequest.objects.get(id=id)
except ChangeRequest.DoesNotExist:
return page_not_found(request)
if not (tools.has_access(request, ["managers"]) and _rfc.cur_state == 0):
return permission_denied(request)
logger.log_action(user=request.user,
action=logger.ACTION_REMOVE_RFC,
rfc=_rfc)
_rfc.delete()
return redirect('/list/')
def rfc_edit(request, id):
c = tools.default_context(request)
c['title'] = "Edit RFC"
try:
_rfc = ChangeRequest.objects.get(id=id)
_rfc_cur_state = _rfc.cur_state
except ChangeRequest.DoesNotExist:
_rfc = None
_rfc_cur_state = 0
if not (tools.has_access(request, ["managers"]) and _rfc_cur_state == 0):
return permission_denied(request)
return add_rfc(request, _rfc)
def handler_http_403(request, template_name='403.html'):
"""HTTP 403 error handler that understands Accept header"""
accepts = request.META.get('HTTP_ACCEPT', 'text/html')
if 'application/json' in accepts:
return JsonResponse(
status=403,
content_type='application/json',
data={'error': 'permission denied'}
)
if 'text/html' in accepts:
return permission_denied(request, template_name=template_name)
def combined_rfc(request, id):
if request.method == "POST":
if not tools.has_access(request, "managers"):
return permission_denied(request)
chosen_rfcs = [int(k[1:]) for k in request.POST.keys() if k[0] == "c" and request.POST[k]]
return _docx.inflate_docx(int(id), chosen_rfcs=chosen_rfcs)
else:
c = tools.default_context(request)
c['title'] = "Include to combined RFC"
rfc_base = ChangeRequest.objects.get(id=id)
rfcs = ChangeRequest.objects.filter(dt__gte=rfc_base.dt).filter(oper_our=rfc_base.oper_our)
c['rfcs'] = rfcs
return render_to_response("combinedRFC.html", c)
def test_error_pages(self):
request = self.request_factory.get('/')
for response, title in (
(bad_request(request, Exception()), b'Bad Request (400)'),
(permission_denied(request, Exception()), b'403 Forbidden'),
(page_not_found(request, Http404()), b'Not Found'),
(server_error(request), b'Server Error (500)'),
):
with self.subTest(title=title):
self.assertIn(b'<!doctype html>', response.content)
self.assertIn(b'<html lang="en">', response.content)
self.assertIn(b'<head>', response.content)
self.assertIn(b'<title>%s</title>' % title, response.content)
self.assertIn(b'<body>', response.content)
def __call__(self, request):
ip = self.get_client_ip(request)
if not settings.DEBUG and cache.get(f'island/blocked/{ip}'):
return permission_denied(request, Exception('You are blocked due to suspicious operations.'))
response = self.get_response(request)
if 400 <= response.status_code < 500:
key = f'island/suspicious/{ip}'
cache.set(key, 0, nx=True)
cache.incr(key)
cache.expire(key, timeout=settings.SUSPICIOUS_BLOCK_TIMEOUT)
if cache.get(key, 0) >= settings.SUSPICIOUS_BLOCK_FREQUENCY:
BlockedAddress.objects.get_or_create(ip=ip)
cache.set(f'island/blocked/{ip}', True)
cache.delete(key)
return response
def custom_permission_denied_view(request, exception, template_name=ERROR_403_TEMPLATE_NAME):
"""
The Permission Denied view normally lacks information about the view that triggered the
exception, unless this information was provided in the exception object manually (as the
second parameter). This custom view attempts to include the relevant information if it
is available.
It is used, among others, by the Auth mixin to provide data about the offending view to
the Debug toolbar.
"""
response = permission_denied(request, exception.args[0] if exception.args else exception, template_name)
try:
response.context_data = getattr(response, 'context_data', {})
response.context_data['view'] = exception.args[1]
except IndexError:
pass
return response
def permission_denied_view(request,
exception,
template_name=defaults.ERROR_403_TEMPLATE_NAME):
if hasattr(exception, 'template_name'):
template_name = exception.template_name
template = loader.get_template(template_name)
return HttpResponseForbidden(
template.render(
request=request,
context={
'fullpage_error_message': str(exception),
'title': _('Přístup odepřen'),
},
), )
return defaults.permission_denied(request, exception, template_name)
def custom_permission_denied_view(request, exception, template_name=ERROR_403_TEMPLATE_NAME):
"""
The Permission Denied view normally lacks information about the view that triggered the
exception, unless this information was provided in the exception object manually (as the
second parameter). This custom view attempts to include the relevant information if it
is available.
It is used, among others, by the Auth mixin to provide data about the offending view to
the Debug toolbar.
"""
response = permission_denied(request, exception.args[0] if exception.args else exception, template_name)
try:
response.context_data = getattr(response, 'context_data', {})
response.context_data['view'] = exception.args[1]
except IndexError:
pass
return response
def dispatch(self, request, *args, **kwargs):
if (not settings.LOGIN_PASSWORD or
request.session.get('loged_in', False) or
not self.need_login):
self.is_admin = False
if not settings.ADMIN_PASSWORD or request.session.get('is_admin', False):
self.is_admin = True
elif self.require_admin:
return permission_denied(request)
request.session.modified = True
return super(LogedInMixin, self).dispatch(request, *args, **kwargs)
else:
next = request.get_full_path()
login_url = reverse('fileserver_login')
login_url_parts = list(urlparse.urlparse(login_url))
if next:
querystring = QueryDict(login_url_parts[4], mutable=True)
querystring['next'] = next
login_url_parts[4] = querystring.urlencode(safe='/')
return HttpResponseRedirect(urlparse.urlunparse(login_url_parts))
