Ejemplo n.º 1
def download_file(request, file_id, type=None):
    # Fetch what we need with a minimum amount of queries (Transforms on
    # Version and Webapp are avoided). This breaks several things like
    # translations, but it should be fine here, we don't need much to go on.
    file_ = get_object_or_404(File.objects.select_related('version'),
    webapp = get_object_or_404(Webapp.objects.all().no_transforms(),
                               pk=file_.version.webapp_id, is_packaged=True)

    if webapp.is_disabled or file_.status == mkt.STATUS_DISABLED:
        if not acl.check_webapp_ownership(request, webapp, viewer=True,
            raise http.Http404()

    # We treat blocked files like public files so users get the update.
    if file_.status in [mkt.STATUS_PUBLIC, mkt.STATUS_BLOCKED]:
        path = file_.signed_file_path
        public = True

        # This is someone asking for an unsigned packaged app.
        if not acl.check_webapp_ownership(request, webapp, dev=True):
            raise http.Http404()

        path = file_.file_path
        public = False

    log.info('Downloading package: %s from %s' % (webapp.id, path))
    return get_file_response(request, path, content_type='application/zip',
                             etag=file_.hash.split(':')[-1], public=public)
Ejemplo n.º 2
def in_app_products(request, webapp_id, webapp, account=None):
    owner = acl.check_webapp_ownership(request, webapp)
    products = webapp.inappproduct_set.all()
    new_product = InAppProduct(webapp=webapp)
    form = InAppProductForm()

    if webapp.origin:
        inapp_origin = webapp.origin
    elif webapp.guid:
        # Derive a marketplace specific origin out of the GUID.
        # This is for apps that do not specify a custom origin.
        inapp_origin = 'marketplace:{}'.format(webapp.guid)
        # Theoretically this is highly unlikely. A hosted app will
        # always have a domain and a packaged app will always have
        # a generated GUID.
        raise TypeError(
            'Cannot derive origin: no declared origin, no GUID')

    list_url = _fix_origin_link(reverse('in-app-products-list',
                                        kwargs={'origin': inapp_origin}))
    detail_url = _fix_origin_link(reverse('in-app-products-detail',
                                          # {guid} is replaced in JS.
                                          kwargs={'origin': inapp_origin,
                                                  'guid': "{guid}"}))

    return render(request, 'developers/payments/in-app-products.html',
                  {'webapp': webapp, 'form': form, 'new_product': new_product,
                   'owner': owner, 'products': products, 'form': form,
                   'list_url': list_url, 'detail_url': detail_url,
                   'active_lang': request.LANG.lower()})
Ejemplo n.º 3
def setup_viewer(request, file_obj):
    data = {'file': file_obj,
            'version': file_obj.version,
            'webapp': file_obj.version.webapp,
            'status': False,
            'selected': {},
            'validate_url': ''}

    if (acl.check_reviewer(request) or
        acl.check_webapp_ownership(request, file_obj.version.webapp,
                                   viewer=True, ignore_disabled=True)):
        data['validate_url'] = reverse(
            args=[file_obj.version.webapp.app_slug, file_obj.id])

    if acl.check_reviewer(request):
        data['file_link'] = {'text': _('Back to review'),
                             'url': reverse('reviewers.apps.review',
        data['file_link'] = {
            'text': _('Back to app'),
            'url': reverse('detail', args=[data['webapp'].pk])
    return data
Ejemplo n.º 4
        def wrapper(request, webapp, *args, **kw):
            from mkt.submit.views import _resume

            def fun():
                return f(request, webapp_id=webapp.id, webapp=webapp,
                         *args, **kw)

            if allow_editors and acl.check_reviewer(request):
                return fun()

            if staff and (acl.action_allowed(request, 'Apps', 'Configure') or
                          acl.action_allowed(request, 'Apps',
                return fun()

            if support:
                # Let developers and support people do their thangs.
                if (acl.check_webapp_ownership(request, webapp,
                                               support=True) or
                    acl.check_webapp_ownership(request, webapp,
                    return fun()
                # Require an owner or dev for POST requests.
                if request.method == 'POST':

                    if acl.check_webapp_ownership(request, webapp,
                                                  dev=not owner_for_post):
                        return fun()

                # Ignore disabled so they can view their add-on.
                elif acl.check_webapp_ownership(request, webapp, viewer=True,
                    if not skip_submit_check:
                            # If it didn't go through the app submission
                            # checklist. Don't die. This will be useful for
                            # creating apps with an API later.
                            step = webapp.appsubmissionchecklist.get_next()
                        except ObjectDoesNotExist:
                            step = None
                        # Redirect to the submit flow if they're not done.
                        if not getattr(f, 'submitting', False) and step:
                            return _resume(webapp, step)
                    return fun()

            raise PermissionDenied
Ejemplo n.º 5
    def get_app(self, ident):
            app = Webapp.objects.by_identifier(ident)
        except Webapp.DoesNotExist:
            raise Http404

        if not app.is_public() and not check_webapp_ownership(
                self.request, app):
            # App owners and admin can see the app even if it's not public.
            # Regular users or anonymous users can't.
            raise PermissionDenied('The app requested is not public')
        return app
Ejemplo n.º 6
def allowed(request, file):
    allowed = acl.check_reviewer(request)
    if not allowed:
            webapp = file.version.webapp
        except ObjectDoesNotExist:
            raise http.Http404

        if webapp.status in mkt.REVIEWED_STATUSES:
            allowed = True
            allowed = acl.check_webapp_ownership(request, webapp, viewer=True,
    if not allowed:
        raise PermissionDenied
    return True
Ejemplo n.º 7
def in_app_config(request, webapp_id, webapp):
    Allows developers to get a key/secret for doing in-app payments.
    config = get_inapp_config(webapp)

    owner = acl.check_webapp_ownership(request, webapp)
    if request.method == 'POST':
        # Reset the in-app secret for the app.
               .patch(data={'secret': generate_key(48)}))
        messages.success(request, _('Changes successfully saved.'))
        return redirect(reverse('mkt.developers.apps.in_app_config',

    return render(request, 'developers/payments/in-app-config.html',
                  {'webapp': webapp, 'owner': owner,
                   'seller_config': config})