def get_object_or_error(model_cls, query_or_pk, request, display_name=None): obj = query = None select_for_update = check_select_for_update(request) if isinstance(query_or_pk, basestring): # they passed a 5-char guid as a string if issubclass(model_cls, GuidMixin): # if it's a subclass of GuidMixin we know it's primary_identifier_name query = {'guids___id': query_or_pk} else: if hasattr(model_cls, 'primary_identifier_name'): # primary_identifier_name gives us the natural key for the model query = {model_cls.primary_identifier_name: query_or_pk} else: # fall back to modmcompatiblity's load method since we don't know their PIN obj = model_cls.load(query_or_pk, select_for_update=select_for_update) else: # they passed a query try: obj = model_cls.objects.filter(query_or_pk).select_for_update( ).get() if select_for_update else model_cls.objects.get( query_or_pk) except model_cls.DoesNotExist: raise NotFound if not obj: if not query: # if we don't have a query or an object throw 404 raise NotFound try: # TODO This could be added onto with eager on the queryset and the embedded fields of the api if isinstance(query, dict): obj = model_cls.objects.get( **query ) if not select_for_update else model_cls.objects.filter( **query).select_for_update().get() else: obj = model_cls.objects.get( query ) if not select_for_update else model_cls.objects.filter( query).select_for_update().get() except ObjectDoesNotExist: raise NotFound # For objects that have been disabled (is_active is False), return a 410. # The User model is an exception because we still want to allow # users who are unconfirmed or unregistered, but not users who have been # disabled. if model_cls is OSFUser and obj.is_disabled: raise UserGone(user=obj) elif model_cls is not OSFUser and not getattr( obj, 'is_active', True) or getattr( obj, 'is_deleted', False) or getattr(obj, 'deleted', False): if display_name is None: raise Gone else: raise Gone( detail='The requested {name} is no longer available.'.format( name=display_name)) return obj
def get_user(self, check_permissions=True): key = self.kwargs[self.user_lookup_url_kwarg] # If Contributor is in self.request.parents, # then this view is getting called due to an embedded request (contributor embedding user) # We prefer to access the user from the contributor object and take advantage # of the query cache if hasattr(self.request, 'parents') and len(self.request.parents.get(Contributor, {})) == 1: # We expect one parent contributor view, so index into the first item contrib_id, contrib = self.request.parents[Contributor].items()[0] user = contrib.user if user.is_disabled: raise UserGone(user=user) # Make sure that the contributor ID is correct if user._id == key: if check_permissions: self.check_object_permissions(self.request, user) return user if self.kwargs.get('is_embedded') is True: if key in self.request.parents[OSFUser]: return self.request.parents[key] current_user = self.request.user if key == 'me': if isinstance(current_user, AnonymousUser): raise NotAuthenticated else: return self.request.user obj = get_object_or_error(OSFUser, key, self.request, 'user') if check_permissions: # May raise a permission denied self.check_object_permissions(self.request, obj) return obj
def get_user(self, check_permissions=True): key = self.kwargs[self.user_lookup_url_kwarg] # If Contributor is in self.request.parents, # then this view is getting called due to an embedded request (contributor embedding user) # We prefer to access the user from the contributor object and take advantage # of the query cache if hasattr(self.request, 'parents') and len( self.request.parents.get(Contributor, {})) == 1: # We expect one parent contributor view, so index into the first item contrib_id, contrib = list( self.request.parents[Contributor].items())[0] user = contrib.user if user.is_disabled: raise UserGone(user=user) # Make sure that the contributor ID is correct if user._id == key: if check_permissions: self.check_object_permissions(self.request, user) return get_object_or_error( OSFUser.objects.filter(id=user.id). annotate(default_region=F( 'addons_osfstorage_user_settings__default_region___id') ).exclude(default_region=None), request=self.request, display_name='user', ) if self.kwargs.get('is_embedded') is True: if key in self.request.parents[OSFUser]: return self.request.parents[OSFUser].get(key) current_user = self.request.user if isinstance(current_user, AnonymousUser): if key == 'me': raise NotAuthenticated elif key == 'me' or key == current_user._id: return get_object_or_error( OSFUser.objects.filter(id=current_user.id).annotate( default_region=F( 'addons_osfstorage_user_settings__default_region___id') ).exclude(default_region=None), request=self.request, display_name='user', ) obj = get_object_or_error(OSFUser, key, self.request, 'user') if check_permissions: # May raise a permission denied self.check_object_permissions(self.request, obj) return obj