def process_request(self, request):
django_user = get_user(request)
google_user = users.get_current_user()
# Check to see if the user is authenticated with a different backend, if so, just set
# request.user and bail
if django_user.is_authenticated():
backend_str = request.session.get(BACKEND_SESSION_KEY)
if (not backend_str) or not isinstance(
load_backend(backend_str), BaseAppEngineUserAPIBackend):
request.user = django_user
return
if django_user.is_anonymous() and google_user:
# If there is a google user, but we are anonymous, log in!
# Note that if DJANGAE_FORCE_USER_PRE_CREATION is True then this may not authenticate
django_user = authenticate(
google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
if django_user.is_authenticated():
if not google_user:
# If we are logged in with django, but not longer logged in with Google
# then log out
logout(request)
django_user = AnonymousUser()
elif django_user.username != google_user.user_id():
# If the Google user changed, we need to log in with the new one
logout(request)
django_user = authenticate(
google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
# Note that the logic above may have logged us out, hence new `if` statement
if django_user.is_authenticated():
# Now make sure we update is_superuser and is_staff appropriately
is_superuser = users.is_current_user_admin()
resave = False
if is_superuser != django_user.is_superuser:
django_user.is_superuser = django_user.is_staff = is_superuser
resave = True
# for users which already exist, we want to verify that their email is still correct
# users are already authenticated with their user_id, so we can save their real email
# not the lowercased version
if django_user.email != google_user.email():
django_user.email = google_user.email()
resave = True
if resave:
django_user.save()
request.user = django_user
def update_hitcount(session_key, ip_address, user_agent, username,
app_label, model, object_id):
try:
user = User.objects.get(username=username)
except ObjectDoesNotExist:
user = AnonymousUser()
ctype = ContentType.objects.get(app_label=app_label, model=model)
hitcount, created = HitCount.objects.get_or_create(
content_type=ctype, object_pk=object_id)
hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)
# first, check our request against the blacklists before continuing
if BlacklistIP.objects.filter(ip__exact=ip_address) or \
BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
return False
# second, see if we are excluding a specific user group or not
if exclude_user_group and user.is_authenticated():
if user.groups.filter(name__in=exclude_user_group):
return False
# start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE )
qs = Hit.objects.filter_active()
# check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
if hits_per_ip_limit:
if qs.filter(ip__exact=ip_address).count() > hits_per_ip_limit:
return False
# create a generic Hit object with request data
hit = Hit(session=session_key, hitcount=hitcount, ip=ip_address,
user_agent=user_agent)
# first, use a user's authentication to see if they made an earlier hit
if user.is_authenticated():
if not qs.filter(user=user, hitcount=hitcount):
hit.user = user # associate this hit with a user
hit.save()
return True
# if not authenticated, see if we have a repeat session
else:
if not qs.filter(session=session_key, hitcount=hitcount):
hit.save()
return True
return False
def process_request(self, request):
django_user = get_user(request)
google_user = users.get_current_user()
# Check to see if the user is authenticated with a different backend, if so, just set
# request.user and bail
if django_user.is_authenticated():
backend_str = request.session.get(BACKEND_SESSION_KEY)
if (not backend_str) or not isinstance(load_backend(backend_str), BaseAppEngineUserAPIBackend):
request.user = django_user
return
if django_user.is_anonymous() and google_user:
# If there is a google user, but we are anonymous, log in!
# Note that if DJANGAE_CREATE_UNKNOWN_USER=False then this may not authenticate
django_user = authenticate(google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
if django_user.is_authenticated():
if not google_user:
# If we are logged in with django, but not longer logged in with Google
# then log out
logout(request)
django_user = AnonymousUser()
elif django_user.username != google_user.user_id():
# If the Google user changed, we need to log in with the new one
logout(request)
django_user = authenticate(google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
# Note that the logic above may have logged us out, hence new `if` statement
if django_user.is_authenticated():
# Now make sure we update is_superuser and is_staff appropriately
is_superuser = users.is_current_user_admin()
resave = False
if is_superuser != django_user.is_superuser:
django_user.is_superuser = django_user.is_staff = is_superuser
resave = True
# for users which already exist, we want to verify that their email is still correct
# users are already authenticated with their user_id, so we can save their real email
# not the lowercased version
if django_user.email != google_user.email():
django_user.email = google_user.email()
resave = True
if resave:
django_user.save()
request.user = django_user
def render(self, context):
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
pk = Variable(self.pk)
pk = pk.resolve(context)
except:
pk = self.pk
try:
filters = get_query_filters(user, 'navs.view_nav')
nav = Nav.objects.filter(filters).filter(pk=pk)
if user.is_authenticated():
if not user.profile.is_superuser:
nav = nav.distinct()
context[self.context_var] = nav[0]
except:
pass
return unicode()
def nav(context, nav_id):
"""
Renders the nav from cache
if not will use the navigation tag for rendering the nav
"""
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
filters = get_query_filters(user, 'navs.view_nav')
navs = Nav.objects.filter(filters).filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav_object = navs[0]
nav = get_nav(nav_object.pk)
if not nav:
cache_nav(nav_object)
except:
return None
context.update({
"cached": nav,
"nav_id": nav_id,
})
return context
def navigation(context, nav_id):
"""
Renders the nav and its nav items.
This will call nav_item that will call itself recursively nesting
the subnavs
"""
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
nav_id = Variable(nav_id)
nav_id = nav_id.resolve(context)
except:
pass
try:
filters = get_query_filters(user, 'navs.view_nav', association_id=get_association_id(context))
navs = Nav.objects.filter(filters).filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav = navs[0]
except:
return None
context.update({
"nav": nav,
"items": nav.top_items,
})
return context
class LoggedInUserCache(object):
"""Stores the current user as a member attribute of a singleton.
WARNING: if you manually change the value of "LoggedInUserCanche.user"
property for your special purposes, remember to restore it on its previous
value at the end of your special code block. i.e.:
>> logged_cache = LoggedInUserCache()
>> current_user = logged_cache.user # Save the previous value!
>> logged_cache.user = my_specific_needs_user
>> # ... code ... #
>> logged_cache.user = current_user # Restore the value!
"""
user = AnonymousUser()
def set_user(self, request):
self.user = request.user
if not self.user:
self.clear()
def clear(self):
self.user = AnonymousUser()
@property
def has_user(self):
return self.user and self.user.is_authenticated()
def render(self, context):
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
pk = Variable(self.pk)
pk = pk.resolve(context)
except:
pk = self.pk
try:
filters = get_query_filters(user, 'boxes.view_box')
box = Box.objects.filter(filters).filter(pk=pk)
if user.is_authenticated():
if not user.profile.is_superuser:
box = box.distinct()
context['box'] = box[0]
template = get_template('boxes/edit-link.html')
output = '<div id="box-%s" class="boxes">%s %s</div>' % (
box[0].pk,
box[0].content,
template.render(context),
)
return output
except:
return unicode()
def render(self, context):
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
pk = Variable(self.pk)
pk = pk.resolve(context)
except:
pk = self.pk
try:
filters = get_query_filters(user, 'navs.view_nav', association_id=get_association_id(context))
nav = Nav.objects.filter(filters).filter(pk=pk)
if user.is_authenticated():
if not user.profile.is_superuser:
nav = nav.distinct()
context[self.context_var] = nav[0]
except:
pass
return unicode()
def render(self, context):
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
pk = Variable(self.pk)
pk = pk.resolve(context)
except:
pk = self.pk
try:
filters = get_query_filters(user, 'boxes.view_box')
box = Box.objects.filter(filters).filter(pk=pk)
if user.is_authenticated():
if not user.profile.is_superuser:
box = box.distinct()
context['box'] = box[0]
template = get_template('boxes/edit-link.html')
output = '<div id="box-%s" class="boxes">%s %s</div>' % (
box[0].pk,
box[0].content,
template.render(context),
)
return output
except:
return unicode()
def navigation(context, nav_id):
"""
Renders the nav and its nav items.
This will call nav_item that will call itself recursively nesting
the subnavs
"""
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
nav_id = Variable(nav_id)
nav_id = nav_id.resolve(context)
except:
pass
try:
filters = get_query_filters(user, 'navs.view_nav')
navs = Nav.objects.filter(filters).filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav = navs[0]
except:
return None
context.update({
"nav": nav,
"items": nav.top_items,
})
return context
def is_worker(request):
json_data = json.loads(request.raw_post_data, strict=False)
engine = import_module(settings.SESSION_ENGINE)
try:
session = engine.SessionStore(json_data['session_key'])
except KeyError:
json_response = json.dumps({"success": "false",
"type": "badRequest"})
return HttpResponse(json_response, mimetype='application/json')
try:
worker = session[SESSION_KEY]
sample_path = session[BACKEND_SESSION_KEY]
sample = load_backend(sample_path)
user = sample.get_user(worker) or AnonymousUser()
except KeyError:
user = AnonymousUser()
if user.is_authenticated():
try:
if user.worker:
json_data['worker'] = user.worker
return json_data
except:
return False
class LoggedInUserCache(object):
"""Stores the current user as a member attribute of a singleton.
WARNING: if you manually change the value of "LoggedInUserCanche.user"
property for your special purposes, remember to restore it on its previous
value at the end of your special code block. i.e.:
>> logged_cache = LoggedInUserCache()
>> current_user = logged_cache.user # Save the previous value!
>> logged_cache.user = my_specific_needs_user
>> # ... code ... #
>> logged_cache.user = current_user # Restore the value!
"""
user = AnonymousUser()
def set_user(self, request):
self.user = request.user
if not self.user:
self.clear()
def clear(self):
self.user = AnonymousUser()
@property
def has_user(self):
return self.user and self.user.is_authenticated()
def _calculate_link_params(link, context):
"""Helper function to prepare a link for rendering.
It takes a link instance, a context and calculates the final values
of its params (i.e. URL, title, description, etc.)
"""
user = context.get('user', None)
link.extra_context = context
link.title = link.title % context
if link.description:
link.description = link.description % context
perms = [
"%s.%s" % (p.content_type.app_label, p.codename)
for p in link.only_with_perms.all()
]
link.authorized = True
if isinstance(user, get_user_model()) and not user.is_superuser:
if link.only_staff and not (user.is_staff or user.is_superuser):
link.authorized = False
if link.only_with_perms.exists() and not user.has_perms(
perms, context.get("object", None)):
link.authorized = False
elif not user or isinstance(user, AnonymousUser):
user = AnonymousUser()
if link.only_staff or link.only_with_perms.exists():
link.authorized = False
if link.only_authenticated and not user.is_authenticated():
link.authorized = False
return link
def test_is_authenticated(self):
user = User.objects.create_user(username='******',
email='*****@*****.**',
password='******')
self.assertEqual(user.is_authenticated(), True)
user = AnonymousUser()
self.assertEqual(user.is_authenticated(), False)
def test_anonymous_user(self):
"Check the properties of the anonymous user"
a = AnonymousUser()
self.assertFalse(a.is_authenticated())
self.assertFalse(a.is_staff)
self.assertFalse(a.is_active)
self.assertFalse(a.is_superuser)
self.assertEqual(a.groups.all().count(), 0)
self.assertEqual(a.user_permissions.all().count(), 0)
def test_anonymous_user(self):
"Check the properties of the anonymous user"
a = AnonymousUser()
self.assertFalse(a.is_authenticated())
self.assertFalse(a.is_staff)
self.assertFalse(a.is_active)
self.assertFalse(a.is_superuser)
self.assertEqual(a.groups.all().count(), 0)
self.assertEqual(a.user_permissions.all().count(), 0)
def has_perm(self, user_obj, perm, obj=None):
'''
main method, calls other methods based on permission type queried
'''
if not user_obj.is_authenticated():
allowed_tokens = getattr(user_obj, 'allowed_tokens', [])
user_obj = AnonymousUser()
user_obj.allowed_tokens = allowed_tokens
if obj is None:
return False
try:
perm_label, perm_type = perm.split('.')
perm_action, perm_ct = perm_type.split('_')
except:
return False
if perm_label != self.app_label:
return False
ct = ContentType.objects.get_for_model(obj)
if ct.name != perm_ct:
return False
method_name = '_has_%s_perm' % perm_action
# run any custom perms per model, continue if not None
# allows complete overriding of standard authorisation, eg for public
# experiments
model_spec_perm = getattr(obj, method_name,
lambda *args, **kwargs: None)(user_obj)
if type(model_spec_perm) == bool:
return model_spec_perm
#get_acls
obj_acls = ObjectACL.objects.filter(
content_type=ct, object_id=obj.id).filter(
self.get_perm_bool(perm_action)).filter(
ObjectACL.get_effective_query())
query = Q(pluginId='django_user',
entityId=str(user_obj.id))
if user_obj.is_authenticated():
for name, group in user_obj.get_profile().ext_groups:
query |= Q(pluginId=name, entityId=str(group))
else:
# the only authorisation available for anonymous users is tokenauth
tgp = TokenGroupProvider()
for name, group in tgp.getGroups(user_obj):
query |= Q(pluginId=name, entityId=str(group))
return obj_acls.filter(query).count() > 0
def process_request(self, request):
django_user = get_user(request)
google_user = users.get_current_user()
# Check to see if the user is authenticated with a different backend, if so, just set
# request.user and bail
if django_user.is_authenticated():
backend_str = request.session.get(BACKEND_SESSION_KEY)
if (not backend_str) or not isinstance(
load_backend(backend_str), BaseAppEngineUserAPIBackend):
request.user = django_user
return
if django_user.is_anonymous() and google_user:
# If there is a google user, but we are anonymous, log in!
# Note that if DJANGAE_CREATE_UNKNOWN_USER=False then this may not authenticate
django_user = authenticate(
google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
if django_user.is_authenticated():
if not google_user:
# If we are logged in with django, but not longer logged in with Google
# then log out
logout(request)
django_user = AnonymousUser()
elif django_user.username != google_user.user_id():
# If the Google user changed, we need to log in with the new one
logout(request)
django_user = authenticate(
google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
# Note that the logic above may have logged us out, hence new `if` statement
if django_user.is_authenticated():
self.sync_user_data(django_user, google_user)
request.user = django_user
def process_request(self, request):
django_user = get_user(request)
google_user = users.get_current_user()
# Check to see if the user is authenticated with a different backend, if so, just set
# request.user and bail
if django_user.is_authenticated():
backend_str = request.session.get(BACKEND_SESSION_KEY)
if (not backend_str) or not isinstance(load_backend(backend_str), BaseAppEngineUserAPIBackend):
request.user = django_user
return
if django_user.is_anonymous() and google_user:
# If there is a google user, but we are anonymous, log in!
# Note that if DJANGAE_CREATE_UNKNOWN_USER=False then this may not authenticate
django_user = authenticate(google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
if django_user.is_authenticated():
if not google_user:
# If we are logged in with django, but not longer logged in with Google
# then log out
logout(request)
django_user = AnonymousUser()
elif django_user.username != google_user.user_id():
# If the Google user changed, we need to log in with the new one
logout(request)
django_user = authenticate(google_user=google_user) or AnonymousUser()
if django_user.is_authenticated():
login(request, django_user)
# Note that the logic above may have logged us out, hence new `if` statement
if django_user.is_authenticated():
self.sync_user_data(django_user, google_user)
request.user = django_user
def profileDetailView(request, username):
not_curr = True
is_anon = False
try:
current_user = Blog.objects.get(username=request.user.username)
except ObjectDoesNotExist:
current_user = AnonymousUser()
is_anon = True
if username == current_user.username:
not_curr = False
return redirect('/profile/')
user = get_object_or_404(Blog, username=username)
post_list = Post.objects.filter(author__exact=user).order_by('-pub_date')
if current_user.is_authenticated():
user_in_following = user in current_user.following.all()
else:
user_in_following = False
is_anon = True
obj_dict = {'user': user, 'not_curr': not_curr,
'user_in_following': user_in_following,
'is_anon': is_anon, }
paginator = Paginator(post_list, 3)
page = 1
posts = paginator.page(page)
template = ''
if request.method == 'POST':
page = request.POST.get('page')
try:
posts = paginator.page(page)
except EmptyPage:
return HttpResponse(None)
template = 'photo/getFeed.html'
obj_dict['post_list'] = posts
else:
template = 'photo/profile.html'
obj_dict['post_list'] = posts
return render(request, template, obj_dict)
def nav(context, nav_id, show_title=False, is_site_map=False):
"""
Renders the nav from cache
if not will use the navigation tag for rendering the nav
"""
user = AnonymousUser()
association_id = get_association_id(context)
if is_site_map == 'False':
is_site_map = False
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
if hasattr(user, 'profile'):
association_id = user.profile.current_association_id
try:
nav_id = Variable(nav_id)
nav_id = nav_id.resolve(context)
except:
pass
try:
filters = get_query_filters(user, 'navs.view_nav', association_id=association_id)
navs = Nav.objects.filter(filters) #.filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav_object = None
nav = None
if navs and len(navs) > 0:
nav_object = navs[0]
if nav_object:
nav = get_nav(nav_object.pk, is_site_map=is_site_map, association_id=association_id)
if not nav:
nav = cache_nav(nav_object, show_title, is_site_map=is_site_map, association_id=association_id)
except:
return None
context.update({
"cached": nav,
"nav_id": nav_id,
"show_title": show_title,
})
return context
def get(self, request, session_id):
response_data = {}
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(session_id)
try:
user_id = session[SESSION_KEY]
backend_path = session[BACKEND_SESSION_KEY]
backend = load_backend(backend_path)
user = backend.get_user(user_id) or AnonymousUser()
except KeyError:
user = AnonymousUser()
if user.is_authenticated():
response_data['assets_token'] = Fernet(bytes(settings.ASSETS_TOKEN_ENCRYPTION_KEY))\
.encrypt(bytes(session.session_key))
return Response(response_data, status=status.HTTP_200_OK)
else:
return Response(response_data, status=status.HTTP_404_NOT_FOUND)
def post(self, request):
my_key = request.COOKIES.get('sessionid', None)
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(my_key)
try:
user_id = session[SESSION_KEY]
backend_path = session[BACKEND_SESSION_KEY]
backend = load_backend(backend_path)
user = backend.get_user(user_id) or AnonymousUser()
except KeyError:
user = AnonymousUser()
if user.is_authenticated():
return Response({'detail': True})
else:
return Response({'detail': False})
def is_a_user(sessionid):
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(sessionid)
try:
user_id = session[SESSION_KEY]
backend_path = session[BACKEND_SESSION_KEY]
backend = load_backend(backend_path)
user = backend.get_user(user_id) or AnonymousUser()
except KeyError:
user = AnonymousUser()
if user.is_authenticated():
return user
else:
return False
def _prepare_request(self, request, page, user, lang, use_middlewares, use_toolbar=False,
secure=False):
from django.contrib.auth.models import AnonymousUser
try:
from importlib import import_module
except ImportError:
from django.utils.importlib import import_module
engine = import_module(settings.SESSION_ENGINE)
request.current_page = SimpleLazyObject(lambda: page)
if not user:
if self._login_context:
user = self._login_context.user
else:
user = AnonymousUser()
if user.is_authenticated():
session_key = user._meta.pk.value_to_string(user)
else:
session_key = 'session_key'
request.user = user
request._cached_user = user
request.session = engine.SessionStore(session_key)
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
# Let's use middleware in case requested, otherwise just use CMS toolbar if needed
if use_middlewares:
handler = BaseHandler()
handler.load_middleware()
for middleware_method in handler._request_middleware:
if middleware_method(request):
raise Exception('Couldn\'t create request mock object -'
'request middleware returned a response')
elif use_toolbar:
from cms.middleware.toolbar import ToolbarMiddleware
mid = ToolbarMiddleware()
mid.process_request(request)
return request
def test_anonymous_user_is_anonymous_authenticated_method_deprecation(self):
a = AnonymousUser()
deprecation_message = (
'Using user.is_authenticated() and user.is_anonymous() as a '
'method is deprecated. Remove the parentheses to use it as an '
'attribute.'
)
# Backwards-compatibility callables
with warnings.catch_warnings(record=True) as warns:
warnings.simplefilter('always') # prevent warnings from appearing as errors
self.assertTrue(a.is_anonymous())
self.assertEqual(len(warns), 1)
self.assertEqual(str(warns[0].message), deprecation_message)
with warnings.catch_warnings(record=True) as warns:
warnings.simplefilter('always') # prevent warnings from appearing as errors
self.assertFalse(a.is_authenticated())
self.assertEqual(len(warns), 1)
self.assertEqual(str(warns[0].message), deprecation_message)
def render(self, context):
user = context.get('user', None)
request = context.get('request',None)
if not user:
if request:
user = getattr(request, 'user', None)
if not user:
user = AnonymousUser()
current_site=None
object_filter = {'name': self.content_name}
# Get current Site object (if used)
if site:
if request:
current_site = get_current_site(request)
if current_site:
object_filter['site'] = current_site
else:
object_filter['site_id'] = 1
# Get current content object
if AUTOCREATE or (not CHECK_PERMS and user.is_staff) or (CHECK_PERMS and user.has_perm('content_edit_add_cmscontent')):
content = CmsContent.objects.get_or_create(**object_filter)[0]
else:
try:
content = CmsContent.objects.get(**object_filter)
except CmsContent.DoesNotExist:
content= CmsContent(content='')
# Check user Perms
change_perm = False
if user.is_authenticated():
if (CHECK_PERMS and user.has_perm('content_edit_change_cmscontent')) or (not CHECK_PERMS and user.is_staff):
change_perm = True
# Generate content
if change_perm:
html_content = u'<span id="content_{0}">{1}</span><a href="#" data-tagname="{0}" class="glyphicon glyphicon-pencil btn btn-info btn-sm" data-toggle="modal" data-target="#content-edit-modal"></a>'.format(content.name, content.content)
else:
html_content = content.content
return html_content
def render(self, context):
user = context.get('user', None)
request = context.get('request',None)
if not user:
if request:
user = getattr(request, 'user', None)
if not user:
user = AnonymousUser()
current_site=None
object_filter = {'name': self.content_name}
# Get current Site object (if used)
if site:
if request:
current_site = get_current_site(request)
if current_site:
object_filter['site'] = current_site
else:
object_filter['site_id'] = 1
# Get current content object
if AUTOCREATE or (not CHECK_PERMS and user.is_staff) or (CHECK_PERMS and user.has_perm('content_edit_add_cmscontent')):
content = CmsContent.objects.get_or_create(**object_filter)[0]
else:
try:
content = CmsContent.objects.get(**object_filter)
except CmsContent.DoesNotExist:
content= CmsContent(content='')
# Check user Perms
change_perm = False
if user.is_authenticated():
if (CHECK_PERMS and user.has_perm('content_edit_change_cmscontent')) or (not CHECK_PERMS and user.is_staff):
change_perm = True
# Generate content
if change_perm:
html_content = u'<div id="content_{0}" onblur="save_cms_content(this, \'{0}\')" contenteditable="true">{1}</div>'.format(
content.name, content.content)
else:
html_content = content.content
return html_content
def render(self, context):
user = context.get('user', None)
request = context.get('request',None)
if not user:
if request:
user = getattr(request, 'user', None)
if not user:
user = AnonymousUser()
current_site=None
object_filter = {'name': self.content_name}
# Get current Site object (if used)
if site:
if request:
current_site = get_current_site(request)
if current_site:
object_filter['site'] = current_site
else:
object_filter['site_id'] = 1
# Get current content object
if AUTOCREATE or (not CHECK_PERMS and user.is_staff) or (CHECK_PERMS and user.has_perm('content_edit_add_cmscontent')):
content = CmsContent.objects.get_or_create(**object_filter)[0]
else:
try:
content = CmsContent.objects.get(**object_filter)
except CmsContent.DoesNotExist:
content= CmsContent(content='')
# Check user Perms
change_perm = False
if user.is_authenticated():
if (CHECK_PERMS and user.has_perm('content_edit_change_cmscontent')) or (not CHECK_PERMS and user.is_staff):
change_perm = True
# Generate content
if change_perm:
html_content = u'<div id="content_{0}" onblur="save_cms_content(this, \'{0}\')" contenteditable="true">{1}</div>'.format(
content.name, content.content)
else:
html_content = content.content
return html_content
def _prepare_request(self,
request,
page,
user,
lang,
use_middlewares,
use_toolbar=False,
secure=False):
from django.contrib.auth.models import AnonymousUser
request.current_page = SimpleLazyObject(lambda: page)
if not user:
if self._login_context:
user = self._login_context.user
else:
user = AnonymousUser()
request.user = user
request._cached_user = user
request.session = {}
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
if user.is_authenticated():
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
# Let's use middleware in case requested, otherwise just use CMS toolbar if needed
if use_middlewares:
handler = BaseHandler()
handler.load_middleware()
for middleware_method in handler._request_middleware:
if middleware_method(request):
raise Exception('Couldn\'t create request mock object -'
'request middleware returned a response')
elif use_toolbar:
from cms.middleware.toolbar import ToolbarMiddleware
mid = ToolbarMiddleware()
mid.process_request(request)
return request
def get_request(self, path, user, lang, secure=False):
from django.contrib.auth.models import AnonymousUser
request = self.request_factory.get(path, secure=secure)
if not user:
user = AnonymousUser()
request.user = user
request._cached_user = user
request.session = {}
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
if user.is_authenticated():
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
return request
def get(self, request, session_id):
response_data = {}
base_uri = generate_base_uri(request)
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(session_id)
try:
user_id = session[SESSION_KEY]
backend_path = session[BACKEND_SESSION_KEY]
backend = load_backend(backend_path)
user = backend.get_user(user_id) or AnonymousUser()
except KeyError:
user = AnonymousUser()
if user.is_authenticated():
response_data['token'] = session.session_key
response_data['expires'] = session.get_expiry_age()
response_data['uri'] = base_uri
response_data['user_id'] = user.id
return Response(response_data, status=status.HTTP_200_OK)
else:
return Response(response_data, status=status.HTTP_404_NOT_FOUND)
def _prepare_request(self, request, page, user, lang, use_middlewares, use_toolbar=False,
secure=False):
from django.contrib.auth.models import AnonymousUser
from importlib import import_module
engine = import_module(settings.SESSION_ENGINE)
request.current_page = SimpleLazyObject(lambda: page)
if not user:
if self._login_context:
user = self._login_context.user
else:
user = AnonymousUser()
if callable(user.is_authenticated):
authenticated = user.is_authenticated()
else:
authenticated = user.is_authenticated
if authenticated:
session_key = user._meta.pk.value_to_string(user)
else:
session_key = 'session_key'
request.user = user
request._cached_user = user
request.session = engine.SessionStore(session_key)
if secure:
request.environ['SERVER_PORT'] = str('443')
request.environ['wsgi.url_scheme'] = str('https')
request.cookies = SimpleCookie()
request.errors = StringIO()
request.LANGUAGE_CODE = lang
if request.method == 'POST':
request._dont_enforce_csrf_checks = True
# Let's use middleware in case requested, otherwise just use CMS toolbar if needed
if use_middlewares:
self._apply_middlewares(request)
elif use_toolbar:
from cms.middleware.toolbar import ToolbarMiddleware
mid = ToolbarMiddleware()
mid.process_request(request)
return request
def nav(context, nav_id, show_title=False, is_site_map=False):
"""
Renders the nav from cache
if not will use the navigation tag for rendering the nav
"""
user = AnonymousUser()
if is_site_map == 'False':
is_site_map = False
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
nav_id = Variable(nav_id)
nav_id = nav_id.resolve(context)
except:
pass
try:
filters = get_query_filters(user, 'navs.view_nav')
navs = Nav.objects.filter(filters).filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav_object = navs[0]
nav = get_nav(nav_object.pk, is_site_map=is_site_map)
if not nav:
nav = cache_nav(nav_object, show_title, is_site_map=is_site_map)
except:
return None
context.update({
"cached": nav,
"nav_id": nav_id,
"show_title": show_title,
})
return context
def process_request(self, request):
logger.debug('url: ' + request.path)
if not self.enforce_auth:
logger.debug('ClusterAuthenticate ignored: is disabled')
return
if is_localhost(request) and not self.bypass_localhost_check:
logger.debug('ClusterAuthenticate ignored: is local request')
return
if self.get_req_cluster_name(request) is None:
logger.debug(
'ClusterAuthenticate ignored: no cluster name in request')
return
# Find user and autorized clusters
cluster_name = self.get_req_cluster_name(request)
cluster = self.get_cluster_from_name(cluster_name)
user = AnonymousUser()
if hasattr(request, 'session'):
user = auth.get_user(request)
logger.debug('User from request: ' + str(user))
if user.is_authenticated():
allowed_clusters = self.get_allowed_clusters_for_user(user)
else:
token_string = self.get_req_token_string(request)
user = self.get_user_for_token(token_string)
allowed_clusters = self.get_allowed_clusters_for_token(
token_string)
logger.debug('Checking authorization for cluster ' + str(cluster) +
' in cluster list ' + str(allowed_clusters) + ' for ' +
str(user))
# Do validation/set user for request
if hasattr(request, 'user'):
request.user = AnonymousUser()
request._cached_user = AnonymousUser()
if cluster and allowed_clusters:
if cluster in allowed_clusters:
request.user = user
request._cached_user = user
return
def manual_auth(session_key):
"""
Manually lookup user accounts by corresponding their session
keys.
"""
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(session_key)
try:
user_id = session[SESSION_KEY]
backend_path = session[BACKEND_SESSION_KEY]
backend = load_backend(backend_path)
user = backend.get_user(user_id) or AnonymousUser()
except KeyError:
user = AnonymousUser()
return ("Anonymous",user)
if user.is_authenticated():
return ("User",user)
else:
return ("Guest",user)
def bootstrap_nav(context, nav_id, show_title=False):
"""
Bootstrap version of the nav tag
"""
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
nav_id = Variable(nav_id)
nav_id = nav_id.resolve(context)
except:
pass
try:
filters = get_query_filters(user, 'navs.view_nav')
navs = Nav.objects.filter(filters).filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav_object = navs[0]
nav = get_nav(nav_object.pk)
if not nav:
nav = cache_nav(nav_object, show_title)
except:
return None
context.update({
"cached": nav,
"nav_id": nav_id,
"show_title": show_title,
"is_bootstrap":
True # added context to enable to indicate bootstrap nav will be used
})
return context
def process_request(self, request):
logger.debug('url: ' + request.path)
if not self.enforce_auth:
logger.debug('ClusterAuthenticate ignored: is disabled')
return
if is_localhost(request) and not self.bypass_localhost_check:
logger.debug('ClusterAuthenticate ignored: is local request')
return
if self.get_req_cluster_name(request) is None:
logger.debug('ClusterAuthenticate ignored: no cluster name in request');
return
# Find user and autorized clusters
cluster_name = self.get_req_cluster_name(request)
cluster = self.get_cluster_from_name(cluster_name)
user = AnonymousUser()
if hasattr(request, 'session'):
user = auth.get_user(request)
logger.debug('User from request: ' + str(user))
if user.is_authenticated():
allowed_clusters = self.get_allowed_clusters_for_user(user)
else:
token_string = self.get_req_token_string(request)
user = self.get_user_for_token(token_string)
allowed_clusters = self.get_allowed_clusters_for_token(token_string)
logger.debug('Checking authorization for cluster ' + str(cluster) +
' in cluster list ' + str(allowed_clusters) +
' for ' + str(user))
# Do validation/set user for request
if hasattr(request, 'user'):
request.user = AnonymousUser()
request._cached_user = AnonymousUser()
if cluster and allowed_clusters:
if cluster in allowed_clusters:
request.user = user
request._cached_user = user
return
def render(self, context):
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
pk = Variable(self.pk)
pk = pk.resolve(context)
except:
pk = self.pk
try:
filters = get_query_filters(user, 'boxes.view_box')
box = Box.objects.filter(filters).filter(pk=pk)
if user.is_authenticated():
if not user.profile.is_superuser:
box = box.distinct()
box = box[0]
return box.title
except:
return unicode()
def get(self, request, session_id):
"""
Returns session
"""
response_data = {}
base_uri = generate_base_uri(request)
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(session_id)
try:
user_id = session[SESSION_KEY]
backend_path = session[BACKEND_SESSION_KEY]
backend = load_backend(backend_path)
user = backend.get_user(user_id) or AnonymousUser()
except KeyError:
user = AnonymousUser()
if user.is_authenticated():
response_data['token'] = session.session_key
response_data['expires'] = session.get_expiry_age()
response_data['uri'] = base_uri
response_data['user_id'] = user.id
return Response(response_data, status=status.HTTP_200_OK)
else:
return Response(response_data, status=status.HTTP_404_NOT_FOUND)
def render(self, context):
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
pk = Variable(self.pk)
pk = pk.resolve(context)
except:
pk = self.pk
try:
filters = get_query_filters(user, 'boxes.view_box')
box = Box.objects.filter(filters).filter(pk=pk)
if user.is_authenticated():
if not user.profile.is_superuser:
box = box.distinct()
box = box[0]
return box.title
except:
return unicode()
def bootstrap_nav(context, nav_id, show_title=False):
"""
Bootstrap version of the nav tag
"""
user = AnonymousUser()
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
try:
nav_id = Variable(nav_id)
nav_id = nav_id.resolve(context)
except:
pass
try:
filters = get_query_filters(user, 'navs.view_nav')
navs = Nav.objects.filter(filters).filter(id=nav_id)
if user.is_authenticated():
if not user.profile.is_superuser:
navs = navs.distinct()
nav_object = navs[0]
nav = get_nav(nav_object.pk)
if not nav:
nav = cache_nav(nav_object, show_title)
except:
return None
context.update({
"cached": nav,
"nav_id": nav_id,
"show_title": show_title,
"is_bootstrap": True # added context to enable to indicate bootstrap nav will be used
})
return context
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = u''
randomize = False
group = u''
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'tags' in self.kwargs:
try:
tags = Variable(self.kwargs['tags'])
tags = unicode(tags.resolve(context))
except:
tags = self.kwargs['tags']
tags = tags.replace('"', '')
tags = [t.strip() for t in tags.split(',')]
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
else:
# check the context for an already existing user
if 'user' in context:
user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
if 'group' in self.kwargs:
try:
group = Variable(self.kwargs['group'])
group = unicode(group.resolve(context))
except:
group = self.kwargs['group']
try:
group = int(group)
except:
group = None
filters = get_query_filters(user, self.perms)
items = self.model.objects.filter(filters)
if user.is_authenticated():
if not user.profile.is_superuser:
items = items.distinct()
if tags: # tags is a comma delimited list
# this is fast; but has one hole
# it finds words inside of other words
# e.g. "prev" is within "prevent"
tag_queries = [Q(tags__iexact=t.strip()) for t in tags]
tag_queries += [Q(tags__istartswith=t.strip()+",") for t in tags]
tag_queries += [Q(tags__iendswith=", "+t.strip()) for t in tags]
tag_queries += [Q(tags__iendswith=","+t.strip()) for t in tags]
tag_queries += [Q(tags__icontains=", "+t.strip()+",") for t in tags]
tag_queries += [Q(tags__icontains=","+t.strip()+",") for t in tags]
tag_query = reduce(or_, tag_queries)
items = items.filter(tag_query)
if group:
items = items.filter(group=group)
objects = []
# Removed seconds and microseconds so we can cache the query better
now = datetime.now().replace(second=0, microsecond=0)
# Custom filter for stories
date_query = reduce(or_, [Q(end_dt__gte=now), Q(expires=False)])
date_query = reduce(and_, [Q(start_dt__lte=now), date_query])
items = items.filter(date_query)
if order:
items = items.order_by(order)
else:
items = items.order_by('-position', '-start_dt')
# if order is not specified it sorts by relevance
if randomize:
objects = [item for item in random.sample(items, len(items))][:limit]
else:
objects = [item for item in items[:limit]]
context[self.context_var] = objects
return ""
def has_perm(self, user_obj, perm, obj=None):
'''
main method, calls other methods based on permission type queried
'''
if not user_obj.is_authenticated():
allowed_tokens = getattr(user_obj, 'allowed_tokens', [])
user_obj = AnonymousUser()
user_obj.allowed_tokens = allowed_tokens
if obj is None:
return False
try:
perm_label, perm_type = perm.split('.')
# the following is necessary because of the ridiculous naming
# of 'Dataset_File'......
type_list = perm_type.split('_')
perm_action = type_list[0]
perm_ct = '_'.join(type_list[1:])
except:
return False
if perm_label != self.app_label:
return False
ct = ContentType.objects.get_for_model(obj)
if ct.model != perm_ct:
return False
method_name = '_has_%s_perm' % perm_action
# run any custom perms per model, continue if not None
# allows complete overriding of standard authorisation, eg for public
# experiments
model_spec_perm = getattr(obj, method_name,
lambda *args, **kwargs: None)(user_obj)
if type(model_spec_perm) == bool:
return model_spec_perm
elif model_spec_perm is not None:
# pass auth to a different object, if False try this ACL
# works when returned object is parent.
# makes it impossible to 'hide' child objects
if type(model_spec_perm) not in (list, set, QuerySet):
model_spec_perm = [model_spec_perm]
for msp in model_spec_perm:
new_ct = ContentType.objects.get_for_model(msp)
new_perm = '%s.%s_%s' % (perm_label, perm_action, new_ct)
if user_obj.has_perm(new_perm, msp):
return True
#get_acls
obj_acls = ObjectACL.objects\
.filter(content_type=ct, object_id=obj.id)\
.filter(self.get_perm_bool(perm_action))\
.filter(ObjectACL.get_effective_query())
query = Q(pluginId='django_user', entityId=str(user_obj.id))
if user_obj.is_authenticated():
for name, group in user_obj.get_profile().ext_groups:
query |= Q(pluginId=name, entityId=str(group))
else:
# the only authorisation available for anonymous users is tokenauth
tgp = TokenGroupProvider()
for group in tgp.getGroups(user_obj):
query |= Q(pluginId=tgp.name, entityId=str(group))
return obj_acls.filter(query).count() > 0
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = u''
exclude = u''
randomize = False
group = u''
status_detail = u'active'
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'tags' in self.kwargs:
try:
tags = Variable(self.kwargs['tags'])
tags = unicode(tags.resolve(context))
except:
tags = self.kwargs['tags']
tags = tags.replace('"', '')
tags = tags.split(',')
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
if user == "anon" or user == "anonymous":
user = AnonymousUser()
else:
# check the context for an already existing user
# and see if it is really a user object
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
if 'exclude' in self.kwargs:
try:
exclude = Variable(self.kwargs['exclude'])
exclude = unicode(exclude.resolve(context))
except:
exclude = self.kwargs['exclude']
exclude = exclude.replace('"', '')
exclude = exclude.split(',')
if 'group' in self.kwargs:
try:
group = Variable(self.kwargs['group'])
group = unicode(group.resolve(context))
except:
group = self.kwargs['group']
try:
group = int(group)
except:
group = None
if 'status_detail' in self.kwargs:
try:
status_detail = Variable(self.kwargs['status_detail'])
status_detail = status_detail.resolve(context)
except:
status_detail = self.kwargs['status_detail']
# get the list of items
self.perms = getattr(self, 'perms', unicode())
# Only use the search index if there is a query passed
if query:
for tag in tags:
tag = tag.strip()
query = '%s "tag:%s"' % (query, tag)
items = self.model.objects.search(user=user, query=query)
else:
filters = get_query_filters(user, self.perms)
items = self.model.objects.filter(filters)
if user.is_authenticated():
items = items.distinct()
if tags: # tags is a comma delimited list
# this is fast; but has one hole
# it finds words inside of other words
# e.g. "prev" is within "prevent"
tag_queries = [Q(tags__iexact=t.strip()) for t in tags]
tag_queries += [
Q(tags__istartswith=t.strip() + ",") for t in tags
]
tag_queries += [
Q(tags__iendswith=", " + t.strip()) for t in tags
]
tag_queries += [
Q(tags__iendswith="," + t.strip()) for t in tags
]
tag_queries += [
Q(tags__icontains=", " + t.strip() + ",") for t in tags
]
tag_queries += [
Q(tags__icontains="," + t.strip() + ",") for t in tags
]
tag_query = reduce(or_, tag_queries)
items = items.filter(tag_query)
if hasattr(self.model, 'group') and group:
items = items.filter(group=group)
if hasattr(self.model(), 'status_detail'):
items = items.filter(status_detail__iexact=status_detail)
objects = []
# exclude certain primary keys
if exclude:
excludes = []
for ex in exclude:
if ex.isdigit():
excludes.append(int(ex))
if query:
items = items.exclude(primary_key__in=excludes)
else:
items = items.exclude(pk__in=excludes)
# if order is not specified it sorts by relevance
if order:
items = items.order_by(order)
if randomize:
objects = [item
for item in random.sample(items, len(items))][:limit]
else:
objects = [item for item in items[:limit]]
if query:
objects = [item.object for item in objects]
context[self.context_var] = objects
if 'template' in self.kwargs:
try:
template = Variable(self.kwargs['template'])
template = unicode(template.resolve(context))
except:
template = self.kwargs['template']
t = loader.get_template(template)
return t.render(Context(context, autoescape=context.autoescape))
return ""
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = 'next_upcoming'
event_type = ''
group = u''
start_dt = u''
randomize = False
if 'start_dt' in self.kwargs:
try:
start_dt = datetime.strptime(
self.kwargs['start_dt'].replace('"', '').replace('"', ''),
'%m/%d/%Y-%H:%M')
except ValueError:
pass
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'tags' in self.kwargs:
try:
tags = Variable(self.kwargs['tags'])
tags = unicode(tags.resolve(context))
except:
tags = self.kwargs['tags']
tags = tags.replace('"', '')
tags = tags.split(',')
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
if user == "anon" or user == "anonymous":
user = AnonymousUser()
else:
# check the context for an already existing user
# and see if it is really a user object
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
if 'type' in self.kwargs:
try:
event_type = Variable(self.kwargs['type'])
event_type = event_type.resolve(context)
except:
event_type = self.kwargs['type']
if 'group' in self.kwargs:
try:
group = Variable(self.kwargs['group'])
group = unicode(group.resolve(context))
except:
group = self.kwargs['group']
try:
group = int(group)
except:
group = None
filters = get_query_filters(user, 'events.view_event')
items = Event.objects.filter(filters)
if user.is_authenticated():
if not user.profile.is_superuser:
items = items.distinct()
if event_type:
items = items.filter(type__name__iexact=event_type)
if tags: # tags is a comma delimited list
# this is fast; but has one hole
# it finds words inside of other words
# e.g. "prev" is within "prevent"
tag_queries = [Q(tags__iexact=t.strip()) for t in tags]
tag_queries += [Q(tags__istartswith=t.strip() + ",") for t in tags]
tag_queries += [Q(tags__iendswith=", " + t.strip()) for t in tags]
tag_queries += [Q(tags__iendswith="," + t.strip()) for t in tags]
tag_queries += [
Q(tags__icontains=", " + t.strip() + ",") for t in tags
]
tag_queries += [
Q(tags__icontains="," + t.strip() + ",") for t in tags
]
tag_query = reduce(or_, tag_queries)
items = items.filter(tag_query)
if hasattr(self.model, 'group') and group:
items = items.filter(group=group)
objects = []
if start_dt:
items = items.filter(start_dt__gte=start_dt)
# if order is not specified it sorts by relevance
if order:
if order == "next_upcoming":
if not start_dt:
# Removed seconds and microseconds so we can cache the query better
now = datetime.now().replace(second=0, microsecond=0)
items = items.filter(start_dt__gt=now)
items = items.order_by("start_dt")
elif order == "current_and_upcoming":
if not start_dt:
now = datetime.now().replace(second=0, microsecond=0)
items = items.filter(
Q(start_dt__gt=now) | Q(end_dt__gt=now))
items = items.order_by("start_dt")
elif order == "current_and_upcoming_by_hour":
now = datetime.now().replace(second=0, microsecond=0)
today = datetime.now().replace(second=0,
hour=0,
minute=0,
microsecond=0)
tomorrow = today + timedelta(days=1)
items = items.filter(
Q(start_dt__lte=tomorrow) & Q(end_dt__gte=today)).extra(
select={
'hour': 'extract( hour from start_dt )'
}).extra(select={
'minute': 'extract( minute from start_dt )'
}).extra(where=["extract( hour from start_dt ) >= %s"],
params=[now.hour])
items = items.distinct()
items = items.order_by('hour', 'minute')
else:
items = items.order_by(order)
if randomize:
objects = [item
for item in random.sample(items, items.count())][:limit]
else:
objects = [item for item in items[:limit]]
context[self.context_var] = objects
return ""
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = u''
exclude = u''
randomize = False
group = u''
status_detail = u'active'
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'tags' in self.kwargs:
try:
tags = Variable(self.kwargs['tags'])
tags = unicode(tags.resolve(context))
except:
tags = self.kwargs['tags']
tags = tags.replace('"', '')
tags = tags.split(',')
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
if user == "anon" or user == "anonymous":
user = AnonymousUser()
# for performance reason, if user is not passed in, use AnonymousUser
# else:
# # check the context for an already existing user
# # and see if it is really a user object
# if 'user' in context:
# if isinstance(context['user'], User):
# user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
if 'exclude' in self.kwargs:
try:
exclude = Variable(self.kwargs['exclude'])
exclude = unicode(exclude.resolve(context))
except:
exclude = self.kwargs['exclude']
exclude = exclude.replace('"', '')
exclude = exclude.split(',')
if 'group' in self.kwargs:
try:
group = Variable(self.kwargs['group'])
group = unicode(group.resolve(context))
except:
group = self.kwargs['group']
try:
group = int(group)
except:
group = None
if 'status_detail' in self.kwargs:
try:
status_detail = Variable(self.kwargs['status_detail'])
status_detail = status_detail.resolve(context)
except:
status_detail = self.kwargs['status_detail']
# get the list of items
self.perms = getattr(self, 'perms', unicode())
# Only use the search index if there is a query passed
if query:
for tag in tags:
tag = tag.strip()
query = '%s "tag:%s"' % (query, tag)
items = self.model.objects.search(user=user, query=query)
else:
filters = get_query_filters(user, self.perms)
items = self.model.objects.filter(filters)
if user.is_authenticated():
items = items.distinct()
if tags: # tags is a comma delimited list
# this is fast; but has one hole
# it finds words inside of other words
# e.g. "prev" is within "prevent"
tag_queries = [Q(tags__iexact=t.strip()) for t in tags]
tag_queries += [Q(tags__istartswith=t.strip() + ",") for t in tags]
tag_queries += [Q(tags__iendswith=", " + t.strip()) for t in tags]
tag_queries += [Q(tags__iendswith="," + t.strip()) for t in tags]
tag_queries += [Q(tags__icontains=", " + t.strip() + ",") for t in tags]
tag_queries += [Q(tags__icontains="," + t.strip() + ",") for t in tags]
tag_query = reduce(or_, tag_queries)
items = items.filter(tag_query)
if hasattr(self.model, 'group') and group:
items = items.filter(group=group)
if hasattr(self.model, 'groups') and group:
items = items.filter(groups__in=[group])
if hasattr(self.model(), 'status_detail'):
items = items.filter(status_detail__iexact=status_detail)
items = self.custom_model_filter(items, user)
objects = []
# exclude certain primary keys
if exclude:
excludes = []
for ex in exclude:
if ex.isdigit():
excludes.append(int(ex))
if query:
items = items.exclude(primary_key__in=excludes)
else:
items = items.exclude(pk__in=excludes)
# if order is not specified it sorts by relevance
if order:
items = items.order_by(order)
if randomize:
objects = [item for item in random.sample(items, len(items))][:limit]
else:
objects = [item for item in items[:limit]]
if query:
objects = [item.object for item in objects]
context[self.context_var] = objects
if 'template' in self.kwargs:
try:
template = Variable(self.kwargs['template'])
template = unicode(template.resolve(context))
except:
template = self.kwargs['template']
t = loader.get_template(template)
return t.render(Context(context, autoescape=context.autoescape))
return ""
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = 'next_upcoming'
event_type = ''
group = u''
randomize = False
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'tags' in self.kwargs:
try:
tags = Variable(self.kwargs['tags'])
tags = unicode(tags.resolve(context))
except:
tags = self.kwargs['tags']
tags = tags.replace('"', '')
tags = tags.split(',')
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
if user == "anon" or user == "anonymous":
user = AnonymousUser()
else:
# check the context for an already existing user
# and see if it is really a user object
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
if 'type' in self.kwargs:
try:
event_type = Variable(self.kwargs['type'])
event_type = event_type.resolve(context)
except:
event_type = self.kwargs['type']
if 'group' in self.kwargs:
try:
group = Variable(self.kwargs['group'])
group = unicode(group.resolve(context))
except:
group = self.kwargs['group']
try:
group = int(group)
except:
group = None
filters = get_query_filters(user, 'events.view_event')
items = Event.objects.filter(filters)
if user.is_authenticated():
if not user.profile.is_superuser:
items = items.distinct()
if event_type:
items = items.filter(type__name__iexact=event_type)
if tags: # tags is a comma delimited list
# this is fast; but has one hole
# it finds words inside of other words
# e.g. "prev" is within "prevent"
tag_queries = [Q(tags__iexact=t.strip()) for t in tags]
tag_queries += [Q(tags__istartswith=t.strip()+",") for t in tags]
tag_queries += [Q(tags__iendswith=", "+t.strip()) for t in tags]
tag_queries += [Q(tags__iendswith=","+t.strip()) for t in tags]
tag_queries += [Q(tags__icontains=", "+t.strip()+",") for t in tags]
tag_queries += [Q(tags__icontains=","+t.strip()+",") for t in tags]
tag_query = reduce(or_, tag_queries)
items = items.filter(tag_query)
if hasattr(self.model, 'group') and group:
items = items.filter(group=group)
objects = []
# if order is not specified it sorts by relevance
if order:
if order == "next_upcoming":
# Removed seconds and microseconds so we can cache the query better
now = datetime.now().replace(second=0, microsecond=0)
items = items.filter(start_dt__gt = now)
items = items.order_by("start_dt")
elif order == "current_and_upcoming":
now = datetime.now().replace(second=0, microsecond=0)
items = items.filter(Q(start_dt__gt=now) | Q(end_dt__gt=now))
items = items.order_by("start_dt")
else:
items = items.order_by(order)
if randomize:
objects = [item for item in random.sample(items, items.count())][:limit]
else:
objects = [item for item in items[:limit]]
context[self.context_var] = objects
return ""
def has_perm(self, user_obj, perm, obj=None):
'''
main method, calls other methods based on permission type queried
'''
if not user_obj.is_authenticated():
allowed_tokens = getattr(user_obj, 'allowed_tokens', [])
user_obj = AnonymousUser()
user_obj.allowed_tokens = allowed_tokens
if obj is None:
return False
try:
perm_label, perm_type = perm.split('.')
# the following is necessary because of the ridiculous naming
# of 'Dataset_File'......
type_list = perm_type.split('_')
perm_action = type_list[0]
perm_ct = '_'.join(type_list[1:])
except:
return False
if perm_label != self.app_label:
return False
ct = ContentType.objects.get_for_model(obj)
if ct.model != perm_ct:
return False
method_name = '_has_%s_perm' % perm_action
# run any custom perms per model, continue if not None
# allows complete overriding of standard authorisation, eg for public
# experiments
model_spec_perm = getattr(obj, method_name,
lambda *args, **kwargs: None)(user_obj)
if type(model_spec_perm) == bool:
return model_spec_perm
elif model_spec_perm is not None:
# pass auth to a different object, if False try this ACL
# works when returned object is parent.
# makes it impossible to 'hide' child objects
if type(model_spec_perm) not in (list, set, QuerySet):
model_spec_perm = [model_spec_perm]
for msp in model_spec_perm:
new_ct = ContentType.objects.get_for_model(msp)
new_perm = '%s.%s_%s' % (perm_label, perm_action, new_ct)
if user_obj.has_perm(new_perm, msp):
return True
#get_acls
obj_acls = ObjectACL.objects\
.filter(content_type=ct, object_id=obj.id)\
.filter(self.get_perm_bool(perm_action))\
.filter(ObjectACL.get_effective_query())
query = Q(pluginId='django_user',
entityId=str(user_obj.id))
if user_obj.is_authenticated():
for name, group in user_obj.get_profile().ext_groups:
query |= Q(pluginId=name, entityId=str(group))
else:
# the only authorisation available for anonymous users is tokenauth
tgp = TokenGroupProvider()
for group in tgp.getGroups(user_obj):
query |= Q(pluginId=tgp.name, entityId=str(group))
return obj_acls.filter(query).count() > 0
class TestAllowExtensionReviewerReadOnly(TestCase):
fixtures = fixture('user_2519')
def setUp(self):
self.permission = AllowExtensionReviewerReadOnly()
self.user = AnonymousUser()
self.request_factory = RequestFactory()
self.unsafe_methods = ('patch', 'post', 'put', 'delete')
self.safe_methods = ('get', 'options', 'head')
def _request(self, verb):
request = getattr(self.request_factory, verb)('/')
request.user = self.user
if self.user.is_authenticated():
request.groups = request.user.groups.all()
return request
def test_has_permission_anonymous(self):
for verb in self.safe_methods + self.unsafe_methods:
eq_(self.permission.has_permission(self._request(verb), 'myview'),
False)
def test_has_permission_no_rights(self):
self.user = UserProfile.objects.get(pk=2519)
for verb in self.safe_methods + self.unsafe_methods:
eq_(self.permission.has_permission(self._request(verb), 'myview'),
False)
def test_has_permission_reviewer(self):
self.user = UserProfile.objects.get(pk=2519)
self.grant_permission(self.user, 'ContentTools:AddonReview')
for verb in self.safe_methods:
eq_(self.permission.has_permission(self._request(verb), 'myview'),
True)
# Unsafe methods are still disallowed.
for verb in self.unsafe_methods:
eq_(self.permission.has_permission(self._request(verb), 'myview'),
False)
def test_has_object_permission(self):
obj = Mock()
for verb in self.safe_methods + self.unsafe_methods:
eq_(self.permission.has_object_permission(self._request(verb),
'myview', obj), False)
def test_has_object_permission_no_rights(self):
self.user = UserProfile.objects.get(pk=2519)
obj = Mock()
for verb in self.safe_methods + self.unsafe_methods:
eq_(self.permission.has_object_permission(self._request(verb),
'myview', obj), False)
def test_has_object_permission_reviewer(self):
self.user = UserProfile.objects.get(pk=2519)
self.grant_permission(self.user, 'ContentTools:AddonReview')
obj = Mock()
for verb in self.safe_methods:
eq_(self.permission.has_object_permission(self._request(verb),
'myview', obj), True)
# Unsafe methods are still disallowed.
for verb in self.unsafe_methods:
eq_(self.permission.has_object_permission(self._request(verb),
'myview', obj), False)
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = 'next_upcoming'
event_type = ''
group = u''
start_dt = u''
randomize = False
if 'start_dt' in self.kwargs:
try:
start_dt = datetime.strptime(self.kwargs['start_dt'].replace('"', '').replace('"', ''), '%m/%d/%Y-%H:%M')
except ValueError:
pass
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'tags' in self.kwargs:
try:
tags = Variable(self.kwargs['tags'])
tags = unicode(tags.resolve(context))
except:
tags = self.kwargs['tags']
tags = tags.replace('"', '')
tags = tags.split(',')
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
if user == "anon" or user == "anonymous":
user = AnonymousUser()
else:
# check the context for an already existing user
# and see if it is really a user object
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
if 'type' in self.kwargs:
try:
event_type = Variable(self.kwargs['type'])
event_type = event_type.resolve(context)
except:
event_type = self.kwargs['type']
if 'group' in self.kwargs:
try:
group = Variable(self.kwargs['group'])
group = unicode(group.resolve(context))
except:
group = self.kwargs['group']
try:
group = int(group)
except:
group = None
filters = get_query_filters(user, 'events.view_event')
items = Event.objects.filter(filters)
if user.is_authenticated():
if not user.profile.is_superuser:
items = items.distinct()
if event_type:
items = items.filter(type__name__iexact=event_type)
if tags: # tags is a comma delimited list
# this is fast; but has one hole
# it finds words inside of other words
# e.g. "prev" is within "prevent"
tag_queries = [Q(tags__iexact=t.strip()) for t in tags]
tag_queries += [Q(tags__istartswith=t.strip()+",") for t in tags]
tag_queries += [Q(tags__iendswith=", "+t.strip()) for t in tags]
tag_queries += [Q(tags__iendswith=","+t.strip()) for t in tags]
tag_queries += [Q(tags__icontains=", "+t.strip()+",") for t in tags]
tag_queries += [Q(tags__icontains=","+t.strip()+",") for t in tags]
tag_query = reduce(or_, tag_queries)
items = items.filter(tag_query)
if hasattr(self.model, 'group') and group:
items = items.filter(groups=group)
if hasattr(self.model, 'groups') and group:
items = items.filter(groups__in=[group])
objects = []
if start_dt:
items = items.filter(start_dt__gte=start_dt)
# exclude private events
items = items.filter(enable_private_slug=False)
# if order is not specified it sorts by relevance
if order:
if order == "next_upcoming":
if not start_dt:
# Removed seconds and microseconds so we can cache the query better
now = datetime.now().replace(second=0, microsecond=0)
items = items.filter(start_dt__gt=now)
items = items.order_by("start_dt")
elif order == "current_and_upcoming":
if not start_dt:
now = datetime.now().replace(second=0, microsecond=0)
items = items.filter(Q(start_dt__gt=now) | Q(end_dt__gt=now))
items = items.order_by("start_dt")
elif order == "current_and_upcoming_by_hour":
now = datetime.now().replace(second=0, microsecond=0)
today = datetime.now().replace(second=0, hour=0, minute=0, microsecond=0)
tomorrow = today + timedelta(days=1)
items = items.filter(Q(start_dt__lte=tomorrow) & Q(end_dt__gte=today)).extra(select={'hour': 'extract( hour from start_dt )'}).extra(select={'minute': 'extract( minute from start_dt )'}).extra(where=["extract( hour from start_dt ) >= %s"], params=[now.hour])
items = items.distinct()
items = items.order_by('hour', 'minute')
else:
items = items.order_by(order)
if randomize:
objects = [item for item in random.sample(items, items.count())][:limit]
else:
objects = [item for item in items[:limit]]
context[self.context_var] = objects
return ""
from nose import tools
from nose.tools import ok_, eq_
from django.core.handlers.wsgi import WSGIRequest
from django.contrib.auth.models import User, AnonymousUser
from django.http import Http404, HttpResponseForbidden
from django.test import TestCase
from django.test.client import RequestFactory
from .fixtures import create_user, create_project, create_template
from ..models import Template, Project
from ..decorators import valid_user_project, valid_template
anon_user = AnonymousUser()
anon_user.is_authenticated = MagicMock(return_value=False)
@valid_user_project(['username', 'shortcode'])
def view_mock(request, project):
"""Mock of a view"""
return request, project
@valid_user_project(['uuid'])
def view_mock_uuid(request, project):
"""Mock of a view"""
return request, project
class TestValidProjectDecorator(TestCase):
def render(self, context):
tags = u''
query = u''
user = AnonymousUser()
limit = 3
order = '-join_dt'
randomize = False
allow_anonymous_search = get_setting('module',
'corporate_memberships',
'anonymoussearchcorporatemembers')
allow_member_search = get_setting('module',
'corporate_memberships',
'membersearchcorporatemembers')
allow_member_search = allow_member_search or allow_anonymous_search
if 'random' in self.kwargs:
randomize = bool(self.kwargs['random'])
if 'user' in self.kwargs:
try:
user = Variable(self.kwargs['user'])
user = user.resolve(context)
except:
user = self.kwargs['user']
if user == "anon" or user == "anonymous":
user = AnonymousUser()
else:
# check the context for an already existing user
# and see if it is really a user object
if 'user' in context:
if isinstance(context['user'], User):
user = context['user']
if 'limit' in self.kwargs:
try:
limit = Variable(self.kwargs['limit'])
limit = limit.resolve(context)
except:
limit = self.kwargs['limit']
limit = int(limit)
if 'query' in self.kwargs:
try:
query = Variable(self.kwargs['query'])
query = query.resolve(context)
except:
query = self.kwargs['query'] # context string
if 'order' in self.kwargs:
try:
order = Variable(self.kwargs['order'])
order = order.resolve(context)
except:
order = self.kwargs['order']
items = CorpMembership.objects.all()
if user.is_authenticated():
if not user.profile.is_superuser:
if user.profile.is_member and allow_member_search:
items = items.distinct()
else:
items = items.none()
else:
if not allow_anonymous_search:
items = items.none()
objects = []
# if order is not specified it sorts by relevance
if order:
items = items.order_by(order)
if randomize:
objects = [item for item in random.sample(items, items.count())][:limit]
else:
objects = [item for item in items[:limit]]
context[self.context_var] = objects
return ""
