def inner(request, *args, **kwargs): if not request.user.is_superuser: raise PermissionDenied("Admins must be Superusers") elif not (request.user.is_verified() or settings.DEBUG): # OTP has a decorator for this, but it bounces the user back to the # login page - which will fail because the user is already logged in raise PermissionDenied("Admins must have Two Factor Authentication enabled") elif not request.is_elevated(): return redirect_to_elevate(request.get_full_path()) return func(request, *args, **kwargs)
def inner(request, *args, **kwargs): if not request.user.is_superuser: raise PermissionDenied("Admins must be Superusers") elif not (request.user.is_verified() or settings.DEBUG): # OTP has a decorator for this, but it bounces the user back to the # login page - which will fail because the user is already logged in raise PermissionDenied( "Admins must have Two Factor Authentication enabled") elif not request.is_elevated(): return redirect_to_elevate(request.get_full_path()) return func(request, *args, **kwargs)
def test_redirect_to_elevate_custom_url(self): response = redirect_to_elevate('/foo', '/lolelevate/') self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '/lolelevate/?next=/foo')
def test_redirect_to_elevate_with_querystring(self): response = redirect_to_elevate('/foo?foo=bar') self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '/elevate/?next=/foo%3Ffoo%3Dbar')
def test_redirect_to_elevate_simple(self): response = redirect_to_elevate('/foo') self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '/elevate/?next=/foo')
def inner(request, *args, **kwargs): if not request.is_elevated(): return redirect_to_elevate(request.get_full_path()) return func(request, *args, **kwargs)