class MandrillWebhookView(View): permission = AllowAny() def head(self, *args, **kwargs): return HttpResponse() def post(self, request, *args, **kwargs): try: data = json.loads(request.POST.get('mandrill_events')) except TypeError: return HttpResponse(status=400) for event in data: try: self.process_event(event) except Exception as ex: # pylint: disable=W0703 logger.exception(ex) return HttpResponse() def process_event(self, event_dict): message_id = event_dict.get('_id', None) if message_id: message = get_object_or_none( EmailMessage, extra_sender_data__contains='"_id":"{}"'.format(message_id)) if message: message.change_and_save(last_webhook_received_at=now())
class MandrillWebhookView(View): permission = AllowAny() def head(self, *args, **kwargs): return HttpResponse() def post(self, request, *args, **kwargs): try: data = json.loads(request.POST.get('mandrill_events')) except TypeError: return HttpResponse(status=400) for event in data: try: self.process_event(event) except Exception as ex: # pylint: disable=W0703 logger.exception(ex) return HttpResponse() def process_event(self, event_dict): message_id = event_dict.get('_id', None) if message_id: message = EmailMessage.objects.filter( external_id=message_id).first() if message: message.change_and_save(last_webhook_received_at=now())
class InlineView(ContextMixin): template_name = None permission = AllowAny() def __init__(self, request, parent_view, parent_instance): self.request = request self.parent_view = parent_view self.parent_instance = parent_instance assert self.permission, 'Permissions must be set' def can_render(self): return self.permission.has_permission('read', self.request, self) def render(self, context, title): assert self.can_render(), 'Inline view cannot be rendered' template = self.template_name context.update(self.get_context_data(title=title)) return render_to_string(template, context.flatten()) def __copy__(self): return self def __deepcopy__(self, memo): return self
def test_fields_list_permission_sould_return_right_readonly_fields(self): field_list_permission = FieldsListPermission(permission=PermissionsSet( read=AllowAny(), edit=ObjIsNotNonePermission()), fields=('a', 'b', 'c')) assert_equal( field_list_permission.get_readonly_fields(None, None, None), {'a', 'b', 'c'}) assert_equal(field_list_permission.get_readonly_fields(None, None, ''), set())
class AuthResource(RESTResource): permission = AllowAny() csrf_exempt = True allowed_methods = ('post', 'delete') form_class = TokenAuthenticationSmartForm allowed_cookie = False allowed_header = True def _sucessful_login(self, request): pass def _login(self, user, expiration, form): login(self.request, user, expiration, allowed_cookie=self.allowed_cookie, allowed_header=self.allowed_header) def _unsucessful_login(self, request): pass def get_form_kwargs(self): return {'data': self.get_dict_data(), 'request': self.request} def get_form_class(self): return self.form_class def post(self): if not self.request.data: raise RESTException(ugettext('Missing data')) form = self.get_form_class()(**self.get_form_kwargs()) errors = form.is_invalid() if errors: self._unsucessful_login(self.request) return RESTErrorResponse(errors) self._sucessful_login(self.request) self._login(form.get_user(), not form.is_permanent(), form) return {'token': self.request.token.key, 'user': form.get_user()} def delete(self): if self.request.user.is_authenticated: logout(self.request) return RESTNoContentResponse() @classmethod def __init_core__(cls, core, pattern): cls.core = core cls.pattern = pattern def has_delete_permission(self, **kwargs): return ( self.request.user.is_authenticated and super().has_delete_permission(**kwargs) )
def test_fields_set_permission_sould_return_right_disallowed_fields(self): field_set_permission = FieldsSetPermission( FieldsListPermission( permission=PermissionsSet(read=ObjIsNotNonePermission()), fields=('a', 'b', 'c')), FieldsListPermission(permission=PermissionsSet( read=AllowAny(), edit=ObjIsNotNonePermission()), fields=('a', 'b', 'd')), FieldsListPermission( permission=PermissionsSet(read=ObjIsNotNonePermission()), fields=('e', )), ) assert_equal( field_set_permission.get_disallowed_fields(None, None, None), {'a', 'b', 'c', 'e'}) assert_equal( field_set_permission.get_disallowed_fields(None, None, ''), set())
class EntryPointResource(RESTResource): allowed_methods = ('get', 'head', 'options') permission = AllowAny() def get(self): out = {} for pattern_name, pattern in patterns.items(): if isinstance(pattern, RESTPattern): try: url = pattern.get_url_string(self.request) allowed_methods = pattern.get_allowed_methods(self.request, None) if allowed_methods: out[pattern_name] = {'url': url, 'methods': allowed_methods} except NoReverseMatch: pass return out