def process(self, request, ids):
shop = get_shop(request)
reset_domain_url = request.build_absolute_uri("/")
if isinstance(ids, str) and ids == "all":
query = Q()
else:
query = Q(pk__in=ids)
for user in get_user_model().objects.filter(query):
# if user is staff, then use the admin url and templates
if user.is_staff or user.is_superuser:
reset_url_name = "shuup_admin:recover_password"
subject_template_name = "shuup/admin/auth/recover_password_mail_subject.jinja"
email_template_name = "shuup/admin/auth/recover_password_mail_content.jinja"
else:
reset_url_name = "shuup:recover_password_confirm"
subject_template_name = "shuup/user/recover_password_mail_subject.jinja"
email_template_name = "shuup/user/recover_password_mail_content.jinja"
send_user_reset_password_email(
user=user,
shop=shop,
reset_domain_url=reset_domain_url,
reset_url_name=reset_url_name,
token_generator=default_token_generator,
subject_template_name=subject_template_name,
email_template_name=email_template_name,
)
def process_request(self, request):
shop = getattr(request, "shop", get_shop(request))
theme = get_current_theme(shop)
if theme:
theme.set_current()
else:
log.error((_("Shop '{}' has no active theme")).format(shop))
def inject_global_snippet(context, content):
if not valid_view(context):
return
from shuup.xtheme import get_current_theme
from shuup.xtheme.models import Snippet, SnippetType
shop = get_shop(context["request"])
cache_key = GLOBAL_SNIPPETS_CACHE_KEY.format(shop_id=shop.id)
snippets = cache.get(cache_key)
if snippets is None:
snippets = Snippet.objects.filter(shop=shop)
cache.set(cache_key, snippets)
for snippet in snippets:
if snippet.themes:
current_theme = get_current_theme(shop)
if current_theme and current_theme.identifier not in snippet.themes:
continue
content = snippet.snippet
if snippet.snippet_type == SnippetType.InlineJS:
content = InlineScriptResource(content)
elif snippet.snippet_type == SnippetType.InlineCSS:
content = InlineStyleResource(content)
elif snippet.snippet_type == SnippetType.InlineHTMLMarkup:
content = InlineMarkupResource(content)
elif snippet.snippet_type == SnippetType.InlineJinjaHTMLMarkup:
context = dict(context.items())
# prevent recursive injection
context["allow_resource_injection"] = False
content = JinjaMarkupResource(content, context)
add_resource(context, snippet.location, content)
def has_permission(self, request, view):
try:
permission = int(
configuration.get(None, make_permission_config_key(view),
DEFAULT_PERMISSION))
except ValueError:
permission = DEFAULT_PERMISSION
# god mode - just works if API is not disabled
if request.user.is_authenticated:
if request.user.is_superuser or get_shop(
request).staff_members.filter(pk=request.user.pk).exists():
return permission <= PermissionLevel.ADMIN
# safe requests: GET, HEAD, OPTIONS
if request.method in permissions.SAFE_METHODS:
# to READ, the permissions can be WRITE or READ
return (request.user.is_authenticated
and permission <= PermissionLevel.AUTHENTICATED_WRITE
) or permission <= PermissionLevel.PUBLIC_WRITE
# NOT safe: POST, PUT, DELETE
else:
# to change data, permission must be exactly WRITE
if request.user.is_authenticated:
return permission in (PermissionLevel.AUTHENTICATED_WRITE,
PermissionLevel.PUBLIC_WRITE)
return permission == PermissionLevel.PUBLIC_WRITE
def inject_global_snippet(context, content):
if not valid_view(context):
return
from shuup.xtheme import get_current_theme
from shuup.xtheme.models import Snippet, SnippetType
shop = get_shop(context["request"])
cache_key = GLOBAL_SNIPPETS_CACHE_KEY.format(shop_id=shop.id)
snippets = cache.get(cache_key)
if snippets is None:
snippets = Snippet.objects.filter(shop=shop)
cache.set(cache_key, snippets)
for snippet in snippets:
if snippet.themes:
current_theme = get_current_theme(shop)
if current_theme and current_theme.identifier not in snippet.themes:
continue
content = snippet.snippet
if snippet.snippet_type == SnippetType.InlineJS:
content = InlineScriptResource(content)
elif snippet.snippet_type == SnippetType.InlineCSS:
content = InlineStyleResource(content)
elif snippet.snippet_type == SnippetType.InlineHTMLMarkup:
content = InlineMarkupResource(content)
add_resource(context, snippet.location, content)
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end",
static("shuup_gdpr/shuup_gdpr_styles.css"))
user = request.user
if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request":
request,
"csrf_token":
context["csrf_token"],
"url":
"/%s" % consent_page.url,
"accept_url":
reverse("shuup:gdpr_policy_consent",
kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja",
context=render_context))
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
context=render_context))
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
def get_context_data(self, context):
shop = get_shop(context["request"])
cfg = get_connection_info(shop)
return {
"mailchimp_enabled": cfg.get("mailchimp_check_success", False),
"title": self.get_translated_value("title"),
"lead": self.get_translated_value("lead"),
"link_title": self.get_translated_value("link_title"),
"input_placeholder_text": self.get_translated_value("input_placeholder_text"),
"success_message": self.get_translated_value("success_message"),
"error_message": self.get_translated_value("error_message"),
}
def inject_global_snippet(context, content): # noqa: C901
if not valid_view(context):
return
from shuup.xtheme import get_current_theme
from shuup.xtheme.models import Snippet, SnippetType
request = context["request"]
shop = getattr(request, "shop", None) or get_shop(context["request"])
cache_key = GLOBAL_SNIPPETS_CACHE_KEY.format(shop_id=shop.id)
snippets = cache.get(cache_key)
if snippets is None:
snippets = Snippet.objects.filter(shop=shop)
cache.set(cache_key, snippets)
for snippet in snippets:
if snippet.themes:
current_theme = getattr(request, "theme",
None) or get_current_theme(shop)
if current_theme and current_theme.identifier not in snippet.themes:
continue
snippet_blockers = get_provide_objects(
"xtheme_snippet_blocker") # type: Iterable[SnippetBlocker]
blocked = False
for snippet_blocker in snippet_blockers:
if snippet_blocker.should_block_global_snippet_injection(
snippet, context):
blocked = True
break
if blocked:
continue
content = snippet.snippet
if snippet.snippet_type == SnippetType.InlineJS:
content = InlineScriptResource(content)
elif snippet.snippet_type == SnippetType.InlineCSS:
content = InlineStyleResource(content)
elif snippet.snippet_type == SnippetType.InlineHTMLMarkup:
content = InlineMarkupResource(content)
elif snippet.snippet_type == SnippetType.InlineJinjaHTMLMarkup:
context = dict(context.items())
# prevent recursive injection
context["allow_resource_injection"] = False
content = JinjaMarkupResource(content, context)
add_resource(context, snippet.location, content)
def resolve_manufactures(self, info, search=None, **kwargs):
queryset = Manufacturer.objects.all()
# if some shop is returned, then use it in the queryset
# custom shop providers can return no shop and then
# all manufactures will be returned, like in marketplace environments
shop = get_shop(info.context)
if shop:
queryset = queryset.filter(shops=shop)
if search:
queryset = queryset.filter(name__icontains=search)
return queryset
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end", static("shuup-gdpr.css"))
user = request.user
if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"url": "/%s" % consent_page.url,
"accept_url": reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja", context=render_context)
)
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja", context=render_context)
)
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup-gdpr.js"))
def process_user(self, user_to_recover, request):
if (not user_to_recover.has_usable_password()
or not hasattr(user_to_recover, 'email')
or not user_to_recover.email):
return False
send_user_reset_password_email(
user=user_to_recover,
shop=get_shop(request),
reset_domain_url=request.build_absolute_uri("/"),
reset_url_name=self.recover_password_confirm_view_url_name,
token_generator=self.token_generator,
subject_template_name=self.subject_template_name,
email_template_name=self.email_template_name,
from_email=self.from_email)
return True
def media_upload(request, *args, **kwargs):
if not settings.SHUUP_CUSTOMER_INFORMATION_ALLOW_PICTURE_UPLOAD:
return HttpResponseForbidden()
shop = get_shop(request)
folder = get_or_create_folder(shop, "/contacts")
form = UploadImageForm(request.POST, request.FILES)
if form.is_valid():
filer_file = filer_image_from_upload(request, path=folder, upload_data=request.FILES['file'])
else:
error_messages = []
for validation_error in form.errors.as_data().get("file", []):
error_messages += validation_error.messages
return JsonResponse({"error": ", ".join([msg for msg in error_messages])}, status=400)
ensure_media_file(shop, filer_file)
return JsonResponse({"file": filer_file_to_json_dict(filer_file)})
def resolve_shop_products(self, info, search=None, **kwargs):
queryset = get_shop_product_queryset().filter(
product__variation_parent__isnull=True,
product__mode__in=(ProductMode.NORMAL,
ProductMode.VARIABLE_VARIATION_PARENT,
ProductMode.SIMPLE_VARIATION_PARENT,
ProductMode.PACKAGE_PARENT))
# if some shop is returned, then use it in the queryset
# custom shop providers can return no shop and then
# all manufactures will be returned, like in marketplace environments
shop = get_shop(info.context)
if shop:
queryset = queryset.filter(shop=shop)
if search:
queryset = queryset.filter(
product__translations__name__icontains=search)
return queryset
def add_gdpr_consent_resources(context, content):
# TODO: should we ignore admin urls?
view_class = getattr(context["view"], "__class__",
None) if context.get("view") else None
if not view_class or not context.get("request"):
return
shop = get_shop(context["request"])
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled
if not gdpr_settings.enabled:
return
# consent already added
# TODO: Should we check for changes and ask the consent again here?
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in context["request"].COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
from shuup.simple_cms.models import Page, PageType
gdpr_documents = Page.objects.visible(shop).filter(
page_type=PageType.GDPR_CONSENT_DOCUMENT)
render_context = {
"request": context["request"],
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
context=render_context))
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
add_resource(context, "head_end",
static("shuup_gdpr/shuup_gdpr_styles.css"))
def _set_shop(self, request):
"""
Set the shop here again, even if the ShuupCore already did it.
As we use this middleware alone in `refresh_on_user_change`, we should ensure the request shop.
"""
request.shop = get_shop(request)
def get_queryset(self):
return self.queryset.filter(shop=get_shop(self.request))
def process_request(self, request):
request.shop = get_shop(request)
if not request.shop:
raise ImproperlyConfigured(_("No shop!"))
def process_request(self, request):
request.shop = get_shop(request)
if not request.shop:
raise ImproperlyConfigured(_("No shop!"))
def get_queryset(self):
return self.queryset.filter(Q(shops=get_shop(self.request)) | Q(shops__isnull=True))
def _set_shop(self, request):
"""
Set the shop here again, even if the ShuupCore already did it.
As we use this middleware alone in `refresh_on_user_change`, we should ensure the request shop.
"""
request.shop = get_shop(request)
def get_queryset(self):
return self.queryset.filter(Q(shops=get_shop(self.request)) | Q(shops__isnull=True))
