def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if not domain:
msg = _('The domain "{domain}" was not found.').format(domain=domain_name)
raise Http404(msg)
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _(
'The project space "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name)
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
couch_user = _ensure_request_couch_user(req)
if couch_user.is_member_of(domain):
# If the two factor toggle is on, require it for all users.
if (
_two_factor_required(view_func, domain, couch_user)
and not getattr(req, 'bypass_two_factor', False)
and not user.is_verified()
):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (
_page_is_whitelist(req.path, domain_name) or
not domain.restrict_superusers
) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name, *args, **kwargs)
elif couch_user.is_web_user() and domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (
req.path.startswith('/a/{}/reports/custom'.format(domain_name)) and
PUBLISH_CUSTOM_REPORTS.enabled(domain_name)
):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
def apply_location_access(cls, request):
user = getattr(request, 'couch_user', None)
domain = getattr(request, 'domain', None)
if not domain or not user or not user.is_member_of(domain):
# This is probably some non-domain page or a test, let normal auth handle it
request.can_access_all_locations = True
elif (
user.has_permission(domain, 'access_all_locations') or (
isinstance(user, AnonymousCouchUser) and
PUBLISH_CUSTOM_REPORTS.enabled(domain)
)
):
request.can_access_all_locations = True
else:
request.can_access_all_locations = False
def _is_public_custom_report(request_path, domain_name):
return (request_path.startswith('/a/{}/reports/custom'.format(domain_name))
and PUBLISH_CUSTOM_REPORTS.enabled(domain_name))
def is_public_reports(view_kwargs, request):
return (request.user.is_anonymous and 'domain' in view_kwargs
and request.path.startswith(u'/a/{}/reports/custom'.format(
view_kwargs['domain']))
and PUBLISH_CUSTOM_REPORTS.enabled(view_kwargs['domain']))