def _checklogin(request, api_format="json", *args, **kwargs):
if request.user.is_authenticated():
response = view_func(request, *args, **kwargs)
else:
response = WebAPIResponseError(request, NOT_LOGGED_IN)
if isinstance(response, WebAPIResponse):
response.api_format = api_format
return response
def _checkpermissions(*args, **kwargs):
request = _find_httprequest(args)
if not request.user.is_authenticated():
response = WebAPIResponseError(request, NOT_LOGGED_IN)
elif not request.user.has_perm(perm):
response = WebAPIResponseError(request, PERMISSION_DENIED)
else:
response = view_func(*args, **kwargs)
return response
def _checkpermissions(request, api_format="json", *args, **kwargs):
if not request.user.is_authenticated():
response = WebAPIResponseError(request, NOT_LOGGED_IN)
elif not request.user.has_perm(perm):
response = WebAPIResponseError(request, PERMISSION_DENIED)
else:
response = view_func(request, *args, **kwargs)
if isinstance(response, WebAPIResponse):
response.api_format = api_format
return response
def _checkpermissions(*args, **kwargs):
request = _find_httprequest(args)
if not request.user.is_authenticated():
response = WebAPIResponseError(request, NOT_LOGGED_IN)
elif not request.user.has_perm(perm):
response = WebAPIResponseError(request, PERMISSION_DENIED)
else:
response = view_func(*args, **kwargs)
if isinstance(response, WebAPIResponse):
response.api_format = kwargs.get('api_format', 'json')
return response
def _checklogin(*args, **kwargs):
request = _find_httprequest(args)
if request.user.is_authenticated():
return view_func(*args, **kwargs)
else:
return WebAPIResponseError(request, NOT_LOGGED_IN)
def _check(*args, **kwargs):
request = _find_httprequest(args)
local_site_name = kwargs.get('local_site_name', None)
if local_site_name:
try:
local_site = LocalSite.objects.get(name=local_site_name)
if not local_site.is_accessible_by(request.user):
if request.user.is_authenticated():
return WebAPIResponseError(request, PERMISSION_DENIED)
else:
return WebAPIResponseError(request, NOT_LOGGED_IN)
except LocalSite.DoesNotExist:
return WebAPIResponseError(request, DOES_NOT_EXIST)
return view_func(*args, **kwargs)
def _checklogin(*args, **kwargs):
from djblets.webapi.auth import basic_access_login
request = _find_httprequest(args)
if not request.user.is_authenticated():
# See if the request contains authentication tokens
if 'HTTP_AUTHORIZATION' in request.META:
basic_access_login(request)
if request.user.is_authenticated():
response = view_func(*args, **kwargs)
else:
response = WebAPIResponseError(request, NOT_LOGGED_IN)
if isinstance(response, WebAPIResponse):
response.api_format = kwargs.get('api_format', 'json')
return response
def account_login(request, *args, **kwargs):
username = request.POST.get('username', None)
password = request.POST.get('password', None)
user = auth.authenticate(username=username, password=password)
if not user or not user.is_active:
return WebAPIResponseError(request, LOGIN_FAILED)
auth.login(request, user)
return WebAPIResponse(request)
def __call__(self, request, api_format=None, *args, **kwargs):
"""Invokes the correct HTTP handler based on the type of request."""
check_login(request)
method = request.method
if method == 'POST':
# Not all clients can do anything other than GET or POST.
# So, in the case of POST, we allow overriding the method
# used.
method = request.POST.get('_method', kwargs.get('_method', method))
elif method == 'PUT':
# Normalize the PUT data so we can get to it.
# This is due to Django's treatment of PUT vs. POST. They claim
# that PUT, unlike POST, is not necessarily represented as form
# data, so they do not parse it. However, that gives us no clean way
# of accessing the data. So we pretend it's POST for a second in
# order to parse.
#
# This must be done only for legitimate PUT requests, not faked
# ones using ?method=PUT.
try:
request.method = 'POST'
request._load_post_and_files()
request.method = 'PUT'
except AttributeError:
request.META['REQUEST_METHOD'] = 'POST'
request._load_post_and_files()
request.META['REQUEST_METHOD'] = 'PUT'
request.PUT = request.POST
if method in self.allowed_methods:
if (method == "GET" and
not self.singleton and
(self.uri_object_key is None or
self.uri_object_key not in kwargs)):
view = self.get_list
else:
view = getattr(self, self.method_mapping.get(method, None))
else:
view = None
if view and callable(view):
result = view(request, api_format=api_format, *args, **kwargs)
if isinstance(result, WebAPIResponse):
return result
elif isinstance(result, WebAPIError):
return WebAPIResponseError(request, err=result,
api_format=api_format)
elif isinstance(result, tuple):
headers = {}
if method == 'GET':
request_params = request.GET
else:
request_params = request.POST
if len(result) == 3:
headers = result[2]
if 'Location' in headers:
extra_querystr = '&'.join([
'%s=%s' % (param, request_params[param])
for param in SPECIAL_PARAMS
if param in request_params
])
if extra_querystr:
if '?' in headers['Location']:
headers['Location'] += '&' + extra_querystr
else:
headers['Location'] += '?' + extra_querystr
if isinstance(result[0], WebAPIError):
return WebAPIResponseError(request,
err=result[0],
headers=headers,
extra_params=result[1],
api_format=api_format)
else:
return WebAPIResponse(request,
status=result[0],
obj=result[1],
headers=headers,
api_format=api_format)
elif isinstance(result, HttpResponse):
return result
else:
raise AssertionError(result)
else:
return HttpResponseNotAllowed(self.allowed_methods)