def inner(request, *args, **kwargs):
if not request.user.is_superuser:
raise PermissionDenied("Admins must be Superusers")
elif not (request.user.is_verified() or settings.DEBUG):
# OTP has a decorator for this, but it bounces the user back to the
# login page - which will fail because the user is already logged in
raise PermissionDenied("Admins must have Two Factor Authentication enabled")
elif not request.is_elevated():
return redirect_to_elevate(request.get_full_path())
return func(request, *args, **kwargs)
def inner(request, *args, **kwargs):
if not request.user.is_superuser:
raise PermissionDenied("Admins must be Superusers")
elif not (request.user.is_verified() or settings.DEBUG):
# OTP has a decorator for this, but it bounces the user back to the
# login page - which will fail because the user is already logged in
raise PermissionDenied(
"Admins must have Two Factor Authentication enabled")
elif not request.is_elevated():
return redirect_to_elevate(request.get_full_path())
return func(request, *args, **kwargs)
def test_redirect_to_elevate_custom_url(self):
response = redirect_to_elevate('/foo', '/lolelevate/')
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'], '/lolelevate/?next=/foo')
def test_redirect_to_elevate_with_querystring(self):
response = redirect_to_elevate('/foo?foo=bar')
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'], '/elevate/?next=/foo%3Ffoo%3Dbar')
def test_redirect_to_elevate_simple(self):
response = redirect_to_elevate('/foo')
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'], '/elevate/?next=/foo')
def inner(request, *args, **kwargs):
if not request.is_elevated():
return redirect_to_elevate(request.get_full_path())
return func(request, *args, **kwargs)
