Exemple #1
0
    def check_object_permissions(self, request, obj):
        """
        Check if the request should be permitted for a given object.
        Raises an appropriate exception if the request is not permitted.

        Calls DRF implementation, but adds `is_disabled_by_developer` and
        `is_disabled_by_mozilla` to the exception being thrown so that clients
        can tell the difference between a 401/403 returned because an add-on
        has been disabled by their developer or something else.
        """
        for restriction in self.get_georestrictions():
            if not restriction.has_object_permission(request, self, obj):
                raise UnavailableForLegalReasons()

        try:
            super(AddonViewSet, self).check_object_permissions(request, obj)
        except exceptions.APIException as exc:
            # Override exc.detail with a dict so that it's returned as-is in
            # the response. The base implementation for exc.get_codes() does
            # not expect dicts in that format, so override it as well with a
            # lambda that returns what would have been returned before our
            # changes.
            codes = exc.get_codes()
            exc.get_codes = lambda: codes
            exc.detail = {
                'detail': exc.detail,
                'is_disabled_by_developer': obj.disabled_by_user,
                'is_disabled_by_mozilla': obj.status == amo.STATUS_DISABLED,
            }
            raise exc
Exemple #2
0
 def check_permissions(self, request):
     for restriction in self.get_georestrictions():
         if not restriction.has_permission(request, self):
             raise UnavailableForLegalReasons()
     if self.action in ('create', 'update', 'partial_update'):
         self.permission_classes = self.write_permission_classes
     super().check_permissions(request)
Exemple #3
0
    def check_object_permissions(self, request, obj):
        """
        Check if the request should be permitted for a given object.
        Raises an appropriate exception if the request is not permitted.

        Calls DRF implementation, but adds `is_disabled_by_developer` and
        `is_disabled_by_mozilla` to the exception being thrown so that clients
        can tell the difference between a 401/403 returned because an add-on
        has been disabled by their developer or something else.

        On top of this, can also raise a 451 if the add-on is not available
        because of regional restrictions - no additional detail is available
        in that case.
        """
        try:
            super(AddonViewSet, self).check_object_permissions(request, obj)
        except exceptions.APIException as exc:
            # Override exc.detail with a dict so that it's returned as-is in
            # the response. The base implementation for exc.get_codes() does
            # not expect dicts in that format, so override it as well with a
            # lambda that returns what would have been returned before our
            # changes.
            codes = exc.get_codes()
            exc.get_codes = lambda: codes
            exc.detail = {
                'detail': exc.detail,
                'is_disabled_by_developer': obj.disabled_by_user,
                'is_disabled_by_mozilla': obj.status == amo.STATUS_DISABLED,
            }
            raise exc
        region_code = (
            self.request and self.request.META.get(
                'HTTP_X_COUNTRY_CODE', None))
        if region_code and AddonRegionalRestrictions.objects.filter(
                addon=obj,
                excluded_regions__contains=region_code.upper()).exists():
            raise UnavailableForLegalReasons()
Exemple #4
0
    def check_permissions(self, request):
        for restriction in self.get_georestrictions():
            if not restriction.has_permission(request, self):
                raise UnavailableForLegalReasons()

        super().check_permissions(request)