Exemple #1
0
    def dispatch(self, request, *args, **kwargs):

        if not request.user.is_authenticated():
            if not self.community.is_public:
                return redirect_to_login(request.build_absolute_uri())

        if hasattr(self, 'get_required_permission'):
            perm = self.get_required_permission()
        else:
            perm = self.required_permission or "communities.access_community"

        if not has_community_perm(request.user, self.community, perm):
            if settings.DEBUG:
                return HttpResponseForbidden("403 %s" % perm)
            return HttpResponseForbidden("403 Unauthorized")

        if request.method == "POST":
            if hasattr(self, 'get_required_permission_for_post'):
                perm = self.get_required_permission_for_post()
            else:
                perm = self.required_permission_for_post or "communities.access_community"

            if not has_community_perm(request.user, self.community, perm):
                if settings.DEBUG:
                    return HttpResponseForbidden("403 POST %s" % perm)
                return HttpResponseForbidden("403 Unauthorized")

        resp = super(ProtectedMixin, self).dispatch(request, *args, **kwargs)

        # Disable client side cache
        resp['Expires'] = '0'
        resp['Pragma'] = 'no-cache'
        resp['Cache-Control'] = 'no-cache, no-store, must-revalidate'

        return resp
Exemple #2
0
    def dispatch(self, request, *args, **kwargs):

        if not request.user.is_authenticated():
            if not self.community.is_public:
                return redirect_to_login(request.build_absolute_uri())

        if hasattr(self, 'get_required_permission'):
            perm = self.get_required_permission()
        else:
            perm = self.required_permission or "communities.access_community"

        if not has_community_perm(request.user, self.community, perm):
            if settings.DEBUG:
                return HttpResponseForbidden("403 %s" % perm)
            return HttpResponseForbidden("403 Unauthorized")

        if request.method == "POST":
            if hasattr(self, 'get_required_permission_for_post'):
                perm = self.get_required_permission_for_post()
            else:
                perm = self.required_permission_for_post or "communities.access_community"

            if not has_community_perm(request.user, self.community, perm):
                if settings.DEBUG:
                    return HttpResponseForbidden("403 POST %s" % perm)
                return HttpResponseForbidden("403 Unauthorized")

        resp = super(ProtectedMixin, self).dispatch(request, *args, **kwargs)

        # Disable client side cache
        resp['Expires'] = '0'
        resp['Pragma'] = 'no-cache'
        resp['Cache-Control'] = 'no-cache, no-store, must-revalidate'

        return resp
Exemple #3
0
    def get(self, request, *args, **kwargs):
        if (
            not has_community_perm(request.user, self.community, "communities.viewupcoming_draft")
            and not self.community.upcoming_meeting_is_published
        ):
            try:
                last_meeting = Meeting.objects.filter(community=self.community).latest("held_at")
                return HttpResponseRedirect(
                    reverse("meeting", kwargs={"community_id": self.community.id, "pk": last_meeting.id})
                )
            except Meeting.DoesNotExist:
                pass

        return super(UpcomingMeetingView, self).get(request, *args, **kwargs)
Exemple #4
0
    def get(self, request, *args, **kwargs):
        if not has_community_perm(request.user, self.community, 
                                  'communities.viewupcoming_draft') \
           and not self.community.upcoming_meeting_is_published:
            try:
                last_meeting = Meeting.objects.filter(community=self.community) \
                                                       .latest('held_at') 
                return HttpResponseRedirect(reverse('meeting', 
                                            kwargs={
                                           'community_id': self.community.id, 
                                           'pk': last_meeting.id})) 
            except Meeting.DoesNotExist:
                pass

        return super(UpcomingMeetingView, self).get(request, *args, **kwargs)
Exemple #5
0
    def get(self, request, *args, **kwargs):
        if not has_community_perm(request.user, self.community,
                                  'communities.viewupcoming_draft') \
                and not self.community.upcoming_meeting_is_published:
            try:
                last_meeting = Meeting.objects.filter(community=self.community) \
                    .latest('held_at')
                return HttpResponseRedirect(
                    reverse('meeting',
                            kwargs={
                                'community_id': self.community.id,
                                'pk': last_meeting.id
                            }))
            except Meeting.DoesNotExist:
                pass

        return super(UpcomingMeetingView, self).get(request, *args, **kwargs)
Exemple #6
0
 def _can_complete_task(self):
     o = self.get_object()
     if self.request.user == o.assigned_to_user:
         return True
     return has_community_perm(self.request.user, self.community,
                               'issues.edittask_proposal')
Exemple #7
0
 def _can_complete_task(self):
     o = self.get_object()
     if self.request.user == o.assigned_to_user:
         return True
     return has_community_perm(self.request.user, self.community,
                               'issues.edittask_proposal')