def check_hijack_decorator_importable(app_configs, **kwargs): errors = [] decorator = hijack_settings.HIJACK_DECORATOR try: if decorator != 'django.contrib.admin.views.decorators.staff_member_required': import_string(decorator) except ImportError: errors.append( Error( 'Setting HIJACK_DECORATOR cannot be imported', hint=None, obj=decorator, id='hijack.E003', )) return errors
def check_custom_authorization_check_importable(app_configs, **kwargs): errors = [] authorization_check = hijack_settings.HIJACK_AUTHORIZATION_CHECK try: if authorization_check != staff_member_required: import_string(authorization_check) except ImportError: errors.append( Error( 'Setting HIJACK_AUTHORIZATION_CHECK cannot be imported', hint=None, obj=authorization_check, id='hijack.E002', )) return errors
def is_authorized(hijack, hijacked): ''' Evaluates the authorization check specified in settings ''' authorization_check = import_string( hijack_settings.HIJACK_AUTHORIZATION_CHECK) return authorization_check(hijack, hijacked)
def check_hijack_decorator_importable(app_configs, **kwargs): errors = [] decorator = hijack_settings.HIJACK_DECORATOR try: if decorator != 'django.contrib.admin.views.decorators.staff_member_required': import_string(decorator) except ImportError: errors.append( Error( 'Setting HIJACK_DECORATOR cannot be imported', hint=None, obj=decorator, id='hijack.E003', ) ) return errors
def check_custom_authorization_check_importable(app_configs, **kwargs): errors = [] authorization_check = hijack_settings.HIJACK_AUTHORIZATION_CHECK try: if authorization_check != staff_member_required: import_string(authorization_check) except ImportError: errors.append( Error( 'Setting HIJACK_AUTHORIZATION_CHECK cannot be imported', hint=None, obj=authorization_check, id='hijack.E002', ) ) return errors
def test_custom_authorization_check(self): for custom_check_path in [ 'hijack.tests.test_app.authorization_checks.can_hijack_default', 'hijack.tests.test_app.authorization_checks.everybody_can_hijack', 'hijack.tests.test_app.authorization_checks.nobody_can_hijack', ]: with SettingsOverride(hijack_settings, HIJACK_AUTHORIZATION_CHECK=custom_check_path): custom_check = import_string(custom_check_path) for hijacker, hijacked in [ (self.superuser, self.superuser), (self.superuser, self.staff_user), (self.superuser, self.user), (self.staff_user, self.superuser), (self.staff_user, self.staff_user), (self.staff_user, self.user), (self.user, self.superuser), (self.user, self.staff_user), (self.user, self.user), ]: self.assertEqual(custom_check(hijacker, hijacked), is_authorized(hijacker, hijacked))
def test_custom_authorization_check(self): for custom_check_path in [ 'hijack.tests.test_app.authorization_checks.can_hijack_default', 'hijack.tests.test_app.authorization_checks.everybody_can_hijack', 'hijack.tests.test_app.authorization_checks.nobody_can_hijack', ]: with SettingsOverride( hijack_settings, HIJACK_AUTHORIZATION_CHECK=custom_check_path): custom_check = import_string(custom_check_path) for hijacker, hijacked in [ (self.superuser, self.superuser), (self.superuser, self.staff_user), (self.superuser, self.user), (self.staff_user, self.superuser), (self.staff_user, self.staff_user), (self.staff_user, self.user), (self.user, self.superuser), (self.user, self.staff_user), (self.user, self.user), ]: self.assertEqual(custom_check(hijacker, hijacked), is_authorized(hijacker, hijacked))
def can_hijack(hijacker, hijacked): check_authorization = import_string( hijack_settings.HIJACK_AUTHORIZATION_CHECK) return check_authorization(hijacker, hijacked)
def is_authorized(hijack, hijacked): ''' Evaluates the authorization check specified in settings ''' authorization_check = import_string(hijack_settings.HIJACK_AUTHORIZATION_CHECK) return authorization_check(hijack, hijacked)
def can_hijack(hijacker, hijacked): check_authorization = import_string(hijack_settings.HIJACK_AUTHORIZATION_CHECK) return check_authorization(hijacker, hijacked)
def get_can_hijack_function(): func_dotted_path = getattr(settings, 'CUSTOM_HIJACK_HANDLER', None) can_hijack_func = import_string(func_dotted_path) if func_dotted_path else can_hijack return can_hijack_func
def hijack_decorator(fn): decorator = import_string(hijack_settings.HIJACK_DECORATOR) return decorator(fn)
def get_can_hijack_function(): func_dotted_path = getattr(settings, 'CUSTOM_HIJACK_HANDLER', None) can_hijack_func = import_string( func_dotted_path) if func_dotted_path else can_hijack return can_hijack_func
def hijack_decorator(fn): """ Apply customizable decorator to sensitive methods. Default: staff_member_required """ decorator = import_string(hijack_settings.HIJACK_DECORATOR) return decorator(fn)