def is_public_reports(view_kwargs, request):
return (
request.user.is_anonymous and
'domain' in view_kwargs and
request.path.startswith('/a/{}/reports/custom'.format(view_kwargs['domain'])) and
PUBLISH_CUSTOM_REPORTS.enabled(view_kwargs['domain'])
)
def apply_location_access(cls, request):
user = getattr(request, 'couch_user', None)
domain = getattr(request, 'domain', None)
if not domain or not user or not user.is_member_of(domain):
# This is probably some non-domain page or a test, let normal auth handle it
request.can_access_all_locations = True
elif (user.has_permission(domain, 'access_all_locations') or
(user.is_anonymous and PUBLISH_CUSTOM_REPORTS.enabled(domain))):
request.can_access_all_locations = True
else:
request.can_access_all_locations = False
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if not domain:
msg = _('The domain "{domain}" was not found.').format(domain=domain_name)
raise Http404(msg)
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _(
'The project space "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name)
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
couch_user = _ensure_request_couch_user(req)
if couch_user.is_member_of(domain):
# If the two factor toggle is on, require it for all users.
if (
_two_factor_required(view_func, domain, couch_user)
and not getattr(req, 'bypass_two_factor', False)
and not user.is_verified()
):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (
_page_is_whitelist(req.path, domain_name) or
not domain.restrict_superusers
) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name, *args, **kwargs)
elif couch_user.is_web_user() and domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (
req.path.startswith('/a/{}/reports/custom'.format(domain_name)) and
PUBLISH_CUSTOM_REPORTS.enabled(domain_name)
):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if domain:
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _((
'The domain "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name))
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
if hasattr(req, "couch_user"):
couch_user = req.couch_user # set by user middleware
else:
# some views might not have this set
couch_user = CouchUser.from_django_user(user)
if couch_user.is_member_of(domain):
if domain.two_factor_auth and not user.is_verified(
) and not couch_user.two_factor_disabled:
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (_page_is_whitelist(req.path, domain_name)
or not domain.restrict_superusers) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name,
*args, **kwargs)
elif domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (req.path.startswith(
u'/a/{}/reports/custom'.format(domain_name))
and PUBLISH_CUSTOM_REPORTS.enabled(domain_name)):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain})
return _redirect_for_login_or_domain(req, REDIRECT_FIELD_NAME,
login_url)
else:
msg = _(('The domain "{domain}" was not found.').format(
domain=domain_name))
raise Http404(msg)
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if not domain:
msg = _('The domain "{domain}" was not found.').format(
domain=domain_name)
raise Http404(msg)
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _(
'The project space "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name)
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
couch_user = _ensure_request_couch_user(req)
if couch_user.is_member_of(domain):
# If the two factor toggle is on, require it for all users.
if (_two_factor_required(view_func, domain, couch_user)
and not getattr(req, 'bypass_two_factor', False)
and not user.is_verified()):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (_page_is_whitelist(req.path, domain_name)
or not domain.restrict_superusers) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name, *args,
**kwargs)
elif couch_user.is_web_user() and domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (req.path.startswith('/a/{}/reports/custom'.format(domain_name))
and PUBLISH_CUSTOM_REPORTS.enabled(domain_name)):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
def apply_location_access(cls, request):
user = getattr(request, 'couch_user', None)
domain = getattr(request, 'domain', None)
if not domain or not user or not user.is_member_of(domain):
# This is probably some non-domain page or a test, let normal auth handle it
request.can_access_all_locations = True
elif (
user.has_permission(domain, 'access_all_locations') or (
isinstance(user, AnonymousCouchUser) and
PUBLISH_CUSTOM_REPORTS.enabled(domain)
)
):
request.can_access_all_locations = True
else:
request.can_access_all_locations = False
def process_view(self, request, view_fn, view_args, view_kwargs):
user = getattr(request, 'couch_user', None)
domain = getattr(request, 'domain', None)
if not domain or not user or not user.is_member_of(domain):
# This is probably some non-domain page or a test, let normal auth handle it
request.can_access_all_locations = True
elif (user.has_permission(domain, 'access_all_locations') or
(user.is_anonymous and PUBLISH_CUSTOM_REPORTS.enabled(domain))):
request.can_access_all_locations = True
else:
request.can_access_all_locations = False
if not is_location_safe(view_fn, request, view_args, view_kwargs):
return location_restricted_response(request)
elif not user.get_sql_location(domain):
return no_permissions(request,
message=RESTRICTED_USER_UNASSIGNED_MSG)
def _is_public_custom_report(request_path, domain_name):
return (request_path.startswith('/a/{}/reports/custom'.format(domain_name))
and PUBLISH_CUSTOM_REPORTS.enabled(domain_name))
