def test_apply_to_class_based_view(self): @self.registry.register(allow_anonymous=True) def can_do_things(user): return user.can_do_things @self.registry.require('can_do_things') class View(object): def dispatch(self, req): return getattr(self, req.method.lower())(req) def get(self, req): pass self.assertEqual(View.dispatch.__name__, 'dispatch') request = self.request_factory.get('/things') request.user = User() request.user.can_do_things = True view = View() view.dispatch(request) request.user.can_do_things = False self.assertRaises(PermissionDenied, view.dispatch, request)
def dispatch(self, request, *args, **kwargs): if not ("supervisor_id" in request.POST or "activity" in request.FILES): return View.dispatch(self, request, *args, **kwargs) supervisor_id_value = request.POST["supervisor_id"] ': :type supervisor_id_value: str' if not (len(supervisor_id_value) == 7 and supervisor_id_value.isalnum()): return View.dispatch(self, request, *args, **kwargs) file = request.FILES["activity"] filename = file.name ': :type filename: str' filename_match = re.fullmatch(r'next_(?P<interval>\d+)\.jpg', filename) if filename_match is None or not (1 <= int( filename_match.group('interval')) <= 600000): return View.dispatch(self, request, *args, **kwargs) # TODO: Use chunks? activity_value = file.read() ': :type activity_value: bytes' activity = Snap(filename, activity_value) supervisor_id = SupervisorId(supervisor_id_value) monitoring_service.track_activity(activity, supervisor_id) return redirect('/')
def dispatch(self, request, *args, **kwargs): # Authentication if not users.get_current_user().email() in settings.AUTHORIZED_USER: if not 'localhost' == request.META['SERVER_NAME']: if not 0 == len(settings.AUTHORIZED_USER): return HttpResponse(status=403) return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): if not self.has_permission(request, *args, **kwargs): if not request.user.is_authenticated(): path = request.get_full_path() return HttpResponseRedirect("%s?next=%s" % (settings.LOGIN_URL, path)) else: return render_to_forbidden(request) return _View.dispatch(self, request, *args, **kwargs)
def test_apply_to_class_based_view_with_model(self): @self.registry.register(model=Model, allow_anonymous=True) def can_do_stuff(user, instance): return user.can_do_stuff and instance is not None @self.registry.require('can_do_stuff') class View(object): def dispatch(self, req, model_id, *args, **kwargs): return getattr(self, req.method.lower())(req, model_id, *args, **kwargs) def get(self, req, model_id): return model_id request = self.request_factory.get('/stuff/1') request.user = User() request.user.can_do_stuff = True view = View() view.dispatch(request, 1) request.user.can_do_stuff = False self.assertRaises(PermissionDenied, view.dispatch, request, model_id=1)
def dispatch(self, request, *args, **kwargs): return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): # Give leader names and Gravatars to the public # (Gravatar URLs hash the email with MD5) return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): # api_key = ApiKey.authenticate(request, username=settings.USSD_USER_NAME) # if not api_key: # logger.error('Attempted call to API only view: {}.'.format(self.__class__.__name__)) # raise Http404() return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs): # base_queryset is equal to all orders the user is allowed to access self.set_base_queryset(request) return View.dispatch(self, request, *args, **kwargs)