def wrapper(request, username, slug, *args, **kw):
collection = get_collection(request, username, slug)
if acl.check_collection_ownership(request, collection,
require_owner=require_owner):
return func(request, collection, username, slug, *args, **kw)
else:
raise PermissionDenied
def wrapper(request, username, slug, *args, **kw):
collection = get_collection(request, username, slug)
if acl.check_collection_ownership(request, collection,
require_owner=require_owner):
return func(request, collection, username, slug, *args, **kw)
else:
raise PermissionDenied
def collection_detail(request, username, slug):
collection = get_collection(request, username, slug)
if not collection.listed:
if not request.user.is_authenticated():
return redirect_for_login(request)
if not acl.check_collection_ownership(request, collection):
raise PermissionDenied
base = Addon.objects.valid() & collection.addons.all()
filter = CollectionAddonFilter(request, base,
key='sort', default='popular')
notes = get_notes(collection)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(
Addon.objects.all().valid_q(
amo.VALID_ADDON_STATUSES, prefix='addon__'),
collection=collection.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {
'view_stats': acl.check_ownership(
request, collection, require_owner=False),
}
tags = Tag.objects.filter(
id__in=collection.top_tags) if collection.top_tags else []
return render_cat(request, 'bandwagon/collection_detail.html',
{'collection': collection, 'filter': filter,
'addons': addons, 'notes': notes,
'tags': tags, 'user_perms': user_perms})
def collection_detail(request, username, slug):
collection = get_collection(request, username, slug)
if not collection.listed:
if not request.user.is_authenticated:
return redirect_for_login(request)
if not acl.check_collection_ownership(request, collection):
raise PermissionDenied
base = Addon.objects.valid() & collection.addons.all()
filter = CollectionAddonFilter(request, base,
key='sort', default='popular')
notes = get_notes(collection)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(
Addon.objects.all().valid_q(
amo.VALID_ADDON_STATUSES, prefix='addon__'),
collection=collection.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {
'view_stats': acl.check_ownership(
request, collection, require_owner=False),
}
tags = Tag.objects.filter(
id__in=collection.top_tags) if collection.top_tags else []
return render_cat(request, 'bandwagon/collection_detail.html',
{'collection': collection, 'filter': filter,
'addons': addons, 'notes': notes,
'tags': tags, 'user_perms': user_perms})
def get_object(self, request, username, slug):
self.request = request
c = views.get_collection(request, username, slug)
if not (c.listed or acl.check_collection_ownership(request, c)):
# 403 can't be raised as an exception.
raise http.Http404()
return c
def get_object(self, request, username, slug):
self.request = request
c = views.get_collection(request, username, slug)
if not (c.listed or acl.check_collection_ownership(request, c)):
# 403 can't be raised as an exception.
raise http.Http404()
return c
def check_ownership(self, request, require_owner, require_author,
ignore_disabled, admin):
"""
Used by acl.check_ownership to see if request.user has permissions for
the collection.
"""
from olympia.access import acl
return acl.check_collection_ownership(request, self, require_owner)
def check_ownership(self, request, require_owner, require_author,
ignore_disabled, admin):
"""
Used by acl.check_ownership to see if request.user has permissions for
the collection.
"""
from olympia.access import acl
return acl.check_collection_ownership(request, self, require_owner)
def collection_detail_json(request, username, slug):
c = get_collection(request, username, slug)
if not (c.listed or acl.check_collection_ownership(request, c)):
raise PermissionDenied
# We evaluate the QuerySet with `list` to work around bug 866454.
addons_dict = [addon_to_dict(a) for a in list(c.addons.valid())]
return {
'name': c.name,
'url': c.get_abs_url(),
'iconUrl': c.icon_url,
'addons': addons_dict
}
def edit(request, collection, username, slug):
is_admin = acl.action_allowed(request, amo.permissions.COLLECTIONS_EDIT)
if not acl.check_collection_ownership(
request, collection, require_owner=True):
if request.method == 'POST':
raise PermissionDenied
form = None
elif request.method == 'POST':
initial = initial_data_from_request(request)
if collection.author_id: # Don't try to change the author.
initial['author'] = collection.author
form = forms.CollectionForm(request.POST,
request.FILES,
initial=initial,
instance=collection)
if form.is_valid():
collection = form.save()
collection_message(request, collection, 'update')
log.info(u'%s edited collection %s' %
(request.user, collection.id))
return http.HttpResponseRedirect(collection.edit_url())
else:
form = forms.CollectionForm(instance=collection)
qs = (CollectionAddon.objects.using('default').filter(
collection=collection))
meta = {c.addon_id: c for c in qs}
addons = collection.addons.all()
comments = get_notes(collection, raw=True).next()
if is_admin:
initial = {
'type': collection.type,
'application': collection.application
}
admin_form = forms.AdminForm(initial=initial)
else:
admin_form = None
data = {
'collection': collection,
'form': form,
'username': username,
'slug': slug,
'meta': meta,
'filter': get_filter(request),
'is_admin': is_admin,
'admin_form': admin_form,
'addons': addons,
'comments': comments
}
return render_cat(request, 'bandwagon/edit.html', data)
def collection_detail_json(request, username, slug):
collection = get_collection(request, username, slug)
if not (collection.listed
or acl.check_collection_ownership(request, collection)):
raise PermissionDenied
# We evaluate the QuerySet with `list` to work around bug 866454.
addons_dict = [addon_to_dict(a) for a in list(collection.addons.valid())]
return {
'name': collection.name,
'url': collection.get_abs_url(),
'addons': addons_dict
}
def collection_detail(request, username, slug):
collection = get_collection(request, username, slug)
if not collection.listed:
if not request.user.is_authenticated():
return redirect_for_login(request)
if not acl.check_collection_ownership(request, collection):
raise PermissionDenied
if request.GET.get('format') == 'rss':
return http.HttpResponsePermanentRedirect(collection.feed_url())
base = Addon.objects.valid() & collection.addons.all()
filter = CollectionAddonFilter(request,
base,
key='sort',
default='popular')
notes = get_notes(collection)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(Addon.objects.all().valid_q(
amo.VALID_ADDON_STATUSES, prefix='addon__'),
collection=collection.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# The add-on query is not related to the collection, so we need to manually
# hook them up for invalidation. Bonus: count invalidation.
keys = [addons.object_list.flush_key(), count.flush_key()]
caching.invalidator.add_to_flush_list({collection.flush_key(): keys})
if collection.author_id:
qs = Collection.objects.listed().filter(author=collection.author)
others = amo.utils.randslice(qs, limit=4, exclude=collection.id)
else:
others = []
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {
'view_stats':
acl.check_ownership(request, collection, require_owner=False),
}
tags = Tag.objects.filter(
id__in=collection.top_tags) if collection.top_tags else []
return render_cat(
request, 'bandwagon/collection_detail.html', {
'collection': collection,
'filter': filter,
'addons': addons,
'notes': notes,
'author_collections': others,
'tags': tags,
'user_perms': user_perms
})
def edit(request, collection, username, slug):
is_admin = acl.action_allowed(request, amo.permissions.COLLECTIONS_EDIT)
if not acl.check_collection_ownership(
request, collection, require_owner=True):
if request.method == 'POST':
raise PermissionDenied
form = None
elif request.method == 'POST':
initial = initial_data_from_request(request)
if collection.author_id: # Don't try to change the author.
initial['author'] = collection.author
form = forms.CollectionForm(request.POST, request.FILES,
initial=initial,
instance=collection)
if form.is_valid():
collection = form.save()
collection_message(request, collection, 'update')
log.info(u'%s edited collection %s' %
(request.user, collection.id))
return http.HttpResponseRedirect(collection.edit_url())
else:
form = forms.CollectionForm(instance=collection)
qs = (CollectionAddon.objects.using('default')
.filter(collection=collection))
meta = {c.addon_id: c for c in qs}
addons = collection.addons.all()
comments = get_notes(collection, raw=True).next()
if is_admin:
initial = {
'type': collection.type,
'application': collection.application
}
admin_form = forms.AdminForm(initial=initial)
else:
admin_form = None
data = {
'collection': collection,
'form': form,
'username': username,
'slug': slug,
'meta': meta,
'filter': get_filter(request),
'is_admin': is_admin,
'admin_form': admin_form,
'addons': addons,
'comments': comments
}
return render_cat(request, 'bandwagon/edit.html', data)
def edit(request, collection, username, slug):
is_admin = acl.action_allowed(request, 'Collections', 'Edit')
if not acl.check_collection_ownership(
request, collection, require_owner=True):
if request.method == 'POST':
raise PermissionDenied
form = None
elif request.method == 'POST':
initial = initial_data_from_request(request)
if collection.author_id: # Don't try to change the author.
initial['author'] = collection.author
form = forms.CollectionForm(request.POST,
request.FILES,
initial=initial,
instance=collection)
if form.is_valid():
collection = form.save()
collection_message(request, collection, 'update')
log.info(u'%s edited collection %s' %
(request.user, collection.id))
return http.HttpResponseRedirect(collection.edit_url())
else:
form = forms.CollectionForm(instance=collection)
qs = (CollectionAddon.objects.no_cache().using('default').filter(
collection=collection))
meta = dict((c.addon_id, c) for c in qs)
addons = collection.addons.no_cache().all()
comments = get_notes(collection, raw=True).next()
if is_admin:
initial = dict(type=collection.type,
application=collection.application)
admin_form = forms.AdminForm(initial=initial)
else:
admin_form = None
data = dict(collection=collection,
form=form,
username=username,
slug=slug,
meta=meta,
filter=get_filter(request),
is_admin=is_admin,
admin_form=admin_form,
addons=addons,
comments=comments)
return render_cat(request, 'bandwagon/edit.html', data)
def edit(request, collection, username, slug):
is_admin = acl.action_allowed(request, 'Collections', 'Edit')
if not acl.check_collection_ownership(
request, collection, require_owner=True):
if request.method == 'POST':
raise PermissionDenied
form = None
elif request.method == 'POST':
initial = initial_data_from_request(request)
if collection.author_id: # Don't try to change the author.
initial['author'] = collection.author
form = forms.CollectionForm(request.POST, request.FILES,
initial=initial,
instance=collection)
if form.is_valid():
collection = form.save()
collection_message(request, collection, 'update')
log.info(u'%s edited collection %s' %
(request.user, collection.id))
return http.HttpResponseRedirect(collection.edit_url())
else:
form = forms.CollectionForm(instance=collection)
qs = (CollectionAddon.objects.no_cache().using('default')
.filter(collection=collection))
meta = dict((c.addon_id, c) for c in qs)
addons = collection.addons.no_cache().all()
comments = get_notes(collection, raw=True).next()
if is_admin:
initial = dict(type=collection.type,
application=collection.application)
admin_form = forms.AdminForm(initial=initial)
else:
admin_form = None
data = dict(collection=collection,
form=form,
username=username,
slug=slug,
meta=meta,
filter=get_filter(request),
is_admin=is_admin,
admin_form=admin_form,
addons=addons,
comments=comments)
return render_cat(request, 'bandwagon/edit.html', data)
def collection_detail(request, username, slug):
collection = get_collection(request, username, slug)
if not collection.listed:
if not request.user.is_authenticated():
return redirect_for_login(request)
if not acl.check_collection_ownership(request, collection):
raise PermissionDenied
if request.GET.get('format') == 'rss':
return http.HttpResponsePermanentRedirect(collection.feed_url())
base = Addon.objects.valid() & collection.addons.all()
filter = CollectionAddonFilter(request, base,
key='sort', default='popular')
notes = get_notes(collection)
# Go directly to CollectionAddon for the count to avoid joins.
count = CollectionAddon.objects.filter(
Addon.objects.all().valid_q(
amo.VALID_ADDON_STATUSES, prefix='addon__'),
collection=collection.id)
addons = paginate(request, filter.qs, per_page=15, count=count.count())
# The add-on query is not related to the collection, so we need to manually
# hook them up for invalidation. Bonus: count invalidation.
keys = [addons.object_list.flush_key(), count.flush_key()]
caching.invalidator.add_to_flush_list({collection.flush_key(): keys})
if collection.author_id:
qs = Collection.objects.listed().filter(author=collection.author)
others = amo.utils.randslice(qs, limit=4, exclude=collection.id)
else:
others = []
# `perms` is defined in django.contrib.auth.context_processors. Gotcha!
user_perms = {
'view_stats': acl.check_ownership(
request, collection, require_owner=False),
}
tags = Tag.objects.filter(
id__in=collection.top_tags) if collection.top_tags else []
return render_cat(request, 'bandwagon/collection_detail.html',
{'collection': collection, 'filter': filter,
'addons': addons, 'notes': notes,
'author_collections': others, 'tags': tags,
'user_perms': user_perms})
def change_addon(request, collection, action):
if not acl.check_collection_ownership(request, collection):
raise PermissionDenied
try:
addon = get_object_or_404(Addon.objects, pk=request.POST['addon_id'])
except (ValueError, KeyError):
return http.HttpResponseBadRequest()
getattr(collection, action + '_addon')(addon)
log.info(u'%s: %s %s to collection %s' %
(request.user, action, addon.id, collection.id))
if request.is_ajax():
url = '%s?addon_id=%s' % (reverse('collections.ajax_list'), addon.id)
else:
url = collection.get_url_path()
return http.HttpResponseRedirect(url)
def change_addon(request, collection, action):
if not acl.check_collection_ownership(request, collection):
raise PermissionDenied
try:
addon = get_object_or_404(Addon.objects, pk=request.POST['addon_id'])
except (ValueError, KeyError):
return http.HttpResponseBadRequest()
getattr(collection, action + '_addon')(addon)
log.info(u'%s: %s %s to collection %s' %
(request.user, action, addon.id, collection.id))
if request.is_ajax():
url = '%s?addon_id=%s' % (reverse('collections.ajax_list'), addon.id)
else:
url = collection.get_url_path()
return http.HttpResponseRedirect(url)
def delete(request, user_id, slug):
collection = get_object_or_404(Collection, author_id=user_id, slug=slug)
if not acl.check_collection_ownership(request, collection, True):
log.info(u'%s is trying to delete collection %s' %
(request.user, collection.id))
raise PermissionDenied
data = dict(collection=collection, user_id=user_id, slug=slug)
if request.method == 'POST':
if request.POST['sure'] == '1':
collection.delete()
log.info(u'%s deleted collection %s' %
(request.user, collection.id))
url = reverse('collections.user', args=[user_id])
return http.HttpResponseRedirect(url)
else:
return http.HttpResponseRedirect(collection.get_url_path())
return render_cat(request, 'bandwagon/delete.html', data)
def delete(request, username, slug):
collection = get_object_or_404(Collection, author__username=username,
slug=slug)
if not acl.check_collection_ownership(request, collection, True):
log.info(u'%s is trying to delete collection %s'
% (request.user, collection.id))
raise PermissionDenied
data = dict(collection=collection, username=username, slug=slug)
if request.method == 'POST':
if request.POST['sure'] == '1':
collection.delete()
log.info(u'%s deleted collection %s' %
(request.user, collection.id))
url = reverse('collections.user', args=[username])
return http.HttpResponseRedirect(url)
else:
return http.HttpResponseRedirect(collection.get_url_path())
return render_cat(request, 'bandwagon/delete.html', data)
