def wrapper(request, addon, *args, **kw): from mkt.submit.views import _resume if webapp: kw["webapp"] = addon.is_webapp() fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.check_reviewer(request): return fun() # Require an owner or dev for POST requests. if request.method == "POST": if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): if not skip_submit_check: try: # If it didn't go through the app submission # checklist. Don't die. This will be useful for # creating apps with an API later. step = addon.appsubmissionchecklist.get_next() except ObjectDoesNotExist: step = None # Redirect to the submit flow if they're not done. if not getattr(f, "submitting", False) and step: return _resume(addon, step) return fun() return http.HttpResponseForbidden()
def wrapper(request, addon, *args, **kw): from devhub.views import _resume if theme: kw['theme'] = addon.is_persona() elif addon.is_persona(): # Don't allow theme views if theme not passed in. raise http.Http404 fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.check_reviewer(request): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() raise PermissionDenied
def wrapper(request, addon, *args, **kw): from devhub.views import _resume if webapp: kw['webapp'] = addon.is_webapp() fun = lambda: f( request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.check_reviewer(request): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() raise PermissionDenied
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership( request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() # We treat blocked files like public files so users get the update. if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]: path = webapp.sign_if_packaged(file.version_id) else: # This is someone asking for an unsigned packaged app. if not acl.check_addon_ownership(request, webapp, dev=True): raise http.Http404() path = file.file_path log.info('Downloading package: %s from %s' % (webapp.id, path)) return HttpResponseSendFile(request, path, content_type='application/zip', etag=file.hash.split(':')[-1])
def wrapper(request, addon, *args, **kw): from mkt.submit.views import _resume if webapp: kw['webapp'] = addon.is_webapp() fun = lambda: f( request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors and acl.check_reviewer(request): return fun() if staff and (acl.action_allowed(request, 'Apps', 'Configure') or acl.action_allowed(request, 'Apps', 'ViewConfiguration')): return fun() if support: # Let developers and support people do their thangs. if (acl.check_addon_ownership(request, addon, support=True) or acl.check_addon_ownership(request, addon, dev=True)): return fun() else: # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): if not skip_submit_check: try: # If it didn't go through the app submission # checklist. Don't die. This will be useful for # creating apps with an API later. step = addon.appsubmissionchecklist.get_next() except ObjectDoesNotExist: step = None # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() return http.HttpResponseForbidden()
def setup_viewer(request, file_obj): data = { 'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': '' } if (acl.action_allowed(request, 'Editors', '%') or acl.check_addon_ownership(request, file_obj.version.addon, viewer=True, ignore_disabled=True)): data['validate_url'] = reverse( 'devhub.json_file_validation', args=[file_obj.version.addon.slug, file_obj.id]) if acl.action_allowed(request, 'Editors', '%'): data['file_link'] = { 'text': _('Back to review'), 'url': reverse('editors.review', args=[data['addon'].slug]) } else: data['file_link'] = { 'text': _('Back to addon'), 'url': reverse('addons.detail', args=[data['addon'].pk]) } return data
def owner_or_unlisted_reviewer(request, addon): return (acl.check_unlisted_addons_reviewer(request) or # We don't want "admins" here, because it includes anyone with the # "Addons:Edit" perm, we only want those with # "Addons:ReviewUnlisted" perm (which is checked above). acl.check_addon_ownership(request, addon, admin=False, dev=True, viewer=True, support=True))
def setup_viewer(request, file_obj): data = {'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': ''} if (acl.check_addons_reviewer(request) or acl.check_addon_ownership(request, file_obj.version.addon, viewer=True, ignore_disabled=True)): addon = file_obj.version.addon data['validate_url'] = reverse('devhub.json_file_validation', args=[addon.slug, file_obj.id]) if acl.check_addons_reviewer(request): data['annotate_url'] = reverse('devhub.annotate_file_validation', args=[addon.slug, file_obj.id]) data['automated_signing'] = file_obj.automated_signing if file_obj.has_been_validated: data['validation_data'] = file_obj.validation.processed_validation if acl.check_addons_reviewer(request): data['file_link'] = {'text': _('Back to review'), 'url': reverse('editors.review', args=[data['addon'].slug])} else: data['file_link'] = {'text': _('Back to addon'), 'url': reverse('addons.detail', args=[data['addon'].pk])} return data
def reply(request, addon, review_id): is_admin = acl.action_allowed(request, 'Addons', 'Edit') is_author = acl.check_addon_ownership(request, addon, dev=True) if not (is_admin or is_author): raise PermissionDenied review = get_object_or_404(Review.objects, pk=review_id, addon=addon) form = forms.ReviewReplyForm(request.POST or None) if request.method == 'POST' and form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for key, val in _review_details(request, addon, form).items(): setattr(reply, key, val) reply.save() action = 'New' if new else 'Edited' log.debug('%s reply to %s: %s' % (action, review_id, reply.id)) if new: reply_url = helpers.url('addons.reviews.detail', addon.slug, review.id, add_prefix=False) data = {'name': addon.name, 'reply_title': reply.title, 'reply': reply.body, 'reply_url': helpers.absolutify(reply_url)} emails = [review.user.email] sub = u'Mozilla Add-on Developer Reply: %s' % addon.name send_mail('reviews/emails/reply_review.ltxt', sub, emails, Context(data), 'reply') return redirect(helpers.url('addons.reviews.detail', addon.slug, review_id)) ctx = dict(review=review, form=form, addon=addon) return render(request, 'reviews/reply.html', ctx)
def setup_viewer(request, file_obj): data = {'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': ''} if (acl.check_reviewer(request) or acl.check_addon_ownership(request, file_obj.version.addon, viewer=True, ignore_disabled=True)): data['validate_url'] = reverse( 'mkt.developers.apps.json_file_validation', args=[file_obj.version.addon.app_slug, file_obj.id]) if acl.check_reviewer(request): data['file_link'] = {'text': _('Back to review'), 'url': reverse('reviewers.apps.review', args=[data['addon'].app_slug])} else: data['file_link'] = { 'text': _('Back to app'), 'url': reverse('detail', args=[data['addon'].pk]) } return data
def in_app_config(request, addon_id, addon, webapp=True): inapp = addon.premium_type in amo.ADDON_INAPPS if not inapp: messages.error(request, _('Your app is not configured for in-app payments.')) return redirect(reverse('mkt.developers.apps.payments', args=[addon.app_slug])) try: account = addon.app_payment_account except ObjectDoesNotExist: messages.error(request, _('No payment account for this app.')) return redirect(reverse('mkt.developers.apps.payments', args=[addon.app_slug])) seller_config = get_seller_product(account) owner = acl.check_addon_ownership(request, addon) if request.method == 'POST': # Reset the in-app secret for the app. (client.api.generic .product(seller_config['resource_pk']) .patch(data={'secret': generate_key(48)})) messages.success(request, _('Changes successfully saved.')) return redirect(reverse('mkt.developers.apps.in_app_config', args=[addon.app_slug])) return jingo.render(request, 'developers/payments/in-app-config.html', {'addon': addon, 'owner': owner, 'seller_config': seller_config})
def setup_viewer(request, file_obj): data = { "file": file_obj, "version": file_obj.version, "addon": file_obj.version.addon, "status": False, "selected": {}, "validate_url": "", } if acl.check_reviewer(request) or acl.check_addon_ownership( request, file_obj.version.addon, viewer=True, ignore_disabled=True ): data["validate_url"] = reverse( "mkt.developers.apps.json_file_validation", args=[file_obj.version.addon.app_slug, file_obj.id] ) if acl.check_reviewer(request): data["file_link"] = { "text": _("Back to review"), "url": reverse("reviewers.apps.review", args=[data["addon"].app_slug]), } else: data["file_link"] = {"text": _("Back to app"), "url": reverse("detail", args=[data["addon"].pk])} return data
def in_app_config(request, addon_id, addon, webapp=True): inapp = addon.premium_type in amo.ADDON_INAPPS if not inapp: messages.error(request, _("Your app is not configured for in-app payments.")) return redirect(reverse("mkt.developers.apps.payments", args=[addon.app_slug])) try: account = addon.app_payment_account except ObjectDoesNotExist: messages.error(request, _("No payment account for this app.")) return redirect(reverse("mkt.developers.apps.payments", args=[addon.app_slug])) seller_config = get_seller_product(account) owner = acl.check_addon_ownership(request, addon) if request.method == "POST": # Reset the in-app secret for the app. (client.api.generic.product(seller_config["resource_pk"]).patch(data={"secret": generate_key(48)})) messages.success(request, _("Changes successfully saved.")) return redirect(reverse("mkt.developers.apps.in_app_config", args=[addon.app_slug])) return jingo.render( request, "developers/payments/in-app-config.html", {"addon": addon, "owner": owner, "seller_config": seller_config}, )
def review_list(request, addon, review_id=None, user_id=None, rating=None): qs = Review.objects.valid().filter(addon=addon).order_by('-created') # Mature regions show only reviews from within that region. if not request.REGION.adolescent: qs = qs.filter(client_data__region=request.REGION.id) ctx = {'product': addon, 'score': rating, 'review_perms': {}} if review_id is not None: qs = qs.filter(pk=review_id) ctx['page'] = 'detail' elif user_id is not None: qs = qs.filter(user=user_id) ctx['page'] = 'user' if not qs: raise http.Http404() else: ctx['page'] = 'list' qs = qs.filter(is_latest=True) ctx['ratings'] = ratings = amo.utils.paginate(request, qs, 20) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.check_reviewer(request), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, ratings.object_list) ctx['has_review'] = addon.reviews.filter(user=request.user.id).exists() return jingo.render(request, 'ratings/listing.html', ctx)
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) # General case: addon is listed. if addon.is_listed: if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership( request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile( request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() else: if not owner_or_unlisted_reviewer(request, addon): raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def setup_viewer(request, file_obj): data = {'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': ''} if (acl.action_allowed(request, 'Editors', '%') or acl.check_addon_ownership(request, file_obj.version.addon, viewer=True, ignore_disabled=True)): data['validate_url'] = reverse('devhub.json_file_validation', args=[file_obj.version.addon.slug, file_obj.id]) if acl.action_allowed(request, 'Editors', '%'): data['file_link'] = {'text': _('Back to review'), 'url': reverse('editors.review', args=[data['addon'].slug])} else: data['file_link'] = {'text': _('Back to addon'), 'url': reverse('addons.detail', args=[data['addon'].pk])} return data
def reply(request, addon, review_id): is_admin = acl.action_allowed(request, "Admin", "EditAnyAddon") is_author = acl.check_addon_ownership(request, addon, dev=True) if not (is_admin or is_author): return http.HttpResponseForbidden() review = get_object_or_404(Review.objects, pk=review_id, addon=addon) form = forms.ReviewReplyForm(request.POST or None) if request.method == "POST": if form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for key, val in _review_details(request, addon, form).items(): setattr(reply, key, val) reply.save() action = "New" if new else "Edited" log.debug("%s reply to %s: %s" % (action, review_id, reply.id)) if new: data = { "name": addon.name, "reply_title": reply.title, "reply": reply.body, "reply_url": absolutify(reverse("reviews.detail", args=[addon.slug, review.id], add_prefix=False)), } emails = [review.user.email] if settings.IMPALA_EDIT: sub = u"Mozilla Add-on Developer Reply: %s" % addon.name send_mail("reviews/emails/reply_review.ltxt", sub, emails, Context(data), "reply") return redirect("reviews.detail", addon.slug, review_id) ctx = dict(review=review, form=form, addon=addon) ctx.update(flag_context()) return jingo.render(request, "reviews/reply.html", ctx)
def in_app_config(request, addon_id, addon, webapp=True): inapp = addon.premium_type in amo.ADDON_INAPPS if not inapp: messages.error(request, _('Your app is not configured for in-app payments.')) return redirect(reverse('mkt.developers.apps.payments', args=[addon.app_slug])) try: account = addon.app_payment_account except ObjectDoesNotExist: messages.error(request, _('No payment account for this app.')) return redirect(reverse('mkt.developers.apps.payments', args=[addon.app_slug])) seller_config = get_seller_product(account) owner = acl.check_addon_ownership(request, addon) if request.method == 'POST': # Reset the in-app secret for the app. (client.api.generic .product(seller_config['resource_pk']) .patch(data={'secret': generate_key(48)})) messages.success(request, _('Changes successfully saved.')) return redirect(reverse('mkt.developers.apps.in_app_config', args=[addon.app_slug])) return render(request, 'developers/payments/in-app-config.html', {'addon': addon, 'owner': owner, 'seller_config': seller_config})
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) # General case: addon is listed. if addon.is_listed: if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile( request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() else: if not owner_or_unlisted_reviewer(request, addon): raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def setup_viewer(request, file_obj): data = { 'file': file_obj, 'version': file_obj.version, 'addon': file_obj.version.addon, 'status': False, 'selected': {}, 'validate_url': '' } if (acl.check_reviewer(request) or acl.check_addon_ownership( request, file_obj.version.addon, viewer=True, ignore_disabled=True)): data['validate_url'] = reverse( 'mkt.developers.apps.json_file_validation', args=[file_obj.version.addon.app_slug, file_obj.id]) if acl.check_reviewer(request): data['file_link'] = { 'text': _('Back to review'), 'url': reverse('reviewers.apps.review', args=[data['addon'].app_slug]) } else: data['file_link'] = { 'text': _('Back to app'), 'url': reverse('detail', args=[data['addon'].pk]) } return data
def in_app_config(request, addon_id, addon, webapp=True): if not addon.has_payment_account(): messages.error(request, _('No payment account for this app.')) return redirect( reverse('mkt.developers.apps.payments', args=[addon.app_slug])) # TODO: support multiple accounts. account = addon.single_pay_account() seller_config = get_seller_product(account) owner = acl.check_addon_ownership(request, addon) if request.method == 'POST': # Reset the in-app secret for the app. (client.api.generic.product(seller_config['resource_pk']).patch( data={'secret': generate_key(48)})) messages.success(request, _('Changes successfully saved.')) return redirect( reverse('mkt.developers.apps.in_app_config', args=[addon.app_slug])) return render(request, 'developers/payments/in-app-config.html', { 'addon': addon, 'owner': owner, 'seller_config': seller_config })
def reply(request, addon, review_id): is_admin = acl.action_allowed(request, 'Addons', 'Edit') is_author = acl.check_addon_ownership(request, addon, dev=True) if not (is_admin or is_author): return http.HttpResponseForbidden() review = get_object_or_404(Review.objects, pk=review_id, addon=addon) form = forms.ReviewReplyForm(request.POST or None) if request.method == 'POST' and form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for key, val in _review_details(request, addon, form).items(): setattr(reply, key, val) reply.save() action = 'New' if new else 'Edited' log.debug('%s reply to %s: %s' % (action, review_id, reply.id)) if new: reply_url = shared_url('reviews.detail', addon, review.id, add_prefix=False) data = {'name': addon.name, 'reply_title': reply.title, 'reply': reply.body, 'reply_url': absolutify(reply_url)} emails = [review.user.email] sub = u'Mozilla Add-on Developer Reply: %s' % addon.name send_mail('reviews/emails/reply_review.ltxt', sub, emails, Context(data), 'reply') return redirect(shared_url('reviews.detail', addon, review_id)) ctx = dict(review=review, form=form, addon=addon) return jingo.render(request, 'reviews/reply.html', ctx)
def wrapper(request, addon_id, *args, **kw): addon = get_object_or_404(Addon, id=addon_id) if acl.check_addon_ownership(request, addon, require_owner=False): return f(request, addon_id, addon, *args, **kw) else: return http.HttpResponseForbidden()
def review_list(request, addon, review_id=None, user_id=None, rating=None): qs = Review.objects.valid().filter(addon=addon).order_by('-created') ctx = {'product': addon, 'score': rating, 'review_perms': {}} if review_id is not None: qs = qs.filter(pk=review_id) ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review, pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review elif user_id is not None: qs = qs.filter(user=user_id) ctx['page'] = 'user' if not qs: raise http.Http404() else: ctx['page'] = 'list' qs = qs.filter(is_latest=True) ctx['ratings'] = ratings = amo.utils.paginate(request, qs, 20) if not ctx.get('reply'): ctx['replies'] = Review.get_replies(ratings.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.check_reviewer(request), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, ratings.object_list) ctx['has_review'] = addon.reviews.filter(user=request.user.id).exists() return jingo.render(request, 'ratings/listing.html', ctx)
def reply(request, addon, review_id): is_admin = acl.action_allowed(request, 'Addons', 'Edit') is_author = acl.check_addon_ownership(request, addon, dev=True) if not (is_admin or is_author): raise PermissionDenied review = get_object_or_404(Review.objects, pk=review_id, addon=addon) form = ReviewReplyForm(request.POST or None) if form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for k, v in _review_details(request, addon, form).items(): setattr(reply, k, v) reply.save() action = 'New' if new else 'Edited' if new: amo.log(amo.LOG.ADD_REVIEW, addon, reply) else: amo.log(amo.LOG.EDIT_REVIEW, addon, reply) log.debug('%s reply to %s: %s' % (action, review_id, reply.id)) messages.success( request, _('Your reply was successfully added.') if new else _('Your reply was successfully updated.')) return http.HttpResponse()
def reply(request, addon, review_id): is_admin = acl.action_allowed(request, 'Addons', 'Edit') is_author = acl.check_addon_ownership(request, addon, dev=True) if not (is_admin or is_author): raise PermissionDenied review = get_object_or_404(Review.objects, pk=review_id, addon=addon) form = ReviewReplyForm(request.POST or None) if form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for k, v in _review_details(request, addon, form).items(): setattr(reply, k, v) reply.save() action = 'New' if new else 'Edited' if new: amo.log(amo.LOG.ADD_REVIEW, addon, reply) else: amo.log(amo.LOG.EDIT_REVIEW, addon, reply) log.debug('%s reply to %s: %s' % (action, review_id, reply.id)) messages.success(request, _('Your reply was successfully added.') if new else _('Your reply was successfully updated.')) return http.HttpResponse()
def reply(request, addon, review_id): is_admin = acl.action_allowed(request, "Addons", "Edit") is_author = acl.check_addon_ownership(request, addon, dev=True) if not (is_admin or is_author): raise PermissionDenied review = get_object_or_404(Review.objects, pk=review_id, addon=addon) form = forms.ReviewReplyForm(request.POST or None) if request.method == "POST" and form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for key, val in _review_details(request, addon, form).items(): setattr(reply, key, val) reply.save() action = "New" if new else "Edited" log.debug("%s reply to %s: %s" % (action, review_id, reply.id)) if new: reply_url = shared_url("reviews.detail", addon, review.id, add_prefix=False) data = { "name": addon.name, "reply_title": reply.title, "reply": reply.body, "reply_url": absolutify(reply_url), } emails = [review.user.email] sub = u"Mozilla Add-on Developer Reply: %s" % addon.name send_mail("reviews/emails/reply_review.ltxt", sub, emails, Context(data), "reply") return redirect(shared_url("reviews.detail", addon, review_id)) ctx = dict(review=review, form=form, addon=addon) return render(request, "reviews/reply.html", ctx)
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id) if addon.is_disabled or file.status == amo.STATUS_DISABLED: if (acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True) or acl.check_addons_reviewer(request)): return HttpResponseSendFile(request, file.guarded_file_path, content_type='application/x-xpinstall') log.info(u'download file {file_id}: addon/file disabled or user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404() if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)): log.info(u'download file {file_id}: addon is unlisted but user ' u'{user_id} is not an owner'.format(file_id=file_id, user_id=request.user.pk)) raise http.Http404 # Not listed, not owner or admin. attachment = (type == 'attachment' or not request.APP.browser) loc = urlparams(file.get_mirror(addon, attachment=attachment), filehash=file.hash) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def owner_or_unlisted_reviewer(request, addon): return ( acl.check_unlisted_addons_reviewer(request) or # We don't want "admins" here, because it includes anyone with the # "Addons:Edit" perm, we only want those with # "Addons:ReviewUnlisted" perm (which is checked above). acl.check_addon_ownership( request, addon, admin=False, dev=True, viewer=True, support=True))
def in_app_products(request, addon_id, addon, webapp=True, account=None): owner = acl.check_addon_ownership(request, addon) products = addon.inappproduct_set.all() new_product = InAppProduct(webapp=addon) form = InAppProductForm() return render(request, 'developers/payments/in-app-products.html', {'addon': addon, 'form': form, 'new_product': new_product, 'owner': owner, 'products': products, 'form': form})
def wrapper(request, addon, *args, **kw): from mkt.submit.views import _resume if webapp: kw['webapp'] = addon.is_webapp() fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors and acl.check_reviewer(request): return fun() if staff and (acl.action_allowed(request, 'Apps', 'Configure') or acl.action_allowed(request, 'Apps', 'ViewConfiguration')): return fun() if support: # Let developers and support people do their thangs. if (acl.check_addon_ownership(request, addon, support=True) or acl.check_addon_ownership(request, addon, dev=True)): return fun() else: # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): if not skip_submit_check: try: # If it didn't go through the app submission # checklist. Don't die. This will be useful for # creating apps with an API later. step = addon.appsubmissionchecklist.get_next() except ObjectDoesNotExist: step = None # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() return http.HttpResponseForbidden()
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) if (version.source and (acl.check_addon_ownership(request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): return HttpResponseSendFile(request, version.source) raise http.Http404()
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) if (version.source and (acl.check_addon_ownership( request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): return HttpResponseSendFile(request, version.source.path) raise http.Http404()
def in_app_products(request, addon_id, addon, webapp=True, account=None): owner = acl.check_addon_ownership(request, addon) products = addon.inappproduct_set.all() new_product = InAppProduct(webapp=addon) form = InAppProductForm() return render( request, "developers/payments/in-app-products.html", {"addon": addon, "form": form, "new_product": new_product, "owner": owner, "products": products, "form": form}, )
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): log.info('Download of %s denied: disabled.' % (webapp.id)) raise http.Http404() # We treat blocked files like public files so users get the update. if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]: path = webapp.sign_if_packaged(file.version_id) else: # This is someone asking for an unsigned packaged app. if not acl.check_addon_ownership(request, webapp, dev=True): log.info('Download of %s denied: not signed yet.' % (webapp.id)) raise http.Http404() path = file.file_path # If it's a paid app and its not been paid for stop it downloading unless.. if webapp.is_premium(): if not request.user.is_authenticated(): log.info('Download of %s denied: not logged in.' % (webapp.id)) return http.HttpResponseForbidden() if not webapp.has_purchased(request.amo_user): # User hasn't purchased, are they a developer of the app, # or a reviewer? log.info('Download of %s: not purchased by user.' % (webapp.id)) if (not request.check_ownership(webapp, require_owner=False, ignore_disabled=True, admin=False) and not acl.check_reviewer(request, only='app')): log.info('Download of %s denied: not developer or reviewer.' % (webapp.id)) return http.HttpResponse(status=402) log.info('Downloading package: %s from %s' % (webapp.id, path)) return HttpResponseSendFile(request, path, content_type='application/zip', etag=file.hash.split(':')[-1])
def wrapper(request, addon, *args, **kw): fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.action_allowed(request, 'Editors', '%'): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() return http.HttpResponseForbidden()
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) if (version.source and (acl.check_addon_ownership(request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): res = HttpResponseSendFile(request, version.source.path) name = os.path.basename(version.source.path.replace('"', '')) res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name) return res raise http.Http404()
def wrapper(request, addon, *args, **kw): from devhub.views import _resume if webapp: kw["webapp"] = addon.is_webapp() fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.check_reviewer(request): return fun() # Require an owner or dev for POST requests. if request.method == "POST": if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, "submitting", False) and step: return _resume(addon, step) return fun() raise PermissionDenied
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_OBSOLETE: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() # We treat blocked files like public files so users get the update. if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]: path = webapp.sign_if_packaged(file.version_id) else: # This is someone asking for an unsigned packaged app. if not acl.check_addon_ownership(request, webapp, dev=True): raise http.Http404() path = file.file_path log.info("Downloading package: %s from %s" % (webapp.id, path)) return HttpResponseSendFile(request, path, content_type="application/zip", etag=file.hash.split(":")[-1])
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) webapp = get_object_or_404(Addon.objects, pk=file.version.addon_id, type=amo.ADDON_WEBAPP) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() log.info('Downloading: %s from %s' % (webapp.id, file.file_path)) return HttpResponseSendFile(request, file.file_path)
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() if file.status == amo.STATUS_PUBLIC: path = webapp.sign_if_packaged(file.version_id) else: # This is someone asking for an unsigned packaged app. if not acl.check_addon_ownership(request, webapp, dev=True): raise http.Http404() path = file.file_path log.info('Downloading package: %s from %s' % (webapp.id, path)) return HttpResponseSendFile(request, path, content_type='application/zip')
def in_app_products(request, addon_id, addon, webapp=True, account=None): owner = acl.check_addon_ownership(request, addon) products = addon.inappproduct_set.all() new_product = InAppProduct(webapp=addon) form = InAppProductForm() return render( request, 'developers/payments/in-app-products.html', { 'addon': addon, 'form': form, 'new_product': new_product, 'owner': owner, 'products': products, 'form': form })
def download_file(request, file_id, type=None): file = get_object_or_404(File, pk=file_id) webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True) if webapp.is_disabled or file.status == amo.STATUS_DISABLED: if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True): raise http.Http404() log.info('Downloading package: %s from %s' % (webapp.id, file.file_path)) path = webapp.sign_if_packaged(file.version_id) return HttpResponseSendFile(request, path, content_type='application/zip')
def get_app(self, ident): try: app = Webapp.objects.by_identifier(ident) except Webapp.DoesNotExist: raise Http404 current_region = get_region() if ((not app.is_public() or not app.listed_in(region=current_region)) and not check_addon_ownership(self.request, app)): # App owners and admin can see the app even if it's not public # or not available in the current region. Regular users or # anonymous users can't. raise PermissionDenied('The app requested is not public or not ' 'available in region "%s".' % current_region.slug) return app
def allowed(request, file): allowed = acl.check_reviewer(request) if not allowed: try: addon = file.version.addon except ObjectDoesNotExist: return http.Http404() if addon.view_source and addon.status in amo.REVIEWED_STATUSES: allowed = True else: allowed = acl.check_addon_ownership(request, addon, viewer=True, dev=True) if not allowed: raise PermissionDenied return True
def allowed(request, file): allowed = action_allowed(request, 'Editors', '%') if not allowed: try: addon = file.version.addon except ObjectDoesNotExist: return http.Http404() if addon.view_source and addon.status in amo.REVIEWED_STATUSES: allowed = True else: allowed = check_addon_ownership(request, addon, viewer=True, dev=True) if not allowed: return http.HttpResponseForbidden() return True
def download_source(request, version_id): version = get_object_or_404(Version, pk=version_id) # General case: addon is listed. if version.addon.is_listed: if not (version.source and (acl.check_addon_ownership( request, version.addon, viewer=True, ignore_disabled=True) or acl.action_allowed(request, 'Editors', 'BinarySource'))): raise http.Http404() else: if not owner_or_unlisted_reviewer(request, version.addon): raise http.Http404 # Not listed, not owner or admin. res = HttpResponseSendFile(request, version.source.path) name = os.path.basename(version.source.path.replace('"', '')) res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name) return res
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.objects, pk=file.version.addon_id) if addon.is_disabled or file.status == amo.STATUS_DISABLED: if acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): return HttpResponseSendFile(request, file.guarded_file_path, content_type='application/xp-install') else: raise http.Http404() attachment = (type == 'attachment' or not request.APP.browser) loc = file.get_mirror(addon, attachment=attachment) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def feed(request, addon_id=None): if request.GET.get('privaterss'): return feeds.ActivityFeedRSS()(request) addon_selected = None if not request.user.is_authenticated(): url = reverse('users.login') p = urlquote(request.get_full_path()) return http.HttpResponseRedirect('%s?to=%s' % (url, p)) else: addons_all = request.amo_user.addons.all() if addon_id: addon = get_object_or_404(Addon.objects.id_or_slug(addon_id)) addons = addon # common query set try: key = RssKey.objects.get(addon=addons) except RssKey.DoesNotExist: key = RssKey.objects.create(addon=addons) addon_selected = addon.id rssurl = urlparams(reverse('devhub.feed', args=[addon_id]), privaterss=key.key) if not acl.check_addon_ownership(request, addons, viewer=True, ignore_disabled=True): return http.HttpResponseForbidden() else: rssurl = _get_rss_feed(request) addon = None addons = addons_all action = request.GET.get('action') items = _get_items(action, addons) activities = _get_activities(request, action) addon_items = _get_addons(request, addons_all, addon_selected, action) pager = amo.utils.paginate(request, items, 20) data = dict(addons=addon_items, pager=pager, activities=activities, rss=rssurl, addon=addon) return jingo.render(request, 'devhub/addons/activity.html', data)
def review_list(request, addon, review_id=None, user_id=None, rating=None): qs = Rating.objects.valid().filter(addon=addon).order_by('-created') ctx = {'product': addon, 'score': rating, 'review_perms': {}} # If we want to filter by only positive or only negative. score = {'positive': 1, 'negative': -1}.get(rating) if score: qs = qs.filter(score=score) if review_id is not None: qs = qs.filter(pk=review_id) ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Rating, pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review elif user_id is not None: qs = qs.filter(user=user_id) ctx['page'] = 'user' if not qs: raise http.Http404() else: ctx['page'] = 'list' qs = qs.filter(is_latest=True) ctx['ratings'] = ratings = amo.utils.paginate(request, qs) ctx['replies'] = Rating.get_replies(ratings.object_list) ctx['review_history'] = [[2, 12], [50, 2], [3, 0], [4, 1]] if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.check_reviewer(request), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, ratings.object_list) return jingo.render(request, 'ratings/listing.html', ctx)
def wrapper(*args, **kw): request = args[1] addon_id = kw['addon_id'] try: addon = Addon.objects.id_or_slug(addon_id).get() except: return rc.NOT_HERE if not acl.check_addon_ownership(request, addon, viewer=True): return rc.FORBIDDEN if 'version_id' in kw: try: version = Version.objects.get(addon=addon, pk=kw['version_id']) except Version.DoesNotExist: return rc.NOT_HERE return f(*args, addon=addon, version=version) else: return f(*args, addon=addon)
def allowed(request, file): try: addon = file.version.addon except ObjectDoesNotExist: raise http.Http404 # General case: addon is listed. if addon.is_listed: if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or acl.check_addons_reviewer(request) or acl.check_addon_ownership( request, addon, viewer=True, dev=True)): return True # Public and sources are visible, or reviewer. raise PermissionDenied # Listed but not allowed. # Not listed? Needs an owner or an "unlisted" admin. else: if owner_or_unlisted_reviewer(request, addon): return True raise http.Http404 # Not listed, not owner or admin.
def review_list(request, addon, review_id=None, user_id=None, template=None): q = (Review.objects.valid().filter(addon=addon).order_by('-created')) ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review q = q.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' q = q.filter(user=user_id) if not q: raise http.Http404() else: ctx['page'] = 'list' q = q.filter(is_latest=True) ctx['reviews'] = reviews = amo.utils.paginate(request, q) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.check_reviewer(request), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return jingo.render(request, template, ctx)