def wrapper(*args, **kw): request = args[1] version_id = kw.get('version_id') addon_id = kw.get('addon_id') if version_id: try: version = Version.objects.get(addon=addon_id, pk=version_id) addon = version.addon except Version.DoesNotExist: return rc.NOT_HERE if not acl.check_ownership(request, addon): return rc.FORBIDDEN return f(*args, addon=addon, version=version) elif addon_id: try: addon = Addon.objects.get(pk=addon_id) except: return rc.NOT_HERE if not acl.check_ownership(request, addon): return rc.FORBIDDEN return f(*args, addon=addon)
def handle(self, bundle, request, **kwargs): form = ReceiptForm(bundle.data) if not form.is_valid(): raise self.form_errors(form) bundle.obj = form.cleaned_data['app'] # Developers get handled quickly. if check_ownership(request, bundle.obj, require_owner=False, ignore_disabled=True, admin=False): return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER) # The app must be public and if its a premium app, you # must have purchased it. if not bundle.obj.is_public(): log.info('App not public: %s' % bundle.obj.pk) raise ImmediateHttpResponse(response=http.HttpForbidden()) if (bundle.obj.is_premium() and not bundle.obj.has_purchased(request.amo_user)): log.info('App not purchased: %s' % bundle.obj.pk) raise ImmediateHttpResponse(response=HttpPaymentRequired()) # Anonymous users will fall through, they don't need anything else # handling. if request.user.is_authenticated(): return self.record(bundle, request, apps.INSTALL_TYPE_USER)
def download_file(request, file_id, type=None): file = get_object_or_404(File.objects, pk=file_id) addon = get_object_or_404(Addon.objects.all().no_transforms(), pk=file.version.addon_id) if (addon.status == amo.STATUS_DISABLED and not acl.check_ownership(request, addon)): raise http.Http404() attachment = (type == 'attachment' or not request.APP.browser) if file.datestatuschanged: published = datetime.now() - file.datestatuschanged else: published = timedelta(minutes=0) if attachment: host = posixpath.join(settings.LOCAL_MIRROR_URL, '_attachments') elif (addon.status == file.status == amo.STATUS_PUBLIC and published > timedelta(minutes=settings.MIRROR_DELAY) and not settings.DEBUG): host = settings.MIRROR_URL # Send it to the mirrors. else: host = settings.LOCAL_MIRROR_URL loc = posixpath.join(*map(smart_str, [host, addon.id, file.filename])) response = http.HttpResponseRedirect(loc) response['X-Target-Digest'] = file.hash return response
def collection_detail(request, username, slug): c = get_object_or_404(Collection.objects, author__nickname=username, slug=slug) base = c.addons.all() & Addon.objects.listed(request.APP) filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(c) count = CollectionAddon.objects.filter( Addon.objects.valid_q(prefix='addon__'), collection=c.id).count() addons = amo.utils.paginate(request, filter.qs, per_page=15, count=count) if c.author_id: qs = Collection.objects.listed().filter(author=c.author) others = amo.utils.randslice(qs, limit=4, exclude=c.id) else: others = [] perms = { 'view_stats': acl.check_ownership(request, c, require_owner=False), } tag_ids = c.top_tags tags = Tag.objects.filter(id__in=tag_ids) if tag_ids else [] return jingo.render(request, 'bandwagon/collection_detail.html', {'collection': c, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'perms': perms})
def install_type(request, app): if check_ownership(request, app, require_owner=False, ignore_disabled=True, admin=False): return INSTALL_TYPE_DEVELOPER return INSTALL_TYPE_USER
def app_header(context, app, page_type=''): t = env.get_template('lookup/helpers/app_header.html') is_author = acl.check_ownership(context['request'], app) is_operator = any(g.name == 'Operators' for g in context['request'].groups) is_admin = acl.action_allowed(context['request'], 'Users', 'Edit') is_staff = acl.action_allowed(context['request'], 'Apps', 'Configure') is_reviewer = acl.check_reviewer(context['request']) return jinja2.Markup(t.render(app=app, page_type=page_type, is_admin=is_admin, is_staff=is_staff, is_reviewer=is_reviewer, is_author=is_author, is_operator=is_operator))
def collection_detail(request, username, slug): c = get_collection(request, username, slug) if not c.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, c): raise PermissionDenied if request.GET.get('format') == 'rss': return http.HttpResponsePermanentRedirect(c.feed_url()) base = Addon.objects.valid() & c.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(c) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter(Addon.objects.valid_q( amo.VALID_STATUSES, prefix='addon__'), collection=c.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({c.flush_key(): keys}) if c.author_id: qs = Collection.objects.listed().filter(author=c.author) others = amo.utils.randslice(qs, limit=4, exclude=c.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership(request, c, require_owner=False), } tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else [] return render_cat( request, 'bandwagon/collection_detail.html', { 'collection': c, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms })
def app_header(context, app, page_type=''): t = env.get_template('lookup/helpers/app_header.html') is_author = acl.check_ownership(context['request'], app) is_operator = any(g.name == 'Operators' for g in context['request'].groups) is_admin = acl.action_allowed(context['request'], 'Users', 'Edit') is_staff = acl.action_allowed(context['request'], 'Apps', 'Configure') is_reviewer = acl.check_reviewer(context['request']) return jinja2.Markup( t.render(app=app, page_type=page_type, is_admin=is_admin, is_staff=is_staff, is_reviewer=is_reviewer, is_author=is_author, is_operator=is_operator))
def collection_detail(request, username, slug): c = get_collection(request, username, slug) if not c.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, c): raise PermissionDenied if request.GET.get("format") == "rss": return http.HttpResponsePermanentRedirect(c.feed_url()) base = Addon.objects.valid() & c.addons.all() filter = CollectionAddonFilter(request, base, key="sort", default="popular") notes = get_notes(c) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter(Addon.objects.valid_q(amo.VALID_STATUSES, prefix="addon__"), collection=c.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({c.flush_key(): keys}) if c.author_id: qs = Collection.objects.listed().filter(author=c.author) others = amo.utils.randslice(qs, limit=4, exclude=c.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = {"view_stats": acl.check_ownership(request, c, require_owner=False)} tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else [] return render( request, "bandwagon/collection_detail.html", { "collection": c, "filter": filter, "addons": addons, "notes": notes, "author_collections": others, "tags": tags, "user_perms": user_perms, }, )
def review_list(request, addon_id, review_id=None, user_id=None): addon = get_object_or_404(Addon.objects.valid(), id=addon_id) q = (Review.objects.valid().filter(addon=addon) .order_by('-created')) ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon_id)} ctx.update(flag_context()) ctx['form'] = forms.ReviewForm(None) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review q = q.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' q = q.filter(user=user_id) else: ctx['page'] = 'list' q = q.filter(is_latest=True) ctx['reviews'] = reviews = amo.utils.paginate(request, q) if not reviews.object_list: raise http.Http404() ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Admin', 'EditAnyAddon'), 'is_editor': acl.action_allowed(request, 'Editor', '%'), 'is_author': acl.check_ownership(request, addon, require_owner=True), 'can_delete': acl.action_allowed(request, 'Editors', 'DeleteReview'), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return jingo.render(request, 'reviews/review_list.html', ctx)
def collection_detail(request, username, slug): c = get_collection(request, username, slug) if not (c.listed or acl.check_collection_ownership(request, c)): return http.HttpResponseForbidden() if request.GET.get('format') == 'rss': return redirect(c.feed_url(), permanent=True) base = Addon.objects.valid() & c.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(c) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.valid_q(amo.VALID_STATUSES, prefix='addon__'), collection=c.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({c.flush_key(): keys}) if c.author_id: qs = Collection.objects.listed().filter(author=c.author) others = amo.utils.randslice(qs, limit=4, exclude=c.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership(request, c, require_owner=False), } tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else [] return render(request, 'bandwagon/collection_detail.html', {'collection': c, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms})
def reply(request, addon_id, review_id): addon = get_object_or_404(Addon.objects.valid(), id=addon_id) is_admin = acl.action_allowed(request, 'Admin', 'EditAnyAddon') is_author = acl.check_ownership(request, addon, require_owner=True) if not (is_admin or is_author): return http.HttpResponseForbidden() review = get_object_or_404(Review.objects, pk=review_id, addon=addon_id) form = forms.ReviewReplyForm(request.POST or None) if request.method == 'POST': if form.is_valid(): d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user)) reply, new = Review.objects.get_or_create(**d) for key, val in _review_details(request, addon, form).items(): setattr(reply, key, val) reply.save() action = 'New' if new else 'Edited' log.debug('%s reply to %s: %s' % (action, review_id, reply.id)) return redirect('reviews.detail', addon_id, review_id) ctx = dict(review=review, form=form, addon=addon) ctx.update(flag_context()) return jingo.render(request, 'reviews/reply.html', ctx)
def handle(self, bundle, request, **kwargs): form = ReceiptForm(bundle.data) if not form.is_valid(): raise self.form_errors(form) bundle.obj = form.cleaned_data['app'] # Developers get handled quickly. if check_ownership(request, bundle.obj, require_owner=False, ignore_disabled=True, admin=False): return self.record(bundle, request, apps.INSTALL_TYPE_DEVELOPER) # The app must be public and if its a premium app, you # must have purchased it. if not bundle.obj.is_public(): log.info('App not public: %s' % bundle.obj.pk) raise http_error(http.HttpForbidden, 'App not public.') if (bundle.obj.is_premium() and not bundle.obj.has_purchased(request.amo_user)): # Apps that are premium but have no charge will get an # automatic purchase record created. This will ensure that # the receipt will work into the future if the price changes. if bundle.obj.premium and not bundle.obj.premium.has_price(): log.info('Create purchase record: {0}'.format(bundle.obj.pk)) AddonPurchase.objects.get_or_create(addon=bundle.obj, user=request.amo_user, type=CONTRIB_NO_CHARGE) else: log.info('App not purchased: %s' % bundle.obj.pk) raise http_error(HttpPaymentRequired, 'You have not purchased this app.') # Anonymous users will fall through, they don't need anything else # handling. if request.user.is_authenticated(): return self.record(bundle, request, apps.INSTALL_TYPE_USER)