def wrapper(request, addon, *args, **kw): # If there is a 'token' in request.GET we either return 200 or 403. # Otherwise we treat it like a normal django view and redirect to a # login page or check for Apps:Review permissions. allowed = False token = request.GET.get('token') if token and Token.pop(token, data={'app_id': addon.id}): log.info('Token for app:%s was successfully used' % addon.id) allowed = True elif not token and not request.user.is_authenticated(): return redirect_for_login(request) elif acl.action_allowed(request, 'Apps', 'Review'): allowed = True if allowed: if token: log.info('Token provided for app:%s and all was happy' % addon.id) else: log.info('Apps:Review (no token) all happy for app:%s' % addon.id) return f(request, addon, *args, **kw) else: if token: log.info('Token provided for app:%s but was not valid' % addon.id) else: log.info('Apps:Review permissions not met for app:%s' % addon.id) raise PermissionDenied
def wrapper(request, username, *args, **kw): """If the author is `mine` then show the current user's collection.""" if username == 'mine': if not request.amo_user: return redirect_for_login(request) username = request.amo_user.username return f(request, username, *args, **kw)
def wrapper(request, *args, **kw): if request.user.is_authenticated(): return func(request, *args, **kw) else: if redirect: return redirect_for_login(request) else: return http.HttpResponse(status=401)
def collection_detail(request, username, slug): c = get_collection(request, username, slug) if not c.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, c): raise PermissionDenied if request.GET.get('format') == 'rss': return http.HttpResponsePermanentRedirect(c.feed_url()) base = Addon.objects.valid() & c.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(c) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter(Addon.objects.valid_q( amo.VALID_STATUSES, prefix='addon__'), collection=c.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({c.flush_key(): keys}) if c.author_id: qs = Collection.objects.listed().filter(author=c.author) others = amo.utils.randslice(qs, limit=4, exclude=c.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership(request, c, require_owner=False), } tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else [] return render_cat( request, 'bandwagon/collection_detail.html', { 'collection': c, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms })
def collection_detail(request, username, slug): c = get_collection(request, username, slug) if not c.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, c): raise PermissionDenied if request.GET.get("format") == "rss": return http.HttpResponsePermanentRedirect(c.feed_url()) base = Addon.objects.valid() & c.addons.all() filter = CollectionAddonFilter(request, base, key="sort", default="popular") notes = get_notes(c) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter(Addon.objects.valid_q(amo.VALID_STATUSES, prefix="addon__"), collection=c.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({c.flush_key(): keys}) if c.author_id: qs = Collection.objects.listed().filter(author=c.author) others = amo.utils.randslice(qs, limit=4, exclude=c.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = {"view_stats": acl.check_ownership(request, c, require_owner=False)} tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else [] return render( request, "bandwagon/collection_detail.html", { "collection": c, "filter": filter, "addons": addons, "notes": notes, "author_collections": others, "tags": tags, "user_perms": user_perms, }, )