コード例 #1
0
ファイル: decorators.py プロジェクト: dimagi/commcare-hq
    def _inner(req, domain, *args, **kwargs):
        user = req.user
        domain_name, domain = load_domain(req, domain)
        if not domain:
            msg = _('The domain "{domain}" was not found.').format(domain=domain_name)
            raise Http404(msg)

        if user.is_authenticated and user.is_active:
            if not domain.is_active:
                msg = _(
                    'The project space "{domain}" has not yet been activated. '
                    'Please report an issue if you think this is a mistake.'
                ).format(domain=domain_name)
                messages.info(req, msg)
                return HttpResponseRedirect(reverse("domain_select"))
            couch_user = _ensure_request_couch_user(req)
            if couch_user.is_member_of(domain):
                # If the two factor toggle is on, require it for all users.
                if (
                    _two_factor_required(view_func, domain, couch_user)
                    and not getattr(req, 'bypass_two_factor', False)
                    and not user.is_verified()
                ):
                    return TemplateResponse(
                        request=req,
                        template='two_factor/core/otp_required.html',
                        status=403,
                    )
                else:
                    return view_func(req, domain_name, *args, **kwargs)

            elif (
                _page_is_whitelist(req.path, domain_name) or
                not domain.restrict_superusers
            ) and user.is_superuser:
                # superusers can circumvent domain permissions.
                return view_func(req, domain_name, *args, **kwargs)
            elif domain.is_snapshot:
                # snapshots are publicly viewable
                return require_previewer(view_func)(req, domain_name, *args, **kwargs)
            elif couch_user.is_web_user() and domain.allow_domain_requests:
                from corehq.apps.users.views import DomainRequestView
                return DomainRequestView.as_view()(req, *args, **kwargs)
            else:
                raise Http404
        elif (
            req.path.startswith('/a/{}/reports/custom'.format(domain_name)) and
            PUBLISH_CUSTOM_REPORTS.enabled(domain_name)
        ):
            return view_func(req, domain_name, *args, **kwargs)
        else:
            login_url = reverse('domain_login', kwargs={'domain': domain_name})
            return redirect_for_login_or_domain(req, login_url=login_url)
コード例 #2
0
    def _inner(req, domain, *args, **kwargs):
        user = req.user
        domain_name, domain_obj = load_domain(req, domain)

        def call_view():
            return view_func(req, domain_name, *args, **kwargs)

        if not domain_obj:
            msg = _('The domain "{domain}" was not found.').format(
                domain=domain_name)
            raise Http404(msg)

        if not (user.is_authenticated and user.is_active):
            if _is_public_custom_report(req.path, domain_name):
                return call_view()
            else:
                login_url = reverse('domain_login',
                                    kwargs={'domain': domain_name})
                return redirect_for_login_or_domain(req, login_url=login_url)

        couch_user = _ensure_request_couch_user(req)
        if not domain_obj.is_active:
            return _inactive_domain_response(req, domain_name)
        if domain_obj.is_snapshot:
            if not hasattr(req,
                           'couch_user') or not req.couch_user.is_previewer():
                raise Http404()
            return call_view()

        if couch_user.is_member_of(domain_obj, allow_mirroring=True):
            if _is_missing_two_factor(view_func, req):
                return TemplateResponse(
                    request=req,
                    template='two_factor/core/otp_required.html',
                    status=403)
            elif not _can_access_project_page(req):
                return _redirect_to_project_access_upgrade(req)
            else:
                return call_view()
        elif user.is_superuser:
            if domain_obj.restrict_superusers and not _page_is_whitelisted(
                    req.path, domain_obj.name):
                from corehq.apps.hqwebapp.views import no_permissions
                msg = "This project space restricts superuser access.  You must request an invite to access it."
                return no_permissions(req, message=msg)
            if not _can_access_project_page(req):
                return _redirect_to_project_access_upgrade(req)
            return call_view()
        elif couch_user.is_web_user() and domain_obj.allow_domain_requests:
            from corehq.apps.users.views import DomainRequestView
            return DomainRequestView.as_view()(req, *args, **kwargs)
        else:
            raise Http404
コード例 #3
0
    def _inner(req, domain, *args, **kwargs):
        user = req.user
        domain_name, domain = load_domain(req, domain)
        if domain:
            if user.is_authenticated and user.is_active:
                if not domain.is_active:
                    msg = _((
                        'The domain "{domain}" has not yet been activated. '
                        'Please report an issue if you think this is a mistake.'
                    ).format(domain=domain_name))
                    messages.info(req, msg)
                    return HttpResponseRedirect(reverse("domain_select"))
                if hasattr(req, "couch_user"):
                    couch_user = req.couch_user  # set by user middleware
                else:
                    # some views might not have this set
                    couch_user = CouchUser.from_django_user(user)
                if couch_user.is_member_of(domain):
                    if domain.two_factor_auth and not user.is_verified(
                    ) and not couch_user.two_factor_disabled:
                        return TemplateResponse(
                            request=req,
                            template='two_factor/core/otp_required.html',
                            status=403,
                        )
                    else:
                        return view_func(req, domain_name, *args, **kwargs)

                elif (_page_is_whitelist(req.path, domain_name)
                      or not domain.restrict_superusers) and user.is_superuser:
                    # superusers can circumvent domain permissions.
                    return view_func(req, domain_name, *args, **kwargs)
                elif domain.is_snapshot:
                    # snapshots are publicly viewable
                    return require_previewer(view_func)(req, domain_name,
                                                        *args, **kwargs)
                elif domain.allow_domain_requests:
                    from corehq.apps.users.views import DomainRequestView
                    return DomainRequestView.as_view()(req, *args, **kwargs)
                else:
                    raise Http404
            elif (req.path.startswith(
                    u'/a/{}/reports/custom'.format(domain_name))
                  and PUBLISH_CUSTOM_REPORTS.enabled(domain_name)):
                return view_func(req, domain_name, *args, **kwargs)
            else:
                login_url = reverse('domain_login', kwargs={'domain': domain})
                return _redirect_for_login_or_domain(req, REDIRECT_FIELD_NAME,
                                                     login_url)
        else:
            msg = _(('The domain "{domain}" was not found.').format(
                domain=domain_name))
            raise Http404(msg)
コード例 #4
0
    def _inner(req, domain, *args, **kwargs):
        user = req.user
        domain_name, domain = load_domain(req, domain)
        if not domain:
            msg = _('The domain "{domain}" was not found.').format(
                domain=domain_name)
            raise Http404(msg)

        if user.is_authenticated and user.is_active:
            if not domain.is_active:
                msg = _(
                    'The project space "{domain}" has not yet been activated. '
                    'Please report an issue if you think this is a mistake.'
                ).format(domain=domain_name)
                messages.info(req, msg)
                return HttpResponseRedirect(reverse("domain_select"))
            couch_user = _ensure_request_couch_user(req)
            if couch_user.is_member_of(domain):
                # If the two factor toggle is on, require it for all users.
                if (_two_factor_required(view_func, domain, couch_user)
                        and not getattr(req, 'bypass_two_factor', False)
                        and not user.is_verified()):
                    return TemplateResponse(
                        request=req,
                        template='two_factor/core/otp_required.html',
                        status=403,
                    )
                else:
                    return view_func(req, domain_name, *args, **kwargs)

            elif (_page_is_whitelist(req.path, domain_name)
                  or not domain.restrict_superusers) and user.is_superuser:
                # superusers can circumvent domain permissions.
                return view_func(req, domain_name, *args, **kwargs)
            elif domain.is_snapshot:
                # snapshots are publicly viewable
                return require_previewer(view_func)(req, domain_name, *args,
                                                    **kwargs)
            elif couch_user.is_web_user() and domain.allow_domain_requests:
                from corehq.apps.users.views import DomainRequestView
                return DomainRequestView.as_view()(req, *args, **kwargs)
            else:
                raise Http404
        elif (req.path.startswith('/a/{}/reports/custom'.format(domain_name))
              and PUBLISH_CUSTOM_REPORTS.enabled(domain_name)):
            return view_func(req, domain_name, *args, **kwargs)
        else:
            login_url = reverse('domain_login', kwargs={'domain': domain_name})
            return redirect_for_login_or_domain(req, login_url=login_url)
コード例 #5
0
ファイル: decorators.py プロジェクト: saketkanth/commcare-hq
    def _inner(req, domain, *args, **kwargs):
        user = req.user
        domain_name, domain = load_domain(req, domain)
        if domain:
            if user.is_authenticated() and user.is_active:
                if not domain.is_active:
                    msg = _((
                        'The domain "{domain}" has been deactivated. '
                        'Please report an issue if you think this is a mistake.'
                    ).format(domain=domain_name))
                    messages.info(req, msg)
                    return HttpResponseRedirect(reverse("domain_select"))
                if hasattr(req, "couch_user"):
                    couch_user = req.couch_user # set by user middleware
                else:
                    # some views might not have this set
                    couch_user = CouchUser.from_django_user(user)
                if couch_user.is_member_of(domain):
                    if domain.two_factor_auth and not user.is_verified():
                        return TemplateResponse(
                            request=req,
                            template='two_factor/core/otp_required.html',
                            status=403,
                        )
                    else:
                        return view_func(req, domain_name, *args, **kwargs)

                elif (
                    _page_is_whitelist(req.path, domain_name) or
                    not domain.restrict_superusers
                ) and user.is_superuser:
                    # superusers can circumvent domain permissions.
                    return view_func(req, domain_name, *args, **kwargs)
                elif domain.is_snapshot:
                    # snapshots are publicly viewable
                    return require_previewer(view_func)(req, domain_name, *args, **kwargs)
                elif domain.allow_domain_requests:
                    from corehq.apps.users.views import DomainRequestView
                    return DomainRequestView.as_view()(req, *args, **kwargs)
                else:
                    raise Http404
            else:
                login_url = reverse('domain_login', kwargs={'domain': domain})
                return _redirect_for_login_or_domain(req, REDIRECT_FIELD_NAME, login_url)
        else:
            msg = _(('The domain "{domain}" was not found.').format(domain=domain_name))
            raise Http404(msg)
コード例 #6
0
    def _inner(req, domain, *args, **kwargs):
        user = req.user
        domain_name, domain_obj = load_domain(req, domain)

        def call_view():
            return view_func(req, domain_name, *args, **kwargs)

        if not domain_obj:
            msg = _('The domain "{domain}" was not found.').format(
                domain=domain_name)
            raise Http404(msg)

        if not (user.is_authenticated and user.is_active):
            if _is_public_custom_report(req.path, domain_name):
                return call_view()
            else:
                login_url = reverse('domain_login',
                                    kwargs={'domain': domain_name})
                return redirect_for_login_or_domain(req, login_url=login_url)

        couch_user = _ensure_request_couch_user(req)
        if not domain_obj.is_active:
            return _inactive_domain_response(req, domain_name)
        if domain_obj.is_snapshot:
            if not hasattr(req,
                           'couch_user') or not req.couch_user.is_previewer():
                raise Http404()
            return call_view()

        if couch_user.is_member_of(domain_obj, allow_mirroring=True):
            if _is_missing_two_factor(view_func, req):
                return TemplateResponse(
                    request=req,
                    template='two_factor/core/otp_required.html',
                    status=403)
            elif not _can_access_project_page(req):
                return _redirect_to_project_access_upgrade(req)
            elif (ENTERPRISE_SSO.enabled_for_request(
                    req)  # safety check. next line was not formally QA'd yet
                  and is_request_blocked_from_viewing_domain_due_to_sso(
                      req, domain_obj)):
                # Important! Make sure this is always the final check prior
                # to returning call_view() below
                return render_untrusted_identity_provider_for_domain_view(
                    req, domain_obj)
            else:
                return call_view()
        elif user.is_superuser:
            if domain_obj.restrict_superusers and not _page_is_whitelisted(
                    req.path, domain_obj.name):
                from corehq.apps.hqwebapp.views import no_permissions
                msg = "This project space restricts superuser access.  You must request an invite to access it."
                return no_permissions(req, message=msg)
            if not _can_access_project_page(req):
                return _redirect_to_project_access_upgrade(req)
            if (ENTERPRISE_SSO.enabled_for_request(
                    req)  # safety check. next line was not formally QA'd yet
                    and is_request_using_sso(req)):
                # We will not support SSO for superusers at this time
                return HttpResponseForbidden(
                    "SSO support is not currently available for superusers.")
            return call_view()
        elif couch_user.is_web_user() and domain_obj.allow_domain_requests:
            from corehq.apps.users.views import DomainRequestView
            return DomainRequestView.as_view()(req, *args, **kwargs)
        else:
            raise Http404