def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if not domain:
msg = _('The domain "{domain}" was not found.').format(domain=domain_name)
raise Http404(msg)
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _(
'The project space "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name)
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
couch_user = _ensure_request_couch_user(req)
if couch_user.is_member_of(domain):
# If the two factor toggle is on, require it for all users.
if (
_two_factor_required(view_func, domain, couch_user)
and not getattr(req, 'bypass_two_factor', False)
and not user.is_verified()
):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (
_page_is_whitelist(req.path, domain_name) or
not domain.restrict_superusers
) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name, *args, **kwargs)
elif couch_user.is_web_user() and domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (
req.path.startswith('/a/{}/reports/custom'.format(domain_name)) and
PUBLISH_CUSTOM_REPORTS.enabled(domain_name)
):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain_obj = load_domain(req, domain)
def call_view():
return view_func(req, domain_name, *args, **kwargs)
if not domain_obj:
msg = _('The domain "{domain}" was not found.').format(
domain=domain_name)
raise Http404(msg)
if not (user.is_authenticated and user.is_active):
if _is_public_custom_report(req.path, domain_name):
return call_view()
else:
login_url = reverse('domain_login',
kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
couch_user = _ensure_request_couch_user(req)
if not domain_obj.is_active:
return _inactive_domain_response(req, domain_name)
if domain_obj.is_snapshot:
if not hasattr(req,
'couch_user') or not req.couch_user.is_previewer():
raise Http404()
return call_view()
if couch_user.is_member_of(domain_obj, allow_mirroring=True):
if _is_missing_two_factor(view_func, req):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403)
elif not _can_access_project_page(req):
return _redirect_to_project_access_upgrade(req)
else:
return call_view()
elif user.is_superuser:
if domain_obj.restrict_superusers and not _page_is_whitelisted(
req.path, domain_obj.name):
from corehq.apps.hqwebapp.views import no_permissions
msg = "This project space restricts superuser access. You must request an invite to access it."
return no_permissions(req, message=msg)
if not _can_access_project_page(req):
return _redirect_to_project_access_upgrade(req)
return call_view()
elif couch_user.is_web_user() and domain_obj.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if domain:
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _((
'The domain "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name))
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
if hasattr(req, "couch_user"):
couch_user = req.couch_user # set by user middleware
else:
# some views might not have this set
couch_user = CouchUser.from_django_user(user)
if couch_user.is_member_of(domain):
if domain.two_factor_auth and not user.is_verified(
) and not couch_user.two_factor_disabled:
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (_page_is_whitelist(req.path, domain_name)
or not domain.restrict_superusers) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name,
*args, **kwargs)
elif domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (req.path.startswith(
u'/a/{}/reports/custom'.format(domain_name))
and PUBLISH_CUSTOM_REPORTS.enabled(domain_name)):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain})
return _redirect_for_login_or_domain(req, REDIRECT_FIELD_NAME,
login_url)
else:
msg = _(('The domain "{domain}" was not found.').format(
domain=domain_name))
raise Http404(msg)
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if not domain:
msg = _('The domain "{domain}" was not found.').format(
domain=domain_name)
raise Http404(msg)
if user.is_authenticated and user.is_active:
if not domain.is_active:
msg = _(
'The project space "{domain}" has not yet been activated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name)
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
couch_user = _ensure_request_couch_user(req)
if couch_user.is_member_of(domain):
# If the two factor toggle is on, require it for all users.
if (_two_factor_required(view_func, domain, couch_user)
and not getattr(req, 'bypass_two_factor', False)
and not user.is_verified()):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (_page_is_whitelist(req.path, domain_name)
or not domain.restrict_superusers) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name, *args,
**kwargs)
elif couch_user.is_web_user() and domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
elif (req.path.startswith('/a/{}/reports/custom'.format(domain_name))
and PUBLISH_CUSTOM_REPORTS.enabled(domain_name)):
return view_func(req, domain_name, *args, **kwargs)
else:
login_url = reverse('domain_login', kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain = load_domain(req, domain)
if domain:
if user.is_authenticated() and user.is_active:
if not domain.is_active:
msg = _((
'The domain "{domain}" has been deactivated. '
'Please report an issue if you think this is a mistake.'
).format(domain=domain_name))
messages.info(req, msg)
return HttpResponseRedirect(reverse("domain_select"))
if hasattr(req, "couch_user"):
couch_user = req.couch_user # set by user middleware
else:
# some views might not have this set
couch_user = CouchUser.from_django_user(user)
if couch_user.is_member_of(domain):
if domain.two_factor_auth and not user.is_verified():
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
return view_func(req, domain_name, *args, **kwargs)
elif (
_page_is_whitelist(req.path, domain_name) or
not domain.restrict_superusers
) and user.is_superuser:
# superusers can circumvent domain permissions.
return view_func(req, domain_name, *args, **kwargs)
elif domain.is_snapshot:
# snapshots are publicly viewable
return require_previewer(view_func)(req, domain_name, *args, **kwargs)
elif domain.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404
else:
login_url = reverse('domain_login', kwargs={'domain': domain})
return _redirect_for_login_or_domain(req, REDIRECT_FIELD_NAME, login_url)
else:
msg = _(('The domain "{domain}" was not found.').format(domain=domain_name))
raise Http404(msg)
def _inner(req, domain, *args, **kwargs):
user = req.user
domain_name, domain_obj = load_domain(req, domain)
def call_view():
return view_func(req, domain_name, *args, **kwargs)
if not domain_obj:
msg = _('The domain "{domain}" was not found.').format(
domain=domain_name)
raise Http404(msg)
if not (user.is_authenticated and user.is_active):
if _is_public_custom_report(req.path, domain_name):
return call_view()
else:
login_url = reverse('domain_login',
kwargs={'domain': domain_name})
return redirect_for_login_or_domain(req, login_url=login_url)
couch_user = _ensure_request_couch_user(req)
if not domain_obj.is_active:
return _inactive_domain_response(req, domain_name)
if domain_obj.is_snapshot:
if not hasattr(req,
'couch_user') or not req.couch_user.is_previewer():
raise Http404()
return call_view()
if couch_user.is_member_of(domain_obj, allow_mirroring=True):
if _is_missing_two_factor(view_func, req):
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403)
elif not _can_access_project_page(req):
return _redirect_to_project_access_upgrade(req)
elif (ENTERPRISE_SSO.enabled_for_request(
req) # safety check. next line was not formally QA'd yet
and is_request_blocked_from_viewing_domain_due_to_sso(
req, domain_obj)):
# Important! Make sure this is always the final check prior
# to returning call_view() below
return render_untrusted_identity_provider_for_domain_view(
req, domain_obj)
else:
return call_view()
elif user.is_superuser:
if domain_obj.restrict_superusers and not _page_is_whitelisted(
req.path, domain_obj.name):
from corehq.apps.hqwebapp.views import no_permissions
msg = "This project space restricts superuser access. You must request an invite to access it."
return no_permissions(req, message=msg)
if not _can_access_project_page(req):
return _redirect_to_project_access_upgrade(req)
if (ENTERPRISE_SSO.enabled_for_request(
req) # safety check. next line was not formally QA'd yet
and is_request_using_sso(req)):
# We will not support SSO for superusers at this time
return HttpResponseForbidden(
"SSO support is not currently available for superusers.")
return call_view()
elif couch_user.is_web_user() and domain_obj.allow_domain_requests:
from corehq.apps.users.views import DomainRequestView
return DomainRequestView.as_view()(req, *args, **kwargs)
else:
raise Http404