def _inner(req, domain, *args, **kwargs): user = req.user domain_name, domain = load_domain(req, domain) if not domain: msg = _('The domain "{domain}" was not found.').format(domain=domain_name) raise Http404(msg) if user.is_authenticated and user.is_active: if not domain.is_active: msg = _( 'The project space "{domain}" has not yet been activated. ' 'Please report an issue if you think this is a mistake.' ).format(domain=domain_name) messages.info(req, msg) return HttpResponseRedirect(reverse("domain_select")) couch_user = _ensure_request_couch_user(req) if couch_user.is_member_of(domain): # If the two factor toggle is on, require it for all users. if ( _two_factor_required(view_func, domain, couch_user) and not getattr(req, 'bypass_two_factor', False) and not user.is_verified() ): return TemplateResponse( request=req, template='two_factor/core/otp_required.html', status=403, ) else: return view_func(req, domain_name, *args, **kwargs) elif ( _page_is_whitelist(req.path, domain_name) or not domain.restrict_superusers ) and user.is_superuser: # superusers can circumvent domain permissions. return view_func(req, domain_name, *args, **kwargs) elif domain.is_snapshot: # snapshots are publicly viewable return require_previewer(view_func)(req, domain_name, *args, **kwargs) elif couch_user.is_web_user() and domain.allow_domain_requests: from corehq.apps.users.views import DomainRequestView return DomainRequestView.as_view()(req, *args, **kwargs) else: raise Http404 elif ( req.path.startswith('/a/{}/reports/custom'.format(domain_name)) and PUBLISH_CUSTOM_REPORTS.enabled(domain_name) ): return view_func(req, domain_name, *args, **kwargs) else: login_url = reverse('domain_login', kwargs={'domain': domain_name}) return redirect_for_login_or_domain(req, login_url=login_url)
def apply_location_access(cls, request): user = getattr(request, 'couch_user', None) domain = getattr(request, 'domain', None) if not domain or not user or not user.is_member_of(domain): # This is probably some non-domain page or a test, let normal auth handle it request.can_access_all_locations = True elif ( user.has_permission(domain, 'access_all_locations') or ( isinstance(user, AnonymousCouchUser) and PUBLISH_CUSTOM_REPORTS.enabled(domain) ) ): request.can_access_all_locations = True else: request.can_access_all_locations = False
def _is_public_custom_report(request_path, domain_name): return (request_path.startswith('/a/{}/reports/custom'.format(domain_name)) and PUBLISH_CUSTOM_REPORTS.enabled(domain_name))
def is_public_reports(view_kwargs, request): return (request.user.is_anonymous and 'domain' in view_kwargs and request.path.startswith(u'/a/{}/reports/custom'.format( view_kwargs['domain'])) and PUBLISH_CUSTOM_REPORTS.enabled(view_kwargs['domain']))