def wrapper(request, username, slug, *args, **kw): collection = get_collection(request, username, slug) if acl.check_collection_ownership(request, collection, require_owner=require_owner): return func(request, collection, username, slug, *args, **kw) else: raise PermissionDenied
def wrapper(request, username, slug, *args, **kw): collection = get_collection(request, username, slug) if acl.check_collection_ownership(request, collection, require_owner=require_owner): return func(request, collection, username, slug, *args, **kw) else: raise PermissionDenied
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership( request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat(request, 'bandwagon/collection_detail.html', {'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'tags': tags, 'user_perms': user_perms})
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated: return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership( request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat(request, 'bandwagon/collection_detail.html', {'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'tags': tags, 'user_perms': user_perms})
def get_object(self, request, username, slug): self.request = request c = views.get_collection(request, username, slug) if not (c.listed or acl.check_collection_ownership(request, c)): # 403 can't be raised as an exception. raise http.Http404() return c
def get_object(self, request, username, slug): self.request = request c = views.get_collection(request, username, slug) if not (c.listed or acl.check_collection_ownership(request, c)): # 403 can't be raised as an exception. raise http.Http404() return c
def check_ownership(self, request, require_owner, require_author, ignore_disabled, admin): """ Used by acl.check_ownership to see if request.user has permissions for the collection. """ from olympia.access import acl return acl.check_collection_ownership(request, self, require_owner)
def check_ownership(self, request, require_owner, require_author, ignore_disabled, admin): """ Used by acl.check_ownership to see if request.user has permissions for the collection. """ from olympia.access import acl return acl.check_collection_ownership(request, self, require_owner)
def collection_detail_json(request, username, slug): c = get_collection(request, username, slug) if not (c.listed or acl.check_collection_ownership(request, c)): raise PermissionDenied # We evaluate the QuerySet with `list` to work around bug 866454. addons_dict = [addon_to_dict(a) for a in list(c.addons.valid())] return { 'name': c.name, 'url': c.get_abs_url(), 'iconUrl': c.icon_url, 'addons': addons_dict }
def edit(request, collection, username, slug): is_admin = acl.action_allowed(request, amo.permissions.COLLECTIONS_EDIT) if not acl.check_collection_ownership( request, collection, require_owner=True): if request.method == 'POST': raise PermissionDenied form = None elif request.method == 'POST': initial = initial_data_from_request(request) if collection.author_id: # Don't try to change the author. initial['author'] = collection.author form = forms.CollectionForm(request.POST, request.FILES, initial=initial, instance=collection) if form.is_valid(): collection = form.save() collection_message(request, collection, 'update') log.info(u'%s edited collection %s' % (request.user, collection.id)) return http.HttpResponseRedirect(collection.edit_url()) else: form = forms.CollectionForm(instance=collection) qs = (CollectionAddon.objects.using('default').filter( collection=collection)) meta = {c.addon_id: c for c in qs} addons = collection.addons.all() comments = get_notes(collection, raw=True).next() if is_admin: initial = { 'type': collection.type, 'application': collection.application } admin_form = forms.AdminForm(initial=initial) else: admin_form = None data = { 'collection': collection, 'form': form, 'username': username, 'slug': slug, 'meta': meta, 'filter': get_filter(request), 'is_admin': is_admin, 'admin_form': admin_form, 'addons': addons, 'comments': comments } return render_cat(request, 'bandwagon/edit.html', data)
def collection_detail_json(request, username, slug): collection = get_collection(request, username, slug) if not (collection.listed or acl.check_collection_ownership(request, collection)): raise PermissionDenied # We evaluate the QuerySet with `list` to work around bug 866454. addons_dict = [addon_to_dict(a) for a in list(collection.addons.valid())] return { 'name': collection.name, 'url': collection.get_abs_url(), 'addons': addons_dict }
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied if request.GET.get('format') == 'rss': return http.HttpResponsePermanentRedirect(collection.feed_url()) base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter(Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({collection.flush_key(): keys}) if collection.author_id: qs = Collection.objects.listed().filter(author=collection.author) others = amo.utils.randslice(qs, limit=4, exclude=collection.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership(request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat( request, 'bandwagon/collection_detail.html', { 'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms })
def edit(request, collection, username, slug): is_admin = acl.action_allowed(request, amo.permissions.COLLECTIONS_EDIT) if not acl.check_collection_ownership( request, collection, require_owner=True): if request.method == 'POST': raise PermissionDenied form = None elif request.method == 'POST': initial = initial_data_from_request(request) if collection.author_id: # Don't try to change the author. initial['author'] = collection.author form = forms.CollectionForm(request.POST, request.FILES, initial=initial, instance=collection) if form.is_valid(): collection = form.save() collection_message(request, collection, 'update') log.info(u'%s edited collection %s' % (request.user, collection.id)) return http.HttpResponseRedirect(collection.edit_url()) else: form = forms.CollectionForm(instance=collection) qs = (CollectionAddon.objects.using('default') .filter(collection=collection)) meta = {c.addon_id: c for c in qs} addons = collection.addons.all() comments = get_notes(collection, raw=True).next() if is_admin: initial = { 'type': collection.type, 'application': collection.application } admin_form = forms.AdminForm(initial=initial) else: admin_form = None data = { 'collection': collection, 'form': form, 'username': username, 'slug': slug, 'meta': meta, 'filter': get_filter(request), 'is_admin': is_admin, 'admin_form': admin_form, 'addons': addons, 'comments': comments } return render_cat(request, 'bandwagon/edit.html', data)
def edit(request, collection, username, slug): is_admin = acl.action_allowed(request, 'Collections', 'Edit') if not acl.check_collection_ownership( request, collection, require_owner=True): if request.method == 'POST': raise PermissionDenied form = None elif request.method == 'POST': initial = initial_data_from_request(request) if collection.author_id: # Don't try to change the author. initial['author'] = collection.author form = forms.CollectionForm(request.POST, request.FILES, initial=initial, instance=collection) if form.is_valid(): collection = form.save() collection_message(request, collection, 'update') log.info(u'%s edited collection %s' % (request.user, collection.id)) return http.HttpResponseRedirect(collection.edit_url()) else: form = forms.CollectionForm(instance=collection) qs = (CollectionAddon.objects.no_cache().using('default').filter( collection=collection)) meta = dict((c.addon_id, c) for c in qs) addons = collection.addons.no_cache().all() comments = get_notes(collection, raw=True).next() if is_admin: initial = dict(type=collection.type, application=collection.application) admin_form = forms.AdminForm(initial=initial) else: admin_form = None data = dict(collection=collection, form=form, username=username, slug=slug, meta=meta, filter=get_filter(request), is_admin=is_admin, admin_form=admin_form, addons=addons, comments=comments) return render_cat(request, 'bandwagon/edit.html', data)
def edit(request, collection, username, slug): is_admin = acl.action_allowed(request, 'Collections', 'Edit') if not acl.check_collection_ownership( request, collection, require_owner=True): if request.method == 'POST': raise PermissionDenied form = None elif request.method == 'POST': initial = initial_data_from_request(request) if collection.author_id: # Don't try to change the author. initial['author'] = collection.author form = forms.CollectionForm(request.POST, request.FILES, initial=initial, instance=collection) if form.is_valid(): collection = form.save() collection_message(request, collection, 'update') log.info(u'%s edited collection %s' % (request.user, collection.id)) return http.HttpResponseRedirect(collection.edit_url()) else: form = forms.CollectionForm(instance=collection) qs = (CollectionAddon.objects.no_cache().using('default') .filter(collection=collection)) meta = dict((c.addon_id, c) for c in qs) addons = collection.addons.no_cache().all() comments = get_notes(collection, raw=True).next() if is_admin: initial = dict(type=collection.type, application=collection.application) admin_form = forms.AdminForm(initial=initial) else: admin_form = None data = dict(collection=collection, form=form, username=username, slug=slug, meta=meta, filter=get_filter(request), is_admin=is_admin, admin_form=admin_form, addons=addons, comments=comments) return render_cat(request, 'bandwagon/edit.html', data)
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied if request.GET.get('format') == 'rss': return http.HttpResponsePermanentRedirect(collection.feed_url()) base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({collection.flush_key(): keys}) if collection.author_id: qs = Collection.objects.listed().filter(author=collection.author) others = amo.utils.randslice(qs, limit=4, exclude=collection.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership( request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat(request, 'bandwagon/collection_detail.html', {'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms})
def change_addon(request, collection, action): if not acl.check_collection_ownership(request, collection): raise PermissionDenied try: addon = get_object_or_404(Addon.objects, pk=request.POST['addon_id']) except (ValueError, KeyError): return http.HttpResponseBadRequest() getattr(collection, action + '_addon')(addon) log.info(u'%s: %s %s to collection %s' % (request.user, action, addon.id, collection.id)) if request.is_ajax(): url = '%s?addon_id=%s' % (reverse('collections.ajax_list'), addon.id) else: url = collection.get_url_path() return http.HttpResponseRedirect(url)
def change_addon(request, collection, action): if not acl.check_collection_ownership(request, collection): raise PermissionDenied try: addon = get_object_or_404(Addon.objects, pk=request.POST['addon_id']) except (ValueError, KeyError): return http.HttpResponseBadRequest() getattr(collection, action + '_addon')(addon) log.info(u'%s: %s %s to collection %s' % (request.user, action, addon.id, collection.id)) if request.is_ajax(): url = '%s?addon_id=%s' % (reverse('collections.ajax_list'), addon.id) else: url = collection.get_url_path() return http.HttpResponseRedirect(url)
def delete(request, user_id, slug): collection = get_object_or_404(Collection, author_id=user_id, slug=slug) if not acl.check_collection_ownership(request, collection, True): log.info(u'%s is trying to delete collection %s' % (request.user, collection.id)) raise PermissionDenied data = dict(collection=collection, user_id=user_id, slug=slug) if request.method == 'POST': if request.POST['sure'] == '1': collection.delete() log.info(u'%s deleted collection %s' % (request.user, collection.id)) url = reverse('collections.user', args=[user_id]) return http.HttpResponseRedirect(url) else: return http.HttpResponseRedirect(collection.get_url_path()) return render_cat(request, 'bandwagon/delete.html', data)
def delete(request, username, slug): collection = get_object_or_404(Collection, author__username=username, slug=slug) if not acl.check_collection_ownership(request, collection, True): log.info(u'%s is trying to delete collection %s' % (request.user, collection.id)) raise PermissionDenied data = dict(collection=collection, username=username, slug=slug) if request.method == 'POST': if request.POST['sure'] == '1': collection.delete() log.info(u'%s deleted collection %s' % (request.user, collection.id)) url = reverse('collections.user', args=[username]) return http.HttpResponseRedirect(url) else: return http.HttpResponseRedirect(collection.get_url_path()) return render_cat(request, 'bandwagon/delete.html', data)