def cosinnus_user_token(context, token_name, request=None): """ Returns URL params (`user=999&token=1234567`) for the current user and a permanent token specific to the token_name. If the user does not have a token for that token_name yet, one will be generated. """ if not request and 'request' in context: request = context['request'] if not request or not request.user.is_authenticated: return '' token = get_user_token(request.user, token_name) return 'user=%s&token=%s' % (request.user.id, token)
def wrapper(self, request, *args, **kwargs): # assume no user is logged in, and check the user id and token from the args user_id = request.GET.get('user', None) token = request.GET.get('token', None) if not user_id or not token: return HttpResponseForbidden('No authentication supplied!') user = None user_token = None try: user = User.objects.get(id=user_id) user_token = get_user_token(user, token_name) except User.DoesNotExist: pass if not user or not user_token or not user_token == token: return HttpResponseForbidden('Authentication invalid!') self.user = user group_name = kwargs.get(group_url_kwarg, None) if not group_name: return HttpResponseNotFound(_("No team provided")) group = get_group_for_request(group_name, request) # set the group attribute setattr(self, group_attr, group) deactivated_app_error = _check_deactivated_app_access( self, group, request) if deactivated_app_error: return deactivated_app_error requested_object = None try: requested_object = self.get_object() except (AttributeError, TypeError): pass if requested_object: if check_object_read_access(requested_object, user): return function(self, request, *args, **kwargs) else: if check_object_read_access(group, user): return function(self, request, *args, **kwargs) # Access denied, redirect to 403 page and and display an error message return redirect_to_403(request, self, group=group)