def cosinnus_user_token(context, token_name, request=None):
"""
Returns URL params (`user=999&token=1234567`) for the current user and a
permanent token specific to the token_name. If the user does not have a token
for that token_name yet, one will be generated.
"""
if not request and 'request' in context:
request = context['request']
if not request or not request.user.is_authenticated:
return ''
token = get_user_token(request.user, token_name)
return 'user=%s&token=%s' % (request.user.id, token)
def wrapper(self, request, *args, **kwargs):
# assume no user is logged in, and check the user id and token from the args
user_id = request.GET.get('user', None)
token = request.GET.get('token', None)
if not user_id or not token:
return HttpResponseForbidden('No authentication supplied!')
user = None
user_token = None
try:
user = User.objects.get(id=user_id)
user_token = get_user_token(user, token_name)
except User.DoesNotExist:
pass
if not user or not user_token or not user_token == token:
return HttpResponseForbidden('Authentication invalid!')
self.user = user
group_name = kwargs.get(group_url_kwarg, None)
if not group_name:
return HttpResponseNotFound(_("No team provided"))
group = get_group_for_request(group_name, request)
# set the group attribute
setattr(self, group_attr, group)
deactivated_app_error = _check_deactivated_app_access(
self, group, request)
if deactivated_app_error:
return deactivated_app_error
requested_object = None
try:
requested_object = self.get_object()
except (AttributeError, TypeError):
pass
if requested_object:
if check_object_read_access(requested_object, user):
return function(self, request, *args, **kwargs)
else:
if check_object_read_access(group, user):
return function(self, request, *args, **kwargs)
# Access denied, redirect to 403 page and and display an error message
return redirect_to_403(request, self, group=group)