def wrap_object(obj, decorator): """ Decorates the given object with the decorator function. If obj is a method, the method is decorated with the decorator function and returned. If obj is a class (i.e., a class based view), the methods in the class corresponding to HTTP methods will be decorated and the resultant class object will be returned. """ actual_decorator = method_decorator(decorator) if inspect.isfunction(obj): wrapped_obj = actual_decorator(obj) update_wrapper(wrapped_obj, obj, assigned=available_attrs(obj)) elif inspect.isclass(obj): for method_name in obj.http_method_names: if hasattr(obj, method_name): method = getattr(obj, method_name) wrapped_method = actual_decorator(method) update_wrapper(wrapped_method, method, assigned=available_attrs(method)) setattr(obj, method_name, method) wrapped_obj = obj else: raise TypeError("received an object of type '{0}' expected 'function' or 'classobj'.".format(type(obj))) return wrapped_obj
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if duo_authenticated(request): return view_func(request, *args, **kwargs) path = urlquote(request.get_full_path()) return HttpResponseRedirect( '%s?%s=%s' % ( settings.DUO_LOGIN_URL, redirect_field_name, path)) return wraps( view_func, assigned=available_attrs(view_func))(_wrapped_view)
def decorator(view_func): def _wrapped_view(request, *args, **kwargs): if request.META.get('REMOTE_ADDR') in settings.ALLOWED_SERVER_IPS: return view_func(request, *args, **kwargs) logger.debug('access denied for %s' % request.META.get('REMOTE_ADDR')) return HttpResponseNotFound() return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner(signal, key, transition, sender, model, state, **kwargs): if key == on_key and model.__class__ == on_model and on_transition in (transition, ALL) and on_state in (state, ALL): return func(signal, key, transition, sender, model, state) post_transition_signal.connect(inner) return inner
def wrapper(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def inner(request, *args, **kwargs): _kwargs = copy.copy(kwargs) # overwrite queryset if specified if queryset: _kwargs["queryset"] = queryset # get object from view if "date_field" in _kwargs: fn = get_object_from_date_based_view else: fn = get_object_from_list_detail_view if fn.validate(request, *args, **_kwargs): obj = fn(request, *args, **_kwargs) else: # required arguments is not passed obj = None if not request.user.has_perm(perm, obj=obj): if raise_exception: raise PermissionDenied else: return redirect_to_login(request, login_url) return view_func(request, *args, **_kwargs) return inner
def _cache_controller(viewfunc): @wraps(viewfunc, assigned=available_attrs(viewfunc)) def _cache_controlled(request, *args, **kw): response = viewfunc(request, *args, **kw) patch_cache_control(response, **kwargs) return response return _cache_controlled
def wrapper(view_method): @wraps(view_method, assigned=available_attrs(view_method)) def inner(self, request=None, *args, **kwargs): if isinstance(self, HttpRequest): from permission.decorators.functionbase import \ permission_required as decorator # this is a functional view not classbased view. decorator = decorator(perm, queryset, login_url, raise_exception) decorator = decorator(view_method) if not request: args = list(args) args.insert(0, request) request = self return decorator(request, *args, **kwargs) else: from permission.decorators.classbase import \ get_object_from_classbased_instance # get object obj = get_object_from_classbased_instance( self, queryset, request, *args, **kwargs ) if not request.user.has_perm(perm, obj=obj): if raise_exception: raise PermissionDenied else: return redirect_to_login(request, login_url) return view_method(self, request, *args, **kwargs) return inner
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if test_func(request): return view_func(request, *args, **kwargs) if request.is_ajax(): return JsonResponse({ 'status': 'no_auth', 'msg': '请先登录', }) path = request.build_absolute_uri() # urlparse chokes on lazy objects in Python 3, force to str resolved_login_url = force_str( resolve_url(login_url or settings.LOGIN_URL)) # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urlparse(resolved_login_url)[:2] current_scheme, current_netloc = urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() from django.contrib.auth.views import redirect_to_login return redirect_to_login( path, resolved_login_url, redirect_field_name) return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): return cache_page(timeout, key_prefix="_auth_{key}_".format( key=request.user.pk) )(view_func)(request, *args, **kwargs) return _wrapped_view
def decorator(view_func): @functools.wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if data_loc == 'POST': value = request.POST.get(req_data_key) elif data_loc == 'GET': value = request.GET.get(req_data_key) else: value = kwargs.get(req_data_key) if not value: # Couldn't find requested req_data_key in POST/GET return view_func(request, *args, **kwargs) obj_kwargs = {field_data_key: value} obj = model.objects.get(**obj_kwargs) response = view_func(request, *args, **kwargs) audit.send( sender=model, instance=obj, relations=relations, user=request.user, force=force ) return response return _wrapped_view
def decorator(func): def inner(request, *args, **kwargs): if request.method not in methods: logger.warning( 'Method Not Allowed (%s): %s' % ( request.method, request.path), extra={ 'status_code': 405, 'request': request } ) return HttpResponseNotAllowed(methods) coerce_put_post(request) language = requested_language(request) if language is not None and language != request.LANGUAGE_CODE: activate_language(language) authorized = check_api_key_authentication(request) if not authorized: authorized = request.user.is_authenticated() if login_required and not authorized: return HttpResponse(status=401) return func(request, *args, **kwargs) return wraps(func, assigned=available_attrs(func))(inner)
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner(request, *args, **kwargs): humanargs = ', '.join(list(args) + ['%s=%s' % (k, v) for k, v in kwargs.items()]) address = str(request.META.get('REMOTE_ADDR', 'UNKNOWN_IP')) if request.user.is_anonymous(): message = (u'Anonymous user on %s %s %s' % (address, description, humanargs)) else: username = request.user.username.replace(' ', '_') message = (u'User %s on %s %s %s' % (username, address, description, humanargs)) if mutates: # Use 'warning' as there is no 'notice' level. And encode # as UTF-8 because the automatic encoding would add a BOM # before the message. See: # http://serverfault.com/questions/407643/ # rsyslog-update-on-amazon-linux-suddenly-treats- # info-level-messages-as-emerg logger.warning(message.encode('utf-8')) else: logger.info(message.encode('utf-8')) return func(request, *args, **kwargs) return inner
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner_func(*args, **kwargs): response = func(*args, **kwargs) patch_vary_headers(response, headers) return response return inner_func
def decorator(func): def inner(request, *args, **kwargs): if request.method not in request_method_list: return HttpResponseNotAllowed(request_method_list) return func(request, *args, **kwargs) return wraps(func, assigned=available_attrs(func))(inner)
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner(request, *args, **kwargs): if not request.user.is_authenticated(): return redirect_to_login(request.get_full_path()) return func(request, *args, **kwargs) return inner
def decorator(view_func): def _wrapped_view(request, node, *args, **kwargs): if request.method == "POST": # In POST request we require node to be the primary key node_obj = shortcuts.get_object_or_404(models.Node, pk=node) else: # In GET request we redirect if node is the primary key try: node_obj = models.Node.objects.get(name=node) except models.Node.DoesNotExist: # We try the primary key try: node_obj = models.Node.objects.get(pk=node) if not node_obj.is_invalid(): # We redirect if node is not invalid/unknown and was accessed by the primary key # This means permalink was probably used so we do not redirect permanently return redirect_helper(view_func, node_obj, False, *args, **kwargs) except models.Node.DoesNotExist: if not be_robust: raise http.Http404 try: # Try IP and redirect if found, permanently as we do not use IPs in links anymore node_obj = models.Node.objects.get(ip=node) return redirect_helper(view_func, node_obj, True, *args, **kwargs) except models.Node.DoesNotExist: # We try saved names, this is our last resort node_obj = shortcuts.get_object_or_404(models.NodeNames, name=node).node assert node_obj is not None # As we came here we have some old name otherwise we would already found the node before # So we redirect (permanently) to the current name return redirect_helper(view_func, node_obj, True, *args, **kwargs) return view_func(request, node_obj, *args, **kwargs) wrapped_view_func = wraps(view_func, assigned=decorators.available_attrs(view_func))(_wrapped_view) return wrapped_view_func
def require_perms(view_func, required): """ Enforces permission-based access controls. :param list required: A tuple of permission names, all of which the request user must possess in order access the decorated view. Example usage:: from horizon.decorators import require_perms @require_perms(['foo.admin', 'foo.member']) def my_view(request): ... Raises a :exc:`~horizon.exceptions.NotAuthorized` exception if the requirements are not met. """ # We only need to check each permission once for a view, so we'll use a set current_perms = getattr(view_func, '_required_perms', set([])) view_func._required_perms = current_perms | set(required) @functools.wraps(view_func, assigned=available_attrs(view_func)) def dec(request, *args, **kwargs): if request.user.is_authenticated(): if request.user.has_perms(view_func._required_perms): return view_func(request, *args, **kwargs) raise NotAuthorized(_("You are not authorized to access %s") % request.path) # If we don't have any permissions, just return the original view. if required: return dec else: return view_func
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner(request, *args, **kwargs): if not request.user.is_superuser: raise Http404("User isn't superuser.") return func(request, *args, **kwargs) return inner
def decorator(view_func): def _wrapped_view(request, *args, **kwargs): if test_func(request.user): return view_func(request, *args, **kwargs) path = urlquote(request.get_full_path()) return HttpResponseRedirect('%s' % membershp_url) return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
def flood(view_func, seconds=30, template='flood.html'): """Flood protection mechanism """ if not seconds: seconds = settings.FLOOD_TIMEOUT if not template: template = settings.FLOOD_TEMPLATE def _wrapped_view(request, *args, **kwargs): var = "flood-%s.%s" % (view_func.__module__,view_func.__name__) last_access = request.session.get(var, None) timeout = seconds if last_access: if request.user.is_authenticated(): if request.user.is_superuser: return view_func(request, *args, **kwargs) if request.user.groups.all(): flood_time = None for g in request.user.groups.all(): if g.floodsettings.all(): if flood_time is None or g.floodsettings.get().timeout < flood_time: flood_time = g.floodsettings.get().timeout if flood_time: timeout = flood_time if (last_access + timeout)>int(time.time()): path = request.path if request.GET: path += "?%s" % urllib.urlencode(request.GET) return render_to_response(template, {'path': path}, context_instance=RequestContext(request)) request.session[var] = int(time.time()) return view_func(request, *args, **kwargs) return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if not test_func(request, *args, **kwargs): return view_func(request, *args, **kwargs) return HttpResponseRedirect(url if not callable(url) else url()) return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): try: passes = test_func(request.user) except TypeError: # allow test functions access to view arguments, # but only pass if the function fails without them passes = test_func(request.user, *args, **kwargs) if passes: # if the test passes, return the view function normally return view_func(request, *args, **kwargs) elif not request.user.is_authenticated(): # if the test fails and user is not authenticated code = 401 text = 'Not Authorized' else: # test fails and user is already authenticated code = 403 text = 'Permission Denied' # send a plain-text response to ajax requests if request.is_ajax(): return HttpResponse(text, content_type='text/plain', status=code) tpl = get_template('%s.html' % code) return HttpResponse(tpl.render(RequestContext(request)), status=code) return _wrapped_view
def checkable(view_func): def _wrapped_view(request, *args, **kwargs): # allows checks for the existence of this view to work if request.POST.get('check', False): return HttpResponse() return view_func(request, *args, **kwargs) return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
def decorator(view_func): def _wrapped_view(request, *args, **kwargs): if test_func(request.user): return view_func(request, *args, **kwargs) return response return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
def actual_decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): oauth_url, current_uri, redirect_uri = get_oauth_url( request, scope_list, extra_params=extra_params) try: # call get persistent graph and convert the # token with correct redirect uri get_persistent_graph(request, redirect_uri=current_uri) #Note we're not requiring a persistent graph here #You should require a persistent graph in the view when you start using this return view_func(request, *args, **kwargs) except open_facebook_exceptions.OpenFacebookException, e: permission_granted = test_permissions( request, scope_list, current_uri) if permission_granted: # an error if we already have permissions # shouldn't have been caught # raise to prevent bugs with error mapping to cause issues raise else: logger.info( u'requesting access with redirect uri: %s, error was %s', redirect_uri, e) response = response_redirect(oauth_url, canvas=canvas) return response
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if request.is_ajax(): return view_func(request, *args, **kwargs) return HttpResponseRedirect(redirect_url) return _wrapped_view
def search_index(func): """Update active Elasticsearch index setting; alert if no active index. """ @wraps(func, assigned=available_attrs(func)) def inner(request, *args, **kwargs): s = " " d = " " try: storage_label, docstore_index_exists = set_docstore_index(request) except TransportError: storage_label = "e" docstore_index_exists = "e" if storage_label and (storage_label == "e"): s = "e" elif storage_label: s = "s" if docstore_index_exists and (docstore_index_exists == "e"): d = "e" elif docstore_index_exists: d = "d" key = "".join([s, d]) error_messages = { "sd": (None), # nothing to see here, move along "s ": ("No search index for %s. Search is disabled. Please reindex." % (storage_label)), " d": ("No storage devices mounted. Search is disabled."), " ": ("No storage devices mounted and no search index. Search is disabled."), "ee": ("Cannot connect to Elasticsearch. Search is disabled."), } msg = error_messages[key] if msg: messages.warning(request, msg, extra_tags="bottom") return func(request, *args, **kwargs) return inner
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if not id_parameter: id_parameter_name = _auto_resolve_parameter_name(kwargs) else: id_parameter_name = id_parameter if not id_parameter_name in kwargs or _has_permissions(request.user, model, kwargs[id_parameter_name]): return view_func(request, *args, **kwargs) path = request.build_absolute_uri() # urlparse chokes on lazy objects in Python 3, force to str resolved_login_url = force_str( resolve_url(settings.LOGIN_URL)) # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urlparse(resolved_login_url)[:2] current_scheme, current_netloc = urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() messages.error(request, 'Access forbidden') from django.contrib.auth.views import redirect_to_login return redirect_to_login( path, resolved_login_url, REDIRECT_FIELD_NAME) return _wrapped_view
def render_DoOutputException(function): """ View decorator that renders DoOutputException's message in django. If you want to catch and respond specific Exception types, see `render_specific_exception` decorator. If you want to catch and display all Exception types, see `render_all_exceptions` decorator >>> @render_DoOutputException ... def foobar() ... raise ValueError("lol.") """ @wraps(function, assigned=available_attrs(function)) def function_callable(request, *args, **kwargs): try: response = function(request, *args, **kwargs) except DoOutputException as e: logger.debug( "Exception response, because expected DoOutputException occurred. {err_str}".format(err_str=str(e)) ) return HttpResponse(str(e), status=500) # end try return response return function_callable
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner(request, *args, **kwargs): # Compute values (if any) for the requested resource. def get_last_modified(): if last_modified_func: dt = last_modified_func(request, *args, **kwargs) if dt: return timegm(dt.utctimetuple()) res_etag = etag_func(request, *args, **kwargs) if etag_func else None res_last_modified = get_last_modified() response = get_conditional_response( request, etag=res_etag, last_modified=res_last_modified, ) if response is None: response = func(request, *args, **kwargs) # Set relevant headers on the response if they don't already exist. if res_last_modified and not response.has_header('Last-Modified'): response['Last-Modified'] = http_date(res_last_modified) if res_etag and not response.has_header('ETag'): response['ETag'] = quote_etag(res_etag) return response return inner
def gzip_page_ajax(func): """ Smarter version of django's gzip_page: - If settings.DEBUG not set, will always gzip - If settings.DEBUG set, will gzip only if request is an ajax request This allows you to use django-debug-toolbar in DEBUG mode (if you gzip a response then the debug toolbar middleware won't run) """ gzipped_func = gzip_page(func) if not settings.DEBUG: return gzipped_func @wraps(func, assigned=available_attrs(func)) def conditional_gzip_func(request, *args, **kwargs): if request.is_ajax(): return gzipped_func(request, *args, **kwargs) return func(request, *args, **kwargs) return conditional_gzip_func
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): # if we're coming back from SSO for a new token, return it token = _check_callback(request) if token: logger.debug( "Got new token from session %s. Returning to view.", request.session.session_key[:5]) return view_func(request, token, *args, **kwargs) # prompt the user to login for a new token logger.debug("Redirecting session %s to SSO.", request.session.session_key[:5]) from esi.views import sso_redirect return sso_redirect(request, scopes=scopes) return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): charge = kwargs.get('charge', None) if charge is not None: obj = get_object_or_404(Charge, processor_key=charge) else: obj = kwargs.get('organization', None) redirect_url = fail_provider_weak(request, organization=obj, roledescription=roledescription) if redirect_url: return redirect_or_denied(request, redirect_url, redirect_field_name=redirect_field_name, descr=_("%(auth)s is neither a manager of"\ " %(organization)s nor a manager of one of %(organization)s providers.") % { 'auth': request.user, 'organization': kwargs.get('charge', kwargs.get('organization', None))}) return view_func(request, *args, **kwargs) return _wrapped_view
def with_deposit(func): @wraps(func, assigned=available_attrs(func)) def wrapper(request, deposit_id, *args, **kwargs): deposits = frontdesk.models.Deposit.objects.order_by('-created')[:999] if deposit_id: detailed_deposit = get_object_or_404( frontdesk.models.Deposit, pk=deposit_id) else: detailed_deposit = frontdesk.models.Deposit.objects.order_by( '-created').first() context = {'deposits': deposits, 'detailed_deposit': detailed_deposit} kwargs['context'] = context return func(request, deposit_id, *args, **kwargs) return wrapper
def decorator(view_func): # type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse] @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): # type: (HttpRequest, *Any, **Any) -> HttpResponse if test_func(request): return view_func(request, *args, **kwargs) path = request.build_absolute_uri() resolved_login_url = resolve_url(login_url or settings.LOGIN_URL) # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urllib.parse.urlparse(resolved_login_url)[:2] current_scheme, current_netloc = urllib.parse.urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() return redirect_to_login( path, resolved_login_url, redirect_field_name) return _wrapped_view
def xframe_options_deny(view_func): """ Modifies a view function so its response has the X-Frame-Options HTTP header set to 'DENY' as long as the response doesn't already have that header set. e.g. @xframe_options_deny def some_view(request): ... """ def wrapped_view(*args, **kwargs): resp = view_func(*args, **kwargs) if resp.get('X-Frame-Options') is None: resp['X-Frame-Options'] = 'DENY' return resp return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
def decorator(func): @wraps(func, assigned=available_attrs(func)) def wrapper(user, *args, **kwargs): if not user.is_authenticated: return False permissions = _django_permissions_by_action[action] if not user.has_perms(permissions): # Fail fast if the user does not have permissions # in Django to perform the action. return False permissions_enabled = get_cms_setting('PERMISSION') if not user.is_superuser and permissions_enabled: return func(user, *args, **kwargs) return True return wrapper
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if test_func(request.user): return view_func(request, *args, **kwargs) # authenticated path = request.build_absolute_uri() resolved_login_url = resolve_url(login_url or settings.LOGIN_URL) # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urlparse(resolved_login_url)[:2] current_scheme, current_netloc = urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() from django.contrib.auth.views import redirect_to_login return redirect_to_login(path, resolved_login_url, redirect_field_name) return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): if test_func(request): if SESSION.get_store(request.session) and\ SESSION.get_store(request.session).active: # may not want to import parse.session here due # to cyclic imports timezone.activate(SESSION.get_store_timezone(\ request.session)) try: return view_func(request, *args, **kwargs) except KeyError: return logout(request, "manage_login") else: return logout(request, "manage_login") # if http_response is provided and content_type is json # and request.is_ajax then this request if from comet.js if request.is_ajax() and http_response and\ content_type == "application/json": # no need to update session- if it got here then the session is empty #request.session.clear() #request.session.update(SessionStore(request.session.session_key)) return HttpResponse(json.dumps(http_response), content_type=content_type) path = request.build_absolute_uri() # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urlparse.urlparse( login_url or settings.LOGIN_URL)[:2] current_scheme, current_netloc = urlparse.urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() from django.contrib.auth.views import redirect_to_login # no need to update session- if it got here then the session is empty #request.session.clear() #request.session.update(SessionStore(request.session.session_key)) return redirect_to_login(path, login_url, redirect_field_name) return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): activity_id = kwargs['activity_id'] user = request.user activity = get_object_or_404(Activity, pk=activity_id) event_slug = kwargs['event_slug'] if any([ activity.status == "2", # Accepted not settings.PRIVATE_ACTIVITIES, activity.owner.user == user, user.is_authenticated() and is_reviewer(user, event_slug=event_slug) ]): return view_func(request, *args, **kwargs) else: raise PermissionDenied("Only organizers and collaborators are authorized " "to access the activities list.") return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): ''' Wrapped function for decorator ''' if request.user is None: url = request.build_absolute_uri(GlobalConfig.LOGIN_URL.get()) if GlobalConfig.REDIRECT_TO_HTTPS.getBool() is True: url = url.replace('http://', 'https://') logger.debug('No user found, redirecting to {0}'.format(url)) return HttpResponseRedirect(url) if admin is True or admin == 'admin': if request.user.isStaff() is False or (admin == 'admin' and request.user.is_admin is False): return HttpResponseForbidden(_('Forbidden')) return view_func(request, *args, **kwargs) return _wrapped_view
def require_trade_pwd(view_func): ''' 装饰器, 进行交易密码校验 ''' @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(self, request, *args, **kwargs): try: # logging.getLogger('django').error('trade request POST %s header %s'%(request.POST, request.META)) no_need_trade_pwd = False #为了获取验证码 if request.path == reverse('deposit-new') and \ (len(request.POST.get('card_no', '')) != 10 or request.POST.get('mode') == 'vcode_for_qpay'): no_need_trade_pwd = True #为了绑卡进行的绑卡充值 if _is_just_bind_card(request): no_need_trade_pwd = True if not _is_version_satisfied(request): no_need_trade_pwd = True # logging.getLogger('django').error('trade request no_need_trade_pwd %s'%no_need_trade_pwd) if no_need_trade_pwd: return view_func(self, request, *args, **kwargs) # logging.getLogger('django').error('trade request user %s pwd %s %s'%(request.user.id, request.POST.get('trade_pwd'), len(request.POST.get('trade_pwd')))) # check_result = trade_pwd_check(request.user.id, request.POST.get('trade_pwd', '')) check_result = trade_pwd_check(request.user.id, self.params.get('trade_pwd', '')) if check_result.get('ret_code') == 0: return view_func(self, request, *args, **kwargs) else: return HttpResponse(json.dumps(check_result), content_type="application/json") except ValueError: logger.exception('trade request POST %s header %s' % (request.POST, request.META)) return HttpResponse(json.dumps({ 'ret_code': 40002, 'message': '交易密码错误' }), content_type="application/json") return _wrapped_view
def __call__(self, function, *args, **kwargs): """ Decorator used to test if a user has rights to access an instance """ # Pass function attributes to the wrapper @wraps(function, assigned=available_attrs(function)) def _wrapped_view(request, *args, **kwargs): # Each wrapped view must take an alphanumeric uid as parameter. uid = kwargs.get('uid') # The user is set in the request. user = request.user # Fetches the object that will be checked for permissions. instance = self.type.objects.get_all(uid=uid).first() #instance = instance or self.type.objects.show_deleted(uid=uid).first() # Check for access to the object. allow_access = auth.check_obj_access( user=user, instance=instance, request=request, access=self.access, login_required=self.login_required, role=self.role) # Access check did not pass, redirect. if not allow_access: # If there is a redirect url build with the uid. if self.url and uid: target = reverse(self.url, kwargs=dict(uid=uid)) else: target = reverse('project_list') return redirect(target) # Return the wrapped function. return function(request, *args, **kwargs) return _wrapped_view
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): # ensure session installed in database if not request.session.exists(request.session.session_key): request.session.create() # clean up callback redirect, pass token if new requested try: model = CallbackRedirect.objects.get( session_key=request.session.session_key) tokens = AccessToken.objects.filter(pk=model.token.pk) model.delete() if new: return view_func(request, tokens, *args, **kwargs) except (CallbackRedirect.DoesNotExist, AttributeError): pass if not new: # ensure user logged in to check existing tokens if not request.user.is_authenticated: from django.contrib.auth.views import redirect_to_login return redirect_to_login(request.get_full_path()) # collect tokens in db, check if still valid, return if any for t in AccessToken.objects.filter( user__pk=request.user.pk).filter( scopes__name__in=scopes): try: t.token except TokenError: t.delete() tokens = AccessToken.objects.filter( user__pk=request.user.pk).filter(scopes__name__in=scopes) if tokens.exists(): return view_func(request, tokens, *args, **kwargs) # trigger creation of new token via sso from eve_sso.views import sso_redirect return sso_redirect(request, scopes=scopes) return _wrapped_view
def has_change_permissions(func): """ Check if the user has the required permission to execute an action Inspired in user_passes_test from django.contrib.auth.decorators """ @wraps(func, assigned=available_attrs(func)) def decorator(modeladmin, request, queryset): can_change = True for obj in queryset: if not obj.has_permission(request.user, 'change'): can_change = False break if request.user.is_superuser or can_change: return func(modeladmin, request, queryset) else: msg = "You don't have enought rights to perform this action!" modeladmin.message_user(request, msg, messages.ERROR) return None #raise PermissionDenied() return decorator
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *view_args, **view_kwargs): cache_enabled = request.GET.get('cache_enabled', True) if cache_enabled and hasattr( settings, 'QR_CODE_CACHE_ALIAS') and settings.QR_CODE_CACHE_ALIAS: # We found a cache alias for storing the generate qr code and cache is enabled, use it to cache the # page. timeout = settings.CACHES[ settings.QR_CODE_CACHE_ALIAS]['TIMEOUT'] response = cache_page( timeout, cache=settings.QR_CODE_CACHE_ALIAS)(view_func)( request, *view_args, **view_kwargs) else: # No cache alias for storing the generated qr code, call the view as is. response = (view_func)(request, *view_args, **view_kwargs) return response return _wrapped_view
def handle_exception(view_func): """Performs handling and serializing exception. """ @functools.wraps(view_func, assigned=available_attrs(view_func)) def dec(request, *args, **kwargs): try: response = view_func(request, *args, **kwargs) except Exception as e: if settings.DEBUG: raise e response = JSONResponse({'error': 'Unexpected Error. ' 'Please contact Administrator.'}) response.status_code = 500 return response return dec
def catch_glance_exception(func): """ The glance client sometimes throws ``Exception`` classed exceptions for HTTP communication issues. Catch those, and rethrow them as ``glance_client.ClientConnectionErrors`` so that we can do something useful with them. """ # TODO(johnp): Remove this once Bug 952618 is fixed in the glance client. @functools.wraps(func, assigned=available_attrs(func)) def inner_func(*args, **kwargs): try: return func(*args, **kwargs) except Exception as exc: exc_message = str(exc) if ('Unknown error occurred' in exc_message or 'Internal Server error' in exc_message): raise glance_exception.ClientConnectionError(exc_message) raise return inner_func
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): redirect_url = login_url or settings.LOGIN_URL if is_authenticated(request): redirect_url = fail_active(request) if not redirect_url: return view_func(request, *args, **kwargs) # User is logged in but her email has not been verified yet. http_accepts = get_accept_list(request) if 'text/html' in http_accepts: messages.info(request, _( "You should now secure and activate your account following the instructions"\ " we just emailed you. Thank you.")) auth_logout(request) return redirect_or_denied(request, redirect_url, redirect_field_name=redirect_field_name) return _wrapped_view
def decorator(func): @wraps(func, assigned=available_attrs(func)) def inner(request, *args, **kwargs): if request.method not in request_method_list: # Raise our warning. warning.send(sender=require_http_methods, flag=WRONG_METHOD, message=u'%s not allowed' % request.method, values=[request_method_list]) logger.warning('Method Not Allowed (%s): %s', request.method, request.path, extra={ 'status_code': 405, 'request': request }) return HttpResponseNotAllowed(request_method_list) return func(request, *args, **kwargs) return inner
def decorator(view_func: ViewFuncT) -> ViewFuncT: @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: if test_func(request): return view_func(request, *args, **kwargs) path = request.build_absolute_uri() resolved_login_url = resolve_url(login_url or settings.LOGIN_URL) # If the login url is the same scheme and net location then just # use the path as the "next" url. login_scheme, login_netloc = urllib.parse.urlparse( resolved_login_url)[:2] current_scheme, current_netloc = urllib.parse.urlparse(path)[:2] if ((not login_scheme or login_scheme == current_scheme) and (not login_netloc or login_netloc == current_netloc)): path = request.get_full_path() return redirect_to_login(path, resolved_login_url, redirect_field_name) return _wrapped_view # type: ignore # https://github.com/python/mypy/issues/1927
def user_can_change_page(func): @wraps(func, assigned=available_attrs(func)) def wrapper(user, page, site=None): can_change = func(user, page, site=site) if can_change: active_request = get_active_moderation_request( page, get_request_language()) # If there is an active moderation request, the only user # who can edit the content is the original content author after # his moderation request has been rejected by any of the moderators. # The reason for this that content author should be able to # resubmit the changes for another review as a part of the same # moderation request. if active_request and not active_request.user_can_resubmit(user): return False return can_change return wrapper
def wrap(fun): @wraps(fun, assigned=available_attrs(fun)) def inner(task_id, *args, **kwargs): try: return fun(task_id, *args, **kwargs) except Exception as e: logger.exception(e) logger.error('Mgmt Task %s failed', task_id) raise e finally: if update_user_tasks: try: obj = get_vms_object(kwargs) except ObjectDoesNotExist: # noinspection PyProtectedMember _UserTasksModel._tasks_del(task_id) else: obj.tasks_del(task_id) return inner
def decorator(view_fn): def _wrapped_view(request, *args, **kwargs): if redirect_func(request.user): # We must call reverse at the view level, else the threadlocal # locale prefixing doesn't take effect. redirect_url = redirect_url_func() or reverse('account_login') # Redirect back here afterwards? if redirect_field: path = urlquote(request.get_full_path()) redirect_url = '%s?%s=%s' % ( redirect_url, redirect_field, path) return HttpResponseRedirect(redirect_url) if deny_func and deny_func(request.user): return HttpResponseForbidden() return view_fn(request, *args, **kwargs) return wraps(view_fn, assigned=available_attrs(view_fn))(_wrapped_view)
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): context = get_weixin_login_context(request) if context is not None: code = request.GET.get("code") user = auth.authenticate(code=code, context=context) if user and not isinstance(user, AnonymousUser): setattr(user, 'login_type', '%s%s' % (getattr(user, 'login_type', None), context.get('login_type'))) auth.login(request, user) return view_func(request, *args, **kwargs) else: return HttpResponseForbidden() if test_func(request.user): return view_func(request, *args, **kwargs) api = helper.MpApi() login_url = api.OAuthUrl(request.build_absolute_uri(request.META.get('TENANT_REQUEST_URI'))) return HttpResponseRedirect(login_url) return _wrapped_view
def require_valid_user(view_func, invalid_user_message=None): if invalid_user_message is None: invalid_user_message = "The user you've selected appears to be invalid. \ Please return to <a href='/questionnaire/'>the index</a> and select a different user." @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped(request, *args, **kwargs): if request.COOKIES.get('userId') is not None: try: (patientId, serverId) = get_login_info(request) smart = utils.getFhirClient(serverId) patient.Patient.read(patientId, smart.server) except Exception: context = {'error_text': invalid_user_message} return render(request, 'error.html', context) return view_func(request, *args, **kwargs) else: return redirect("questionnaire.views.index") return _wrapped
def xframe_allow_whitelisted(view_func): """ Modifies a view function so that its response has the X-Frame-Options HTTP header set to 'DENY' if the request HTTP referrer is not from a whitelisted hostname. """ def wrapped_view(request, *args, **kwargs): """ Modify the response with the correct X-Frame-Options. """ resp = view_func(request, *args, **kwargs) x_frame_option = 'DENY' if settings.FEATURES['ENABLE_THIRD_PARTY_AUTH']: referer = request.META.get('HTTP_REFERER') if referer is not None: parsed_url = urlparse(referer) hostname = parsed_url.hostname if LTIProviderConfig.objects.current_set().filter(lti_hostname=hostname, enabled=True).exists(): x_frame_option = 'ALLOW' resp['X-Frame-Options'] = x_frame_option return resp return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
def decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): res = view_func(request, *args, **kwargs) log = Log() log.name = request.GET.get('user') log.ipv4 = request.META['REMOTE_ADDR'] log.uri = request.META['PATH_INFO'] log.get_args = request.GET log.post_args = request.POST res._container = simplejson.loads(res._container) if res._container.has_key('res'): log.res = res._container['res'] if res._container.has_key('error'): log.error = res._container['error'] if res._container.has_key('data'): log.error = res._container['data'] log.save() return res return _wrapped_view
def never_cache(view_func): """Adds HTTP headers to the response to block caching Decorator that adds headers to a response so that it will never be cached. Expanded version of django.views.decorators.cache.never_cache that adds additional headers that follow the recommendations from: http://securityevaluators.com/knowledge/case_studies/caching/ """ @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view_func(request, *args, **kwargs): response = view_func(request, *args, **kwargs) if response.status_code not in (301, 302): response['Cache-Control'] = 'no-cache,no-store' response['Pragma'] = 'no-cache' response['Expires'] = 'Tue, 01 Jan 1980 1:00:00 GMT' return response return _wrapped_view_func
def actual_decorator(view_func): @wraps(view_func, assigned=available_attrs(view_func)) def _wrapped_view(request, *args, **kwargs): oauth_url, redirect_uri = get_oauth_url(request, scope_list, extra_params=extra_params) try: #call get persistent graph and convert the token with correct redirect uri get_persistent_graph(request, redirect_uri=redirect_uri) return view_func(request, *args, **kwargs) except open_facebook_exceptions.OpenFacebookException, e: if test_permissions(request, scope_list, redirect_uri): #an error if we already have permissions shouldn't have been caught #raise to prevent bugs with error mapping to cause issues raise else: logger.info('requesting access with redirect uri: %s', redirect_uri) response = HttpResponseRedirect(oauth_url) return response