def _wrapped_view(request, *args, **kwargs): LOGGER.debug("Enters djaoapp.decorators.requires_provider_only") site = get_current_site() organization = kwargs.get('organization', None) if site.db_name: # We have a separate database so it is OK for a manager # of the site to access registered ``Organization`` which # are not subscribed yet. if _has_valid_access(request, [get_current_broker()], strength): return view_func(request, *args, **kwargs) try: app = get_current_app() #pylint:disable=unused-variable redirect_url, matched, session = check_matched( request, app, prefixes=DEFAULT_PREFIXES) if redirect_url: if isinstance(redirect_url, six.string_types): return http.HttpResponseRedirect(redirect_url) raise PermissionDenied() except NoRuleMatch: # By default, we are looking for provider. slug = kwargs.get('charge', organization) redirect_url = _fail_provider_only( request, organization=slug, roledescription=roledescription, strength=strength) if redirect_url: return redirect_or_denied(request, redirect_url, redirect_field_name=redirect_field_name, descr=_("%(auth)s is not a manager of one of"\ " %(organization)s providers.") % {'auth': request.user, 'organization': slug}) return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs): LOGGER.debug("Enters djaoapp.decorators.requires_self_provider") site = get_current_site() if site.db_name: # We have a separate database so it is OK for a manager # of the site to access profiles of ``User`` which # are not subscribed yet. if _has_valid_access(request, [get_current_broker()], strength): return view_func(request, *args, **kwargs) try: app = get_current_app() #pylint:disable=unused-variable redirect_url, matched, session = check_matched( request, app, prefixes=DEFAULT_PREFIXES) if redirect_url: if isinstance(redirect_url, six.string_types): return http.HttpResponseRedirect(redirect_url) raise PermissionDenied() except NoRuleMatch: redirect_url = _fail_self_provider(request, user=kwargs.get( 'user', None), strength=strength) if redirect_url: return redirect_or_denied(request, redirect_url, redirect_field_name=redirect_field_name, descr=_("%(auth)s has neither a direct"\ " relation to an organization connected to %(user)s nor a connection to one"\ " of the providers to such organization.") % { 'auth': request.user, 'user': kwargs.get('user', None)}) return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs): try: app = get_current_app() redirect_url, _, _ = check_matched( request, app, prefixes=[ '/api/billing/', '/api/metrics/', '/api/profile/', '/api/users/', '/billing/', '/metrics/', '/profile/', '/users/' ]) if redirect_url: if isinstance(redirect_url, six.string_types): return http.HttpResponseRedirect(redirect_url) raise PermissionDenied() except NoRuleMatch: slug = kwargs.get('charge', kwargs.get('organization', None)) redirect_url = _fail_direct(request, organization=slug, roledescription=roledescription, strength=strength) if redirect_url: return redirect_or_denied( request, redirect_url, redirect_field_name=redirect_field_name, descr="%(user)s is not a direct manager '\ ' of %(organization)s." % { 'user': request.user, 'organization': slug }) return view_func(request, *args, **kwargs)
def fail_self_provider(request, user=None, roledescription=None): """ Same decorator as saas.requires_self_provider with the added permissions that managers of the site database itself are also able to access profiles of registered yet unsubscribed ``Organization``. """ site = get_current_site() if site.db_name and site.db_name != DEFAULT_DB_ALIAS: # We have a separate database so it is OK for a manager # of the site to access registered ``Organization`` which # are not subscribed yet. if _has_valid_access(request, [get_current_broker()]): return False try: app = get_current_app() #pylint:disable=unused-variable redirect, matched, session = check_matched(request, app, prefixes=DEFAULT_PREFIXES) except NoRuleMatch: # By default, we are looking for provider. redirect = fail_self_provider_default(request, user=user, roledescription=roledescription) return redirect
def _wrapped_view(request, *args, **kwargs): site = get_current_site() if site.db_name: # We have a separate database so it is OK for a manager # of the site to access profiles of ``User`` which # are not subscribed yet. if _has_valid_access(request, [get_current_broker()], strength): return view_func(request, *args, **kwargs) try: app = get_current_app() redirect_url, _, _ = check_matched( request, app, prefixes=[ '/api/billing/', '/api/metrics/', '/api/profile/', '/api/users/', '/billing/', '/metrics/', '/profile/', '/users/' ]) if redirect_url: if isinstance(redirect_url, six.string_types): return http.HttpResponseRedirect(redirect_url) raise PermissionDenied() except NoRuleMatch: if _fail_self_provider(request, user=kwargs.get('user', None), strength=strength): raise PermissionDenied("%(auth)s has neither a direct"\ " relation to an organization connected to %(user)s nor a connection to one"\ "of the providers to such organization." % { 'auth': request.user, 'user': kwargs.get('user', None)}) return view_func(request, *args, **kwargs)
def fail_direct(request, organization=None, roledescription=None): try: app = get_current_app() #pylint:disable=unused-variable redirect, matched, session = check_matched(request, app, prefixes=DEFAULT_PREFIXES) except NoRuleMatch: redirect = fail_direct_default(request, organization=organization, roledescription=roledescription) return redirect
def fail_authenticated(request, verification_key=None): """ Decorator for views that checks that the user is authenticated. ``django.contrib.auth.decorators.login_required`` will automatically redirect to the login page. We wante to redirect to the activation page when required, as well as raise a ``PermissionDenied`` instead when Content-Type is showing we are dealing with an API request. """ try: app = get_current_app() #pylint:disable=unused-variable redirect, matched, session = check_matched(request, app, prefixes=DEFAULT_PREFIXES) except NoRuleMatch: redirect = fail_authenticated_default(request) if redirect: if verification_key: contact = Contact.objects.filter( Q(email_verification_key=verification_key) | Q(phone_verification_key=verification_key)).first() if not contact: # Not a `Contact`, let's try `Role`. role_model = get_role_model() try: role = role_model.objects.filter( Q(grant_key=verification_key) | Q(request_key=verification_key)).get() contact, _ = Contact.objects.prepare_email_verification( role.user, role.user.email) verification_key = contact.email_verification_key except role_model.DoesNotExist: pass if contact and has_invalid_password(contact.user): redirect = request.build_absolute_uri( reverse('registration_activate', args=(verification_key, ))) return redirect
def _wrapped_view(request, *args, **kwargs): LOGGER.debug("Enters djaoapp.decorators.requires_direct") try: app = get_current_app() #pylint:disable=unused-variable redirect_url, matched, session = check_matched(request, app, prefixes=DEFAULT_PREFIXES) if redirect_url: if isinstance(redirect_url, six.string_types): return http.HttpResponseRedirect(redirect_url) raise PermissionDenied() except NoRuleMatch: slug = kwargs.get('charge', kwargs.get('organization', None)) redirect_url = _fail_direct(request, organization=slug, roledescription=roledescription, strength=strength) if redirect_url: return redirect_or_denied(request, redirect_url, redirect_field_name=redirect_field_name, descr=_("%(auth)s is not a direct manager"\ " of %(organization)s.") % {'auth': request.user, 'organization': slug}) return view_func(request, *args, **kwargs)
def _wrapped_view(request, *args, **kwargs): site = get_current_site() organization = kwargs.get('organization', None) if site.db_name: # We have a separate database so it is OK for a manager # of the site to access registered ``Organization`` which # are not subscribed yet. if _has_valid_access(request, [get_current_broker()], strength): return view_func(request, *args, **kwargs) try: app = get_current_app() redirect_url, _, _ = check_matched( request, app, prefixes=[ '/api/billing/', '/api/metrics/', '/api/profile/', '/api/users/', '/billing/', '/metrics/', '/profile/', '/users/' ]) if redirect_url: if isinstance(redirect_url, six.string_types): return http.HttpResponseRedirect(redirect_url) raise PermissionDenied() except NoRuleMatch: # By default, we are looking for provider. slug = kwargs.get('charge', organization) redirect_url = _fail_provider_only( request, organization=slug, roledescription=roledescription, strength=strength) if redirect_url: return redirect_or_denied(request, redirect_url, "%(user)s is not a manager of one of"\ " %(slug)s providers." % {'user': request.user, 'slug': slug}) return view_func(request, *args, **kwargs)