def wrapper(request, addon, *args, **kw):
from mkt.submit.views import _resume
if webapp:
kw["webapp"] = addon.is_webapp()
fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw)
if allow_editors:
if acl.check_reviewer(request):
return fun()
# Require an owner or dev for POST requests.
if request.method == "POST":
if acl.check_addon_ownership(request, addon, dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True):
if not skip_submit_check:
try:
# If it didn't go through the app submission
# checklist. Don't die. This will be useful for
# creating apps with an API later.
step = addon.appsubmissionchecklist.get_next()
except ObjectDoesNotExist:
step = None
# Redirect to the submit flow if they're not done.
if not getattr(f, "submitting", False) and step:
return _resume(addon, step)
return fun()
return http.HttpResponseForbidden()
def wrapper(request, addon, *args, **kw):
from devhub.views import _resume
if theme:
kw['theme'] = addon.is_persona()
elif addon.is_persona():
# Don't allow theme views if theme not passed in.
raise http.Http404
fun = lambda: f(request, addon_id=addon.id, addon=addon,
*args, **kw)
if allow_editors:
if acl.check_reviewer(request):
return fun()
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_addon_ownership(request, addon,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True):
step = SubmitStep.objects.filter(addon=addon)
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(addon, step)
return fun()
raise PermissionDenied
def wrapper(request, addon, *args, **kw):
from devhub.views import _resume
if webapp:
kw['webapp'] = addon.is_webapp()
fun = lambda: f(
request, addon_id=addon.id, addon=addon, *args, **kw)
if allow_editors:
if acl.check_reviewer(request):
return fun()
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_addon_ownership(request,
addon,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request,
addon,
viewer=True,
ignore_disabled=True):
step = SubmitStep.objects.filter(addon=addon)
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(addon, step)
return fun()
raise PermissionDenied
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp,
pk=file.version.addon_id,
is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(
request, webapp, viewer=True, ignore_disabled=True):
raise http.Http404()
# We treat blocked files like public files so users get the update.
if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]:
path = webapp.sign_if_packaged(file.version_id)
else:
# This is someone asking for an unsigned packaged app.
if not acl.check_addon_ownership(request, webapp, dev=True):
raise http.Http404()
path = file.file_path
log.info('Downloading package: %s from %s' % (webapp.id, path))
return HttpResponseSendFile(request,
path,
content_type='application/zip',
etag=file.hash.split(':')[-1])
def wrapper(request, addon, *args, **kw):
from mkt.submit.views import _resume
if webapp:
kw['webapp'] = addon.is_webapp()
fun = lambda: f(
request, addon_id=addon.id, addon=addon, *args, **kw)
if allow_editors and acl.check_reviewer(request):
return fun()
if staff and (acl.action_allowed(request, 'Apps', 'Configure')
or acl.action_allowed(request, 'Apps',
'ViewConfiguration')):
return fun()
if support:
# Let developers and support people do their thangs.
if (acl.check_addon_ownership(request, addon, support=True) or
acl.check_addon_ownership(request, addon, dev=True)):
return fun()
else:
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_addon_ownership(request,
addon,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request,
addon,
viewer=True,
ignore_disabled=True):
if not skip_submit_check:
try:
# If it didn't go through the app submission
# checklist. Don't die. This will be useful for
# creating apps with an API later.
step = addon.appsubmissionchecklist.get_next()
except ObjectDoesNotExist:
step = None
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(addon, step)
return fun()
return http.HttpResponseForbidden()
def setup_viewer(request, file_obj):
data = {
'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''
}
if (acl.action_allowed(request, 'Editors', '%')
or acl.check_addon_ownership(request,
file_obj.version.addon,
viewer=True,
ignore_disabled=True)):
data['validate_url'] = reverse(
'devhub.json_file_validation',
args=[file_obj.version.addon.slug, file_obj.id])
if acl.action_allowed(request, 'Editors', '%'):
data['file_link'] = {
'text': _('Back to review'),
'url': reverse('editors.review', args=[data['addon'].slug])
}
else:
data['file_link'] = {
'text': _('Back to addon'),
'url': reverse('addons.detail', args=[data['addon'].pk])
}
return data
def owner_or_unlisted_reviewer(request, addon):
return (acl.check_unlisted_addons_reviewer(request) or
# We don't want "admins" here, because it includes anyone with the
# "Addons:Edit" perm, we only want those with
# "Addons:ReviewUnlisted" perm (which is checked above).
acl.check_addon_ownership(request, addon, admin=False, dev=True,
viewer=True, support=True))
def setup_viewer(request, file_obj):
data = {'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''}
if (acl.check_addons_reviewer(request) or
acl.check_addon_ownership(request, file_obj.version.addon,
viewer=True, ignore_disabled=True)):
addon = file_obj.version.addon
data['validate_url'] = reverse('devhub.json_file_validation',
args=[addon.slug, file_obj.id])
if acl.check_addons_reviewer(request):
data['annotate_url'] = reverse('devhub.annotate_file_validation',
args=[addon.slug, file_obj.id])
data['automated_signing'] = file_obj.automated_signing
if file_obj.has_been_validated:
data['validation_data'] = file_obj.validation.processed_validation
if acl.check_addons_reviewer(request):
data['file_link'] = {'text': _('Back to review'),
'url': reverse('editors.review',
args=[data['addon'].slug])}
else:
data['file_link'] = {'text': _('Back to addon'),
'url': reverse('addons.detail',
args=[data['addon'].pk])}
return data
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, 'Addons', 'Edit')
is_author = acl.check_addon_ownership(request, addon, dev=True)
if not (is_admin or is_author):
raise PermissionDenied
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = forms.ReviewReplyForm(request.POST or None)
if request.method == 'POST' and form.is_valid():
d = dict(reply_to=review, addon=addon,
defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for key, val in _review_details(request, addon, form).items():
setattr(reply, key, val)
reply.save()
action = 'New' if new else 'Edited'
log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
if new:
reply_url = helpers.url('addons.reviews.detail', addon.slug,
review.id, add_prefix=False)
data = {'name': addon.name,
'reply_title': reply.title,
'reply': reply.body,
'reply_url': helpers.absolutify(reply_url)}
emails = [review.user.email]
sub = u'Mozilla Add-on Developer Reply: %s' % addon.name
send_mail('reviews/emails/reply_review.ltxt',
sub, emails, Context(data), 'reply')
return redirect(helpers.url('addons.reviews.detail', addon.slug,
review_id))
ctx = dict(review=review, form=form, addon=addon)
return render(request, 'reviews/reply.html', ctx)
def setup_viewer(request, file_obj):
data = {'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''}
if (acl.check_reviewer(request) or
acl.check_addon_ownership(request, file_obj.version.addon,
viewer=True, ignore_disabled=True)):
data['validate_url'] = reverse(
'mkt.developers.apps.json_file_validation',
args=[file_obj.version.addon.app_slug, file_obj.id])
if acl.check_reviewer(request):
data['file_link'] = {'text': _('Back to review'),
'url': reverse('reviewers.apps.review',
args=[data['addon'].app_slug])}
else:
data['file_link'] = {
'text': _('Back to app'),
'url': reverse('detail', args=[data['addon'].pk])
}
return data
def in_app_config(request, addon_id, addon, webapp=True):
inapp = addon.premium_type in amo.ADDON_INAPPS
if not inapp:
messages.error(request,
_('Your app is not configured for in-app payments.'))
return redirect(reverse('mkt.developers.apps.payments',
args=[addon.app_slug]))
try:
account = addon.app_payment_account
except ObjectDoesNotExist:
messages.error(request, _('No payment account for this app.'))
return redirect(reverse('mkt.developers.apps.payments',
args=[addon.app_slug]))
seller_config = get_seller_product(account)
owner = acl.check_addon_ownership(request, addon)
if request.method == 'POST':
# Reset the in-app secret for the app.
(client.api.generic
.product(seller_config['resource_pk'])
.patch(data={'secret': generate_key(48)}))
messages.success(request, _('Changes successfully saved.'))
return redirect(reverse('mkt.developers.apps.in_app_config',
args=[addon.app_slug]))
return jingo.render(request, 'developers/payments/in-app-config.html',
{'addon': addon, 'owner': owner,
'seller_config': seller_config})
def setup_viewer(request, file_obj):
data = {
"file": file_obj,
"version": file_obj.version,
"addon": file_obj.version.addon,
"status": False,
"selected": {},
"validate_url": "",
}
if acl.check_reviewer(request) or acl.check_addon_ownership(
request, file_obj.version.addon, viewer=True, ignore_disabled=True
):
data["validate_url"] = reverse(
"mkt.developers.apps.json_file_validation", args=[file_obj.version.addon.app_slug, file_obj.id]
)
if acl.check_reviewer(request):
data["file_link"] = {
"text": _("Back to review"),
"url": reverse("reviewers.apps.review", args=[data["addon"].app_slug]),
}
else:
data["file_link"] = {"text": _("Back to app"), "url": reverse("detail", args=[data["addon"].pk])}
return data
def in_app_config(request, addon_id, addon, webapp=True):
inapp = addon.premium_type in amo.ADDON_INAPPS
if not inapp:
messages.error(request, _("Your app is not configured for in-app payments."))
return redirect(reverse("mkt.developers.apps.payments", args=[addon.app_slug]))
try:
account = addon.app_payment_account
except ObjectDoesNotExist:
messages.error(request, _("No payment account for this app."))
return redirect(reverse("mkt.developers.apps.payments", args=[addon.app_slug]))
seller_config = get_seller_product(account)
owner = acl.check_addon_ownership(request, addon)
if request.method == "POST":
# Reset the in-app secret for the app.
(client.api.generic.product(seller_config["resource_pk"]).patch(data={"secret": generate_key(48)}))
messages.success(request, _("Changes successfully saved."))
return redirect(reverse("mkt.developers.apps.in_app_config", args=[addon.app_slug]))
return jingo.render(
request,
"developers/payments/in-app-config.html",
{"addon": addon, "owner": owner, "seller_config": seller_config},
)
def review_list(request, addon, review_id=None, user_id=None, rating=None):
qs = Review.objects.valid().filter(addon=addon).order_by('-created')
# Mature regions show only reviews from within that region.
if not request.REGION.adolescent:
qs = qs.filter(client_data__region=request.REGION.id)
ctx = {'product': addon, 'score': rating, 'review_perms': {}}
if review_id is not None:
qs = qs.filter(pk=review_id)
ctx['page'] = 'detail'
elif user_id is not None:
qs = qs.filter(user=user_id)
ctx['page'] = 'user'
if not qs:
raise http.Http404()
else:
ctx['page'] = 'list'
qs = qs.filter(is_latest=True)
ctx['ratings'] = ratings = amo.utils.paginate(request, qs, 20)
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin': acl.action_allowed(request, 'Addons', 'Edit'),
'is_editor': acl.check_reviewer(request),
'is_author': acl.check_addon_ownership(request, addon, viewer=True,
dev=True, support=True),
}
ctx['flags'] = get_flags(request, ratings.object_list)
ctx['has_review'] = addon.reviews.filter(user=request.user.id).exists()
return jingo.render(request, 'ratings/listing.html', ctx)
def setup_viewer(request, file_obj):
data = {'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''}
if (acl.check_addons_reviewer(request) or
acl.check_addon_ownership(request, file_obj.version.addon,
viewer=True, ignore_disabled=True)):
addon = file_obj.version.addon
data['validate_url'] = reverse('devhub.json_file_validation',
args=[addon.slug, file_obj.id])
if acl.check_addons_reviewer(request):
data['annotate_url'] = reverse('devhub.annotate_file_validation',
args=[addon.slug, file_obj.id])
data['automated_signing'] = file_obj.automated_signing
if file_obj.has_been_validated:
data['validation_data'] = file_obj.validation.processed_validation
if acl.check_addons_reviewer(request):
data['file_link'] = {'text': _('Back to review'),
'url': reverse('editors.review',
args=[data['addon'].slug])}
else:
data['file_link'] = {'text': _('Back to addon'),
'url': reverse('addons.detail',
args=[data['addon'].pk])}
return data
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
# General case: addon is listed.
if addon.is_listed:
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(
request, addon, viewer=True, ignore_disabled=True)
or acl.check_addons_reviewer(request)):
return HttpResponseSendFile(
request,
file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, addon):
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def setup_viewer(request, file_obj):
data = {'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''}
if (acl.action_allowed(request, 'Editors', '%') or
acl.check_addon_ownership(request, file_obj.version.addon,
viewer=True, ignore_disabled=True)):
data['validate_url'] = reverse('devhub.json_file_validation',
args=[file_obj.version.addon.slug,
file_obj.id])
if acl.action_allowed(request, 'Editors', '%'):
data['file_link'] = {'text': _('Back to review'),
'url': reverse('editors.review',
args=[data['addon'].slug])}
else:
data['file_link'] = {'text': _('Back to addon'),
'url': reverse('addons.detail',
args=[data['addon'].pk])}
return data
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, "Admin", "EditAnyAddon")
is_author = acl.check_addon_ownership(request, addon, dev=True)
if not (is_admin or is_author):
return http.HttpResponseForbidden()
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = forms.ReviewReplyForm(request.POST or None)
if request.method == "POST":
if form.is_valid():
d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for key, val in _review_details(request, addon, form).items():
setattr(reply, key, val)
reply.save()
action = "New" if new else "Edited"
log.debug("%s reply to %s: %s" % (action, review_id, reply.id))
if new:
data = {
"name": addon.name,
"reply_title": reply.title,
"reply": reply.body,
"reply_url": absolutify(reverse("reviews.detail", args=[addon.slug, review.id], add_prefix=False)),
}
emails = [review.user.email]
if settings.IMPALA_EDIT:
sub = u"Mozilla Add-on Developer Reply: %s" % addon.name
send_mail("reviews/emails/reply_review.ltxt", sub, emails, Context(data), "reply")
return redirect("reviews.detail", addon.slug, review_id)
ctx = dict(review=review, form=form, addon=addon)
ctx.update(flag_context())
return jingo.render(request, "reviews/reply.html", ctx)
def in_app_config(request, addon_id, addon, webapp=True):
inapp = addon.premium_type in amo.ADDON_INAPPS
if not inapp:
messages.error(request,
_('Your app is not configured for in-app payments.'))
return redirect(reverse('mkt.developers.apps.payments',
args=[addon.app_slug]))
try:
account = addon.app_payment_account
except ObjectDoesNotExist:
messages.error(request, _('No payment account for this app.'))
return redirect(reverse('mkt.developers.apps.payments',
args=[addon.app_slug]))
seller_config = get_seller_product(account)
owner = acl.check_addon_ownership(request, addon)
if request.method == 'POST':
# Reset the in-app secret for the app.
(client.api.generic
.product(seller_config['resource_pk'])
.patch(data={'secret': generate_key(48)}))
messages.success(request, _('Changes successfully saved.'))
return redirect(reverse('mkt.developers.apps.in_app_config',
args=[addon.app_slug]))
return render(request, 'developers/payments/in-app-config.html',
{'addon': addon, 'owner': owner,
'seller_config': seller_config})
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
# General case: addon is listed.
if addon.is_listed:
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True) or
acl.check_addons_reviewer(request)):
return HttpResponseSendFile(
request, file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, addon):
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def setup_viewer(request, file_obj):
data = {
'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''
}
if (acl.check_reviewer(request) or acl.check_addon_ownership(
request, file_obj.version.addon, viewer=True,
ignore_disabled=True)):
data['validate_url'] = reverse(
'mkt.developers.apps.json_file_validation',
args=[file_obj.version.addon.app_slug, file_obj.id])
if acl.check_reviewer(request):
data['file_link'] = {
'text': _('Back to review'),
'url': reverse('reviewers.apps.review',
args=[data['addon'].app_slug])
}
else:
data['file_link'] = {
'text': _('Back to app'),
'url': reverse('detail', args=[data['addon'].pk])
}
return data
def in_app_config(request, addon_id, addon, webapp=True):
if not addon.has_payment_account():
messages.error(request, _('No payment account for this app.'))
return redirect(
reverse('mkt.developers.apps.payments', args=[addon.app_slug]))
# TODO: support multiple accounts.
account = addon.single_pay_account()
seller_config = get_seller_product(account)
owner = acl.check_addon_ownership(request, addon)
if request.method == 'POST':
# Reset the in-app secret for the app.
(client.api.generic.product(seller_config['resource_pk']).patch(
data={'secret': generate_key(48)}))
messages.success(request, _('Changes successfully saved.'))
return redirect(
reverse('mkt.developers.apps.in_app_config',
args=[addon.app_slug]))
return render(request, 'developers/payments/in-app-config.html', {
'addon': addon,
'owner': owner,
'seller_config': seller_config
})
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, 'Addons', 'Edit')
is_author = acl.check_addon_ownership(request, addon, dev=True)
if not (is_admin or is_author):
return http.HttpResponseForbidden()
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = forms.ReviewReplyForm(request.POST or None)
if request.method == 'POST' and form.is_valid():
d = dict(reply_to=review, addon=addon,
defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for key, val in _review_details(request, addon, form).items():
setattr(reply, key, val)
reply.save()
action = 'New' if new else 'Edited'
log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
if new:
reply_url = shared_url('reviews.detail', addon, review.id,
add_prefix=False)
data = {'name': addon.name,
'reply_title': reply.title,
'reply': reply.body,
'reply_url': absolutify(reply_url)}
emails = [review.user.email]
sub = u'Mozilla Add-on Developer Reply: %s' % addon.name
send_mail('reviews/emails/reply_review.ltxt',
sub, emails, Context(data), 'reply')
return redirect(shared_url('reviews.detail', addon, review_id))
ctx = dict(review=review, form=form, addon=addon)
return jingo.render(request, 'reviews/reply.html', ctx)
def wrapper(request, addon_id, *args, **kw):
addon = get_object_or_404(Addon, id=addon_id)
if acl.check_addon_ownership(request, addon,
require_owner=False):
return f(request, addon_id, addon, *args, **kw)
else:
return http.HttpResponseForbidden()
def review_list(request, addon, review_id=None, user_id=None, rating=None):
qs = Review.objects.valid().filter(addon=addon).order_by('-created')
ctx = {'product': addon, 'score': rating, 'review_perms': {}}
if review_id is not None:
qs = qs.filter(pk=review_id)
ctx['page'] = 'detail'
# If this is a dev reply, find the first msg for context.
review = get_object_or_404(Review, pk=review_id)
if review.reply_to_id:
review_id = review.reply_to_id
ctx['reply'] = review
elif user_id is not None:
qs = qs.filter(user=user_id)
ctx['page'] = 'user'
if not qs:
raise http.Http404()
else:
ctx['page'] = 'list'
qs = qs.filter(is_latest=True)
ctx['ratings'] = ratings = amo.utils.paginate(request, qs, 20)
if not ctx.get('reply'):
ctx['replies'] = Review.get_replies(ratings.object_list)
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin': acl.action_allowed(request, 'Addons', 'Edit'),
'is_editor': acl.check_reviewer(request),
'is_author': acl.check_addon_ownership(request, addon, viewer=True,
dev=True, support=True),
}
ctx['flags'] = get_flags(request, ratings.object_list)
ctx['has_review'] = addon.reviews.filter(user=request.user.id).exists()
return jingo.render(request, 'ratings/listing.html', ctx)
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, 'Addons', 'Edit')
is_author = acl.check_addon_ownership(request, addon, dev=True)
if not (is_admin or is_author):
raise PermissionDenied
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = ReviewReplyForm(request.POST or None)
if form.is_valid():
d = dict(reply_to=review,
addon=addon,
defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for k, v in _review_details(request, addon, form).items():
setattr(reply, k, v)
reply.save()
action = 'New' if new else 'Edited'
if new:
amo.log(amo.LOG.ADD_REVIEW, addon, reply)
else:
amo.log(amo.LOG.EDIT_REVIEW, addon, reply)
log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
messages.success(
request,
_('Your reply was successfully added.')
if new else _('Your reply was successfully updated.'))
return http.HttpResponse()
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, 'Addons', 'Edit')
is_author = acl.check_addon_ownership(request, addon, dev=True)
if not (is_admin or is_author):
raise PermissionDenied
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = ReviewReplyForm(request.POST or None)
if form.is_valid():
d = dict(reply_to=review, addon=addon,
defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for k, v in _review_details(request, addon, form).items():
setattr(reply, k, v)
reply.save()
action = 'New' if new else 'Edited'
if new:
amo.log(amo.LOG.ADD_REVIEW, addon, reply)
else:
amo.log(amo.LOG.EDIT_REVIEW, addon, reply)
log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
messages.success(request,
_('Your reply was successfully added.') if new else
_('Your reply was successfully updated.'))
return http.HttpResponse()
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, "Addons", "Edit")
is_author = acl.check_addon_ownership(request, addon, dev=True)
if not (is_admin or is_author):
raise PermissionDenied
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = forms.ReviewReplyForm(request.POST or None)
if request.method == "POST" and form.is_valid():
d = dict(reply_to=review, addon=addon, defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for key, val in _review_details(request, addon, form).items():
setattr(reply, key, val)
reply.save()
action = "New" if new else "Edited"
log.debug("%s reply to %s: %s" % (action, review_id, reply.id))
if new:
reply_url = shared_url("reviews.detail", addon, review.id, add_prefix=False)
data = {
"name": addon.name,
"reply_title": reply.title,
"reply": reply.body,
"reply_url": absolutify(reply_url),
}
emails = [review.user.email]
sub = u"Mozilla Add-on Developer Reply: %s" % addon.name
send_mail("reviews/emails/reply_review.ltxt", sub, emails, Context(data), "reply")
return redirect(shared_url("reviews.detail", addon, review_id))
ctx = dict(review=review, form=form, addon=addon)
return render(request, "reviews/reply.html", ctx)
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True) or
acl.check_addons_reviewer(request)):
return HttpResponseSendFile(request, file.guarded_file_path,
content_type='application/x-xpinstall')
log.info(u'download file {file_id}: addon/file disabled or user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404()
if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)):
log.info(u'download file {file_id}: addon is unlisted but user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def owner_or_unlisted_reviewer(request, addon):
return (
acl.check_unlisted_addons_reviewer(request) or
# We don't want "admins" here, because it includes anyone with the
# "Addons:Edit" perm, we only want those with
# "Addons:ReviewUnlisted" perm (which is checked above).
acl.check_addon_ownership(
request, addon, admin=False, dev=True, viewer=True, support=True))
def in_app_products(request, addon_id, addon, webapp=True, account=None):
owner = acl.check_addon_ownership(request, addon)
products = addon.inappproduct_set.all()
new_product = InAppProduct(webapp=addon)
form = InAppProductForm()
return render(request, 'developers/payments/in-app-products.html',
{'addon': addon, 'form': form, 'new_product': new_product,
'owner': owner, 'products': products, 'form': form})
def wrapper(request, addon, *args, **kw):
from mkt.submit.views import _resume
if webapp:
kw['webapp'] = addon.is_webapp()
fun = lambda: f(request, addon_id=addon.id, addon=addon,
*args, **kw)
if allow_editors and acl.check_reviewer(request):
return fun()
if staff and (acl.action_allowed(request, 'Apps', 'Configure') or
acl.action_allowed(request, 'Apps',
'ViewConfiguration')):
return fun()
if support:
# Let developers and support people do their thangs.
if (acl.check_addon_ownership(request, addon, support=True) or
acl.check_addon_ownership(request, addon, dev=True)):
return fun()
else:
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_addon_ownership(request, addon,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True):
if not skip_submit_check:
try:
# If it didn't go through the app submission
# checklist. Don't die. This will be useful for
# creating apps with an API later.
step = addon.appsubmissionchecklist.get_next()
except ObjectDoesNotExist:
step = None
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(addon, step)
return fun()
return http.HttpResponseForbidden()
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
if (version.source and
(acl.check_addon_ownership(request, version.addon, viewer=True,
ignore_disabled=True) or
acl.action_allowed(request, 'Editors', 'BinarySource'))):
return HttpResponseSendFile(request, version.source)
raise http.Http404()
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
if (version.source
and (acl.check_addon_ownership(
request, version.addon, viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
return HttpResponseSendFile(request, version.source.path)
raise http.Http404()
def in_app_products(request, addon_id, addon, webapp=True, account=None):
owner = acl.check_addon_ownership(request, addon)
products = addon.inappproduct_set.all()
new_product = InAppProduct(webapp=addon)
form = InAppProductForm()
return render(
request,
"developers/payments/in-app-products.html",
{"addon": addon, "form": form, "new_product": new_product, "owner": owner, "products": products, "form": form},
)
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp, pk=file.version.addon_id,
is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(request, webapp, viewer=True,
ignore_disabled=True):
log.info('Download of %s denied: disabled.' % (webapp.id))
raise http.Http404()
# We treat blocked files like public files so users get the update.
if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]:
path = webapp.sign_if_packaged(file.version_id)
else:
# This is someone asking for an unsigned packaged app.
if not acl.check_addon_ownership(request, webapp, dev=True):
log.info('Download of %s denied: not signed yet.' % (webapp.id))
raise http.Http404()
path = file.file_path
# If it's a paid app and its not been paid for stop it downloading unless..
if webapp.is_premium():
if not request.user.is_authenticated():
log.info('Download of %s denied: not logged in.' % (webapp.id))
return http.HttpResponseForbidden()
if not webapp.has_purchased(request.amo_user):
# User hasn't purchased, are they a developer of the app,
# or a reviewer?
log.info('Download of %s: not purchased by user.' % (webapp.id))
if (not request.check_ownership(webapp, require_owner=False,
ignore_disabled=True, admin=False)
and not acl.check_reviewer(request, only='app')):
log.info('Download of %s denied: not developer or reviewer.' %
(webapp.id))
return http.HttpResponse(status=402)
log.info('Downloading package: %s from %s' % (webapp.id, path))
return HttpResponseSendFile(request, path, content_type='application/zip',
etag=file.hash.split(':')[-1])
def wrapper(request, addon, *args, **kw):
fun = lambda: f(request, addon_id=addon.id, addon=addon, *args,
**kw)
if allow_editors:
if acl.action_allowed(request, 'Editors', '%'):
return fun()
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_addon_ownership(request, addon,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True):
step = SubmitStep.objects.filter(addon=addon)
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(addon, step)
return fun()
return http.HttpResponseForbidden()
def wrapper(request, addon, *args, **kw):
fun = lambda: f(request, addon_id=addon.id, addon=addon, *args,
**kw)
if allow_editors:
if acl.action_allowed(request, 'Editors', '%'):
return fun()
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_addon_ownership(request, addon,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True):
step = SubmitStep.objects.filter(addon=addon)
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(addon, step)
return fun()
return http.HttpResponseForbidden()
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
if (version.source and
(acl.check_addon_ownership(request, version.addon,
viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
res = HttpResponseSendFile(request, version.source.path)
name = os.path.basename(version.source.path.replace('"', ''))
res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name)
return res
raise http.Http404()
def wrapper(request, addon, *args, **kw):
from devhub.views import _resume
if webapp:
kw["webapp"] = addon.is_webapp()
fun = lambda: f(request, addon_id=addon.id, addon=addon, *args, **kw)
if allow_editors:
if acl.check_reviewer(request):
return fun()
# Require an owner or dev for POST requests.
if request.method == "POST":
if acl.check_addon_ownership(request, addon, dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True):
step = SubmitStep.objects.filter(addon=addon)
# Redirect to the submit flow if they're not done.
if not getattr(f, "submitting", False) and step:
return _resume(addon, step)
return fun()
raise PermissionDenied
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp, pk=file.version.addon_id, is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_OBSOLETE:
if not acl.check_addon_ownership(request, webapp, viewer=True, ignore_disabled=True):
raise http.Http404()
# We treat blocked files like public files so users get the update.
if file.status in [amo.STATUS_PUBLIC, amo.STATUS_BLOCKED]:
path = webapp.sign_if_packaged(file.version_id)
else:
# This is someone asking for an unsigned packaged app.
if not acl.check_addon_ownership(request, webapp, dev=True):
raise http.Http404()
path = file.file_path
log.info("Downloading package: %s from %s" % (webapp.id, path))
return HttpResponseSendFile(request, path, content_type="application/zip", etag=file.hash.split(":")[-1])
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
webapp = get_object_or_404(Addon.objects, pk=file.version.addon_id,
type=amo.ADDON_WEBAPP)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(request, webapp, viewer=True,
ignore_disabled=True):
raise http.Http404()
log.info('Downloading: %s from %s' % (webapp.id, file.file_path))
return HttpResponseSendFile(request, file.file_path)
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp, pk=file.version.addon_id,
is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(request, webapp, viewer=True,
ignore_disabled=True):
raise http.Http404()
if file.status == amo.STATUS_PUBLIC:
path = webapp.sign_if_packaged(file.version_id)
else:
# This is someone asking for an unsigned packaged app.
if not acl.check_addon_ownership(request, webapp, dev=True):
raise http.Http404()
path = file.file_path
log.info('Downloading package: %s from %s' % (webapp.id, path))
return HttpResponseSendFile(request, path, content_type='application/zip')
def in_app_products(request, addon_id, addon, webapp=True, account=None):
owner = acl.check_addon_ownership(request, addon)
products = addon.inappproduct_set.all()
new_product = InAppProduct(webapp=addon)
form = InAppProductForm()
return render(
request, 'developers/payments/in-app-products.html', {
'addon': addon,
'form': form,
'new_product': new_product,
'owner': owner,
'products': products,
'form': form
})
def download_file(request, file_id, type=None):
file = get_object_or_404(File, pk=file_id)
webapp = get_object_or_404(Webapp, pk=file.version.addon_id,
is_packaged=True)
if webapp.is_disabled or file.status == amo.STATUS_DISABLED:
if not acl.check_addon_ownership(request, webapp, viewer=True,
ignore_disabled=True):
raise http.Http404()
log.info('Downloading package: %s from %s' % (webapp.id,
file.file_path))
path = webapp.sign_if_packaged(file.version_id)
return HttpResponseSendFile(request, path, content_type='application/zip')
def get_app(self, ident):
try:
app = Webapp.objects.by_identifier(ident)
except Webapp.DoesNotExist:
raise Http404
current_region = get_region()
if ((not app.is_public()
or not app.listed_in(region=current_region))
and not check_addon_ownership(self.request, app)):
# App owners and admin can see the app even if it's not public
# or not available in the current region. Regular users or
# anonymous users can't.
raise PermissionDenied('The app requested is not public or not '
'available in region "%s".' % current_region.slug)
return app
def get_app(self, ident):
try:
app = Webapp.objects.by_identifier(ident)
except Webapp.DoesNotExist:
raise Http404
current_region = get_region()
if ((not app.is_public() or not app.listed_in(region=current_region))
and not check_addon_ownership(self.request, app)):
# App owners and admin can see the app even if it's not public
# or not available in the current region. Regular users or
# anonymous users can't.
raise PermissionDenied('The app requested is not public or not '
'available in region "%s".' %
current_region.slug)
return app
def allowed(request, file):
allowed = acl.check_reviewer(request)
if not allowed:
try:
addon = file.version.addon
except ObjectDoesNotExist:
return http.Http404()
if addon.view_source and addon.status in amo.REVIEWED_STATUSES:
allowed = True
else:
allowed = acl.check_addon_ownership(request, addon, viewer=True,
dev=True)
if not allowed:
raise PermissionDenied
return True
def allowed(request, file):
allowed = action_allowed(request, 'Editors', '%')
if not allowed:
try:
addon = file.version.addon
except ObjectDoesNotExist:
return http.Http404()
if addon.view_source and addon.status in amo.REVIEWED_STATUSES:
allowed = True
else:
allowed = check_addon_ownership(request, addon,
viewer=True, dev=True)
if not allowed:
return http.HttpResponseForbidden()
return True
def download_source(request, version_id):
version = get_object_or_404(Version, pk=version_id)
# General case: addon is listed.
if version.addon.is_listed:
if not (version.source and
(acl.check_addon_ownership(
request, version.addon, viewer=True, ignore_disabled=True)
or acl.action_allowed(request, 'Editors', 'BinarySource'))):
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, version.addon):
raise http.Http404 # Not listed, not owner or admin.
res = HttpResponseSendFile(request, version.source.path)
name = os.path.basename(version.source.path.replace('"', ''))
res['Content-Disposition'] = 'attachment; filename="{0}"'.format(name)
return res
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.objects, pk=file.version.addon_id)
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True):
return HttpResponseSendFile(request, file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
attachment = (type == 'attachment' or not request.APP.browser)
loc = file.get_mirror(addon, attachment=attachment)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def feed(request, addon_id=None):
if request.GET.get('privaterss'):
return feeds.ActivityFeedRSS()(request)
addon_selected = None
if not request.user.is_authenticated():
url = reverse('users.login')
p = urlquote(request.get_full_path())
return http.HttpResponseRedirect('%s?to=%s' % (url, p))
else:
addons_all = request.amo_user.addons.all()
if addon_id:
addon = get_object_or_404(Addon.objects.id_or_slug(addon_id))
addons = addon # common query set
try:
key = RssKey.objects.get(addon=addons)
except RssKey.DoesNotExist:
key = RssKey.objects.create(addon=addons)
addon_selected = addon.id
rssurl = urlparams(reverse('devhub.feed', args=[addon_id]),
privaterss=key.key)
if not acl.check_addon_ownership(request, addons, viewer=True,
ignore_disabled=True):
return http.HttpResponseForbidden()
else:
rssurl = _get_rss_feed(request)
addon = None
addons = addons_all
action = request.GET.get('action')
items = _get_items(action, addons)
activities = _get_activities(request, action)
addon_items = _get_addons(request, addons_all, addon_selected, action)
pager = amo.utils.paginate(request, items, 20)
data = dict(addons=addon_items, pager=pager, activities=activities,
rss=rssurl, addon=addon)
return jingo.render(request, 'devhub/addons/activity.html', data)
def review_list(request, addon, review_id=None, user_id=None, rating=None):
qs = Rating.objects.valid().filter(addon=addon).order_by('-created')
ctx = {'product': addon, 'score': rating, 'review_perms': {}}
# If we want to filter by only positive or only negative.
score = {'positive': 1, 'negative': -1}.get(rating)
if score:
qs = qs.filter(score=score)
if review_id is not None:
qs = qs.filter(pk=review_id)
ctx['page'] = 'detail'
# If this is a dev reply, find the first msg for context.
review = get_object_or_404(Rating, pk=review_id)
if review.reply_to_id:
review_id = review.reply_to_id
ctx['reply'] = review
elif user_id is not None:
qs = qs.filter(user=user_id)
ctx['page'] = 'user'
if not qs:
raise http.Http404()
else:
ctx['page'] = 'list'
qs = qs.filter(is_latest=True)
ctx['ratings'] = ratings = amo.utils.paginate(request, qs)
ctx['replies'] = Rating.get_replies(ratings.object_list)
ctx['review_history'] = [[2, 12], [50, 2], [3, 0], [4, 1]]
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin':
acl.action_allowed(request, 'Addons', 'Edit'),
'is_editor':
acl.check_reviewer(request),
'is_author':
acl.check_addon_ownership(request,
addon,
viewer=True,
dev=True,
support=True),
}
ctx['flags'] = get_flags(request, ratings.object_list)
return jingo.render(request, 'ratings/listing.html', ctx)
def wrapper(*args, **kw):
request = args[1]
addon_id = kw['addon_id']
try:
addon = Addon.objects.id_or_slug(addon_id).get()
except:
return rc.NOT_HERE
if not acl.check_addon_ownership(request, addon, viewer=True):
return rc.FORBIDDEN
if 'version_id' in kw:
try:
version = Version.objects.get(addon=addon, pk=kw['version_id'])
except Version.DoesNotExist:
return rc.NOT_HERE
return f(*args, addon=addon, version=version)
else:
return f(*args, addon=addon)
def allowed(request, file):
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if addon.is_listed:
if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES)
or acl.check_addons_reviewer(request)
or acl.check_addon_ownership(
request, addon, viewer=True, dev=True)):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def review_list(request, addon, review_id=None, user_id=None, template=None):
q = (Review.objects.valid().filter(addon=addon).order_by('-created'))
ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)}
ctx['form'] = forms.ReviewForm(None)
if review_id is not None:
ctx['page'] = 'detail'
# If this is a dev reply, find the first msg for context.
review = get_object_or_404(Review.objects.all(), pk=review_id)
if review.reply_to_id:
review_id = review.reply_to_id
ctx['reply'] = review
q = q.filter(pk=review_id)
elif user_id is not None:
ctx['page'] = 'user'
q = q.filter(user=user_id)
if not q:
raise http.Http404()
else:
ctx['page'] = 'list'
q = q.filter(is_latest=True)
ctx['reviews'] = reviews = amo.utils.paginate(request, q)
ctx['replies'] = Review.get_replies(reviews.object_list)
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin':
acl.action_allowed(request, 'Addons', 'Edit'),
'is_editor':
acl.check_reviewer(request),
'is_author':
acl.check_addon_ownership(request,
addon,
viewer=True,
dev=True,
support=True),
}
ctx['flags'] = get_flags(request, reviews.object_list)
else:
ctx['review_perms'] = {}
return jingo.render(request, template, ctx)
def review_list(request, addon, review_id=None, user_id=None, rating=None):
qs = Review.objects.valid().filter(addon=addon).order_by('-created')
ctx = {'product': addon, 'score': rating, 'review_perms': {}}
if review_id is not None:
qs = qs.filter(pk=review_id)
ctx['page'] = 'detail'
# If this is a dev reply, find the first msg for context.
review = get_object_or_404(Review, pk=review_id)
if review.reply_to_id:
review_id = review.reply_to_id
ctx['reply'] = review
elif user_id is not None:
qs = qs.filter(user=user_id)
ctx['page'] = 'user'
if not qs:
raise http.Http404()
else:
ctx['page'] = 'list'
qs = qs.filter(is_latest=True)
ctx['ratings'] = ratings = amo.utils.paginate(request, qs, 20)
if not ctx.get('reply'):
ctx['replies'] = Review.get_replies(ratings.object_list)
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin':
acl.action_allowed(request, 'Addons', 'Edit'),
'is_editor':
acl.check_reviewer(request),
'is_author':
acl.check_addon_ownership(request,
addon,
viewer=True,
dev=True,
support=True),
}
ctx['flags'] = get_flags(request, ratings.object_list)
ctx['has_review'] = addon.reviews.filter(user=request.user.id).exists()
return jingo.render(request, 'ratings/listing.html', ctx)
