Exemplo n.º 1
0
def get_object_or_error(model_cls, query_or_pk, request, display_name=None):
    obj = query = None
    select_for_update = check_select_for_update(request)
    if isinstance(query_or_pk, basestring):
        # they passed a 5-char guid as a string
        if issubclass(model_cls, GuidMixin):
            # if it's a subclass of GuidMixin we know it's primary_identifier_name
            query = {'guids___id': query_or_pk}
        else:
            if hasattr(model_cls, 'primary_identifier_name'):
                # primary_identifier_name gives us the natural key for the model
                query = {model_cls.primary_identifier_name: query_or_pk}
            else:
                # fall back to modmcompatiblity's load method since we don't know their PIN
                obj = model_cls.load(query_or_pk,
                                     select_for_update=select_for_update)
    else:
        # they passed a query
        try:
            obj = model_cls.objects.filter(query_or_pk).select_for_update(
            ).get() if select_for_update else model_cls.objects.get(
                query_or_pk)
        except model_cls.DoesNotExist:
            raise NotFound

    if not obj:
        if not query:
            # if we don't have a query or an object throw 404
            raise NotFound
        try:
            # TODO This could be added onto with eager on the queryset and the embedded fields of the api
            if isinstance(query, dict):
                obj = model_cls.objects.get(
                    **query
                ) if not select_for_update else model_cls.objects.filter(
                    **query).select_for_update().get()
            else:
                obj = model_cls.objects.get(
                    query
                ) if not select_for_update else model_cls.objects.filter(
                    query).select_for_update().get()
        except ObjectDoesNotExist:
            raise NotFound

    # For objects that have been disabled (is_active is False), return a 410.
    # The User model is an exception because we still want to allow
    # users who are unconfirmed or unregistered, but not users who have been
    # disabled.
    if model_cls is OSFUser and obj.is_disabled:
        raise UserGone(user=obj)
    elif model_cls is not OSFUser and not getattr(
            obj, 'is_active', True) or getattr(
                obj, 'is_deleted', False) or getattr(obj, 'deleted', False):
        if display_name is None:
            raise Gone
        else:
            raise Gone(
                detail='The requested {name} is no longer available.'.format(
                    name=display_name))
    return obj
Exemplo n.º 2
0
    def get_user(self, check_permissions=True):
        key = self.kwargs[self.user_lookup_url_kwarg]
        # If Contributor is in self.request.parents,
        # then this view is getting called due to an embedded request (contributor embedding user)
        # We prefer to access the user from the contributor object and take advantage
        # of the query cache
        if hasattr(self.request, 'parents') and len(self.request.parents.get(Contributor, {})) == 1:
            # We expect one parent contributor view, so index into the first item
            contrib_id, contrib = self.request.parents[Contributor].items()[0]
            user = contrib.user
            if user.is_disabled:
                raise UserGone(user=user)
            # Make sure that the contributor ID is correct
            if user._id == key:
                if check_permissions:
                    self.check_object_permissions(self.request, user)
                return user

        if self.kwargs.get('is_embedded') is True:
            if key in self.request.parents[OSFUser]:
                return self.request.parents[key]

        current_user = self.request.user

        if key == 'me':
            if isinstance(current_user, AnonymousUser):
                raise NotAuthenticated
            else:
                return self.request.user

        obj = get_object_or_error(OSFUser, key, self.request, 'user')
        if check_permissions:
            # May raise a permission denied
            self.check_object_permissions(self.request, obj)
        return obj
Exemplo n.º 3
0
    def get_user(self, check_permissions=True):
        key = self.kwargs[self.user_lookup_url_kwarg]
        # If Contributor is in self.request.parents,
        # then this view is getting called due to an embedded request (contributor embedding user)
        # We prefer to access the user from the contributor object and take advantage
        # of the query cache
        if hasattr(self.request, 'parents') and len(
                self.request.parents.get(Contributor, {})) == 1:
            # We expect one parent contributor view, so index into the first item
            contrib_id, contrib = list(
                self.request.parents[Contributor].items())[0]
            user = contrib.user
            if user.is_disabled:
                raise UserGone(user=user)
            # Make sure that the contributor ID is correct
            if user._id == key:
                if check_permissions:
                    self.check_object_permissions(self.request, user)
                return get_object_or_error(
                    OSFUser.objects.filter(id=user.id).
                    annotate(default_region=F(
                        'addons_osfstorage_user_settings__default_region___id')
                             ).exclude(default_region=None),
                    request=self.request,
                    display_name='user',
                )

        if self.kwargs.get('is_embedded') is True:
            if key in self.request.parents[OSFUser]:
                return self.request.parents[OSFUser].get(key)

        current_user = self.request.user

        if isinstance(current_user, AnonymousUser):
            if key == 'me':
                raise NotAuthenticated

        elif key == 'me' or key == current_user._id:
            return get_object_or_error(
                OSFUser.objects.filter(id=current_user.id).annotate(
                    default_region=F(
                        'addons_osfstorage_user_settings__default_region___id')
                ).exclude(default_region=None),
                request=self.request,
                display_name='user',
            )

        obj = get_object_or_error(OSFUser, key, self.request, 'user')

        if check_permissions:
            # May raise a permission denied
            self.check_object_permissions(self.request, obj)
        return obj