def needs_tougher_password(user):
if user.source in amo.LOGIN_SOURCE_BROWSERIDS:
return False
from access import acl
return (acl.action_allowed_user(user, 'Admin', '%')
or acl.action_allowed_user(user, 'Addons', 'Edit')
or acl.action_allowed_user(user, 'Addons', 'Review')
or acl.action_allowed_user(user, 'Apps', 'Review')
or acl.action_allowed_user(user, 'Users', 'Edit'))
def needs_tougher_password(user):
if user.source in amo.LOGIN_SOURCE_BROWSERIDS:
return False
from access import acl
return (acl.action_allowed_user(user, 'Admin', '%') or
acl.action_allowed_user(user, 'Addons', 'Edit') or
acl.action_allowed_user(user, 'Addons', 'Review') or
acl.action_allowed_user(user, 'Apps', 'Review') or
acl.action_allowed_user(user, 'Users', 'Edit'))
def clean_password(self, field='password'):
data = self.cleaned_data[field]
if not data:
return data
if (hasattr(self, 'instance') and self.instance.pk and
(action_allowed_user(self.instance, 'Editors', '%')
or action_allowed_user(self.instance, 'Admin', '%'))):
if not admin_re.search(data):
raise forms.ValidationError(_('Letters and numbers required.'))
if BlacklistedPassword.blocked(data):
raise forms.ValidationError(_('That password is not allowed.'))
return data
def check_acls(user, obj, acl_type):
"""Check ACLs."""
if acl_type == 'moz_contact':
try:
return user.email in obj.addon.get_mozilla_contacts()
except AttributeError:
return user.email in obj.thread.addon.get_mozilla_contacts()
if acl_type == 'admin':
return acl.action_allowed_user(user, 'Admin', '%')
elif acl_type == 'reviewer':
return acl.action_allowed_user(user, 'Apps', 'Review')
elif acl_type == 'senior_reviewer':
return acl.action_allowed_user(user, 'Apps', 'ReviewEscalated')
else:
raise Exception('Invalid ACL lookup.')
return False
def create_receipt(webapp, user, uuid, flavour=None, contrib=None):
"""
Creates a receipt for use in payments.
:params app: the app record.
:params user: the UserProfile record.
:params uuid: a uuid placed in the user field for this purchase.
:params flavour: None, developer, inapp, or reviewer - the flavour
of receipt.
:param: contrib: the Contribution object for the purchase.
"""
# Unflavo(u)red receipts are for plain ol' vanilla app purchases.
assert flavour in (None, 'developer', 'inapp', 'reviewer'), (
'Invalid flavour: %s' % flavour)
time_ = calendar.timegm(time.gmtime())
typ = 'purchase-receipt'
storedata = {'id': int(webapp.pk)}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
verify = static_url('WEBAPPS_RECEIPT_URL')
if flavour == 'inapp':
if not contrib:
raise ValueError(
'a contribution object is required for in-app receipts')
if not contrib.inapp_product:
raise ValueError(
'contribution {c} does not link to an in-app product'
.format(c=contrib))
storedata['contrib'] = int(contrib.pk)
elif flavour in ('developer', 'reviewer'):
if not (acl.action_allowed_user(user, 'Apps', 'Review') or
webapp.has_author(user)):
raise ValueError('User %s is not a reviewer or developer' %
user.pk)
# Developer and reviewer receipts should expire after 24 hours.
expiry = time_ + (60 * 60 * 24)
typ = flavour + '-receipt'
verify = absolutify(reverse('receipt.verify', args=[webapp.guid]))
product = {'storedata': urlencode(storedata),
# Packaged and hosted apps should have an origin. If there
# isn't one, fallback to the SITE_URL.
'url': webapp.origin or settings.SITE_URL}
reissue = absolutify(reverse('receipt.reissue'))
receipt = dict(exp=expiry, iat=time_,
iss=settings.SITE_URL, nbf=time_, product=product,
# TODO: This is temporary until detail pages get added.
# TODO: bug 1020997, bug 1020999
detail=absolutify(reissue), # Currently this is a 404.
reissue=absolutify(reissue),
typ=typ,
user={'type': 'directed-identifier',
'value': uuid},
verify=verify)
return sign(receipt)
def check_acls(self, acl_type):
"""Check ACLs."""
user = self.user_profile
obj = self.thread_obj
if acl_type == 'moz_contact':
return user.email in obj.addon.get_mozilla_contacts()
elif acl_type == 'admin':
return acl.action_allowed_user(user, 'Admin', '%')
elif acl_type == 'reviewer':
return acl.action_allowed_user(user, 'Apps', 'Review')
elif acl_type == 'senior_reviewer':
return acl.action_allowed_user(user, 'Apps', 'ReviewEscalated')
else:
raise 'Invalid ACL lookup.'
return False
def check_acls(user, obj, acl_type):
"""Check ACLs."""
if acl_type == "moz_contact":
try:
return user.email in obj.addon.get_mozilla_contacts()
except AttributeError:
return user.email in obj.thread.addon.get_mozilla_contacts()
if acl_type == "admin":
return acl.action_allowed_user(user, "Admin", "%")
elif acl_type == "reviewer":
return acl.action_allowed_user(user, "Apps", "Review")
elif acl_type == "senior_reviewer":
return acl.action_allowed_user(user, "Apps", "ReviewEscalated")
else:
raise Exception("Invalid ACL lookup.")
return False
def issue(request, addon):
user = request.amo_user
review = acl.action_allowed_user(user, 'Apps', 'Review') if user else None
developer = addon.has_author(user)
if not (review or developer):
raise PermissionDenied
install, flavour = ((apps.INSTALL_TYPE_REVIEWER, 'reviewer') if review else
(apps.INSTALL_TYPE_DEVELOPER, 'developer'))
installed, c = Installed.objects.safer_get_or_create(addon=addon,
user=request.amo_user,
install_type=install)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt signing for %s' % flavour)
receipt = None
try:
receipt = create_receipt(addon,
user,
get_uuid(addon, user),
flavour=flavour)
except SigningError:
error = _('There was a problem installing the app.')
return {'addon': addon.pk, 'receipt': receipt, 'error': error}
def check_acls(self, acl_type):
"""Check ACLs."""
user = self.user_profile
obj = self.thread_obj
if acl_type == 'moz_contact':
return user.email in obj.addon.get_mozilla_contacts()
elif acl_type == 'admin':
return acl.action_allowed_user(user, 'Admin', '%')
elif acl_type == 'reviewer':
return acl.action_allowed_user(user, 'Apps', 'Review')
elif acl_type == 'senior_reviewer':
return acl.action_allowed_user(user, 'Apps', 'ReviewEscalated')
else:
raise 'Invalid ACL lookup.'
return False
def verify(request, uuid):
# Because this will be called at any point in the future,
# use guid in the URL.
addon = get_object_or_404(Addon, guid=uuid)
receipt = request.read()
verify = Verify(receipt, request)
output = verify(check_purchase=False)
# Ensure CORS headers are set.
def response(data):
response = http.HttpResponse(data)
for header, value in get_headers(len(output)):
response[header] = value
return response
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, 'Apps', 'Review')
or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return response(output)
return response(verify.invalid())
def create_receipt(webapp, user, uuid, flavour=None):
"""
Creates a receipt for use in payments.
:params app: the app record.
:params user: the UserProfile record.
:params uuid: a uuid placed in the user field for this purchase.
:params flavour: None, developer or reviewer, the flavour of receipt.
"""
assert flavour in [None, 'developer',
'reviewer'], ('Invalid flavour: %s' % flavour)
time_ = calendar.timegm(time.gmtime())
typ = 'purchase-receipt'
product = {
'storedata': urlencode({'id': int(webapp.pk)}),
# Packaged and hosted apps should have an origin. If there
# isn't one, fallback to the SITE_URL.
'url': webapp.origin or settings.SITE_URL
}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
if flavour:
if not (acl.action_allowed_user(user, 'Apps', 'Review')
or webapp.has_author(user)):
raise ValueError('User %s is not a reviewer or developer' %
user.pk)
# Developer and reviewer receipts should expire after 24 hours.
expiry = time_ + (60 * 60 * 24)
typ = flavour + '-receipt'
verify = absolutify(reverse('receipt.verify', args=[webapp.guid]))
else:
verify = settings.WEBAPPS_RECEIPT_URL
reissue = absolutify(reverse('receipt.reissue'))
receipt = dict(
exp=expiry,
iat=time_,
iss=settings.SITE_URL,
nbf=time_,
product=product,
# TODO: This is temporary until detail pages get added.
detail=absolutify(reissue), # Currently this is a 404.
reissue=absolutify(reissue),
typ=typ,
user={
'type': 'directed-identifier',
'value': uuid
},
verify=verify)
return sign(receipt)
def create_receipt(installed, flavour=None):
assert flavour in [None, 'developer',
'reviewer'], ('Invalid flavour: %s' % flavour)
webapp = installed.addon
time_ = calendar.timegm(time.gmtime())
typ = 'purchase-receipt'
product = {
'storedata': urlencode({'id': int(webapp.pk)}),
# Packaged and hosted apps should have an origin. If there
# isn't one, fallback to the SITE_URL.
'url': webapp.origin or settings.SITE_URL
}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
if flavour:
if not (acl.action_allowed_user(installed.user, 'Apps', 'Review')
or webapp.has_author(installed.user)):
raise ValueError('User %s is not a reviewer or developer' %
installed.user.pk)
# Developer and reviewer receipts should expire after 24 hours.
expiry = time_ + (60 * 60 * 24)
typ = flavour + '-receipt'
verify = absolutify(reverse('receipt.verify', args=[webapp.guid]))
else:
verify = settings.WEBAPPS_RECEIPT_URL
reissue = absolutify(reverse('receipt.reissue'))
receipt = dict(
exp=expiry,
iat=time_,
iss=settings.SITE_URL,
nbf=time_,
product=product,
# TODO: This is temporary until detail pages get added.
detail=absolutify(reissue), # Currently this is a 404.
reissue=absolutify(reissue), # Currently this is a 404.
typ=typ,
user={
'type': 'directed-identifier',
'value': installed.uuid
},
verify=verify)
if settings.SIGNING_SERVER_ACTIVE:
# The shiny new code.
return sign(receipt)
else:
# Our old bad code.
return jwt.encode(receipt, get_key(), u'RS512')
def needs_tougher_password(user):
from access import acl
return (acl.action_allowed_user(user, 'Admin', '%') or
acl.action_allowed_user(user, 'Addons', 'Edit') or
acl.action_allowed_user(user, 'Addons', 'Review') or
acl.action_allowed_user(user, 'Apps', 'Review') or
acl.action_allowed_user(user, 'Personas', 'Review') or
acl.action_allowed_user(user, 'Users', 'Edit'))
def create_receipt(installed_pk, flavour=None):
assert flavour in [None, 'developer',
'reviewer'], ('Invalid flavour: %s' % flavour)
installed = Installed.objects.get(pk=installed_pk)
webapp = installed.addon
origin = (settings.SITE_URL if webapp.is_packaged else webapp.origin)
time_ = calendar.timegm(time.gmtime())
product = {'url': origin, 'storedata': urlencode({'id': int(webapp.pk)})}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
if flavour:
if not (acl.action_allowed_user(installed.user, 'Apps', 'Review')
or webapp.has_author(installed.user)):
raise ValueError('User %s is not a reviewer or developer' %
installed.user.pk)
if flavour == 'reviewer':
expiry = time_ + (60 * 60 * 24)
product['type'] = flavour
verify = absolutify(reverse('receipt.verify', args=[webapp.app_slug]))
else:
verify = settings.WEBAPPS_RECEIPT_URL
detail = reverse('account.purchases.receipt', args=[webapp.pk])
reissue = webapp.get_purchase_url('reissue')
receipt = dict(detail=absolutify(detail),
exp=expiry,
iat=time_,
iss=settings.SITE_URL,
nbf=time_,
product=product,
reissue=absolutify(reissue),
typ='purchase-receipt',
user={
'type': 'directed-identifier',
'value': installed.uuid
},
verify=verify)
if settings.SIGNING_SERVER_ACTIVE:
# The shiny new code.
return sign(receipt)
else:
# Our old bad code.
return jwt.encode(receipt, get_key(), u'RS512')
def needs_tougher_password(user):
from access import acl
return (
acl.action_allowed_user(user, "Admin", "%")
or acl.action_allowed_user(user, "Addons", "Edit")
or acl.action_allowed_user(user, "Addons", "Review")
or acl.action_allowed_user(user, "Apps", "Review")
or acl.action_allowed_user(user, "Personas", "Review")
or acl.action_allowed_user(user, "Users", "Edit")
)
def issue(request, addon):
user = request.amo_user
review = acl.action_allowed_user(user, "Apps", "Review") if user else None
developer = addon.has_author(user)
if not (review or developer):
raise PermissionDenied
installed, c = Installed.objects.safer_get_or_create(addon=addon, user=request.amo_user)
error = ""
flavour = "reviewer" if review else "developer"
receipt_cef.log(request, addon, "sign", "Receipt signing for %s" % flavour)
try:
receipt = create_receipt(installed.pk, flavour=flavour)
except SigningError:
error = _("There was a problem installing the app.")
return {"addon": addon.pk, "receipt": receipt, "error": error}
def create_receipt(webapp, user, uuid, flavour=None):
"""
Creates a receipt for use in payments.
:params app: the app record.
:params user: the UserProfile record.
:params uuid: a uuid placed in the user field for this purchase.
:params flavour: None, developer or reviewer, the flavour of receipt.
"""
assert flavour in [None, 'developer', 'reviewer'], (
'Invalid flavour: %s' % flavour)
time_ = calendar.timegm(time.gmtime())
typ = 'purchase-receipt'
product = {'storedata': urlencode({'id': int(webapp.pk)}),
# Packaged and hosted apps should have an origin. If there
# isn't one, fallback to the SITE_URL.
'url': webapp.origin or settings.SITE_URL}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
if flavour:
if not (acl.action_allowed_user(user, 'Apps', 'Review') or
webapp.has_author(user)):
raise ValueError('User %s is not a reviewer or developer' %
user.pk)
# Developer and reviewer receipts should expire after 24 hours.
expiry = time_ + (60 * 60 * 24)
typ = flavour + '-receipt'
verify = absolutify(reverse('receipt.verify', args=[webapp.guid]))
else:
verify = settings.WEBAPPS_RECEIPT_URL
reissue = absolutify(reverse('receipt.reissue'))
receipt = dict(exp=expiry, iat=time_,
iss=settings.SITE_URL, nbf=time_, product=product,
# TODO: This is temporary until detail pages get added.
detail=absolutify(reissue), # Currently this is a 404.
reissue=absolutify(reissue),
typ=typ,
user={'type': 'directed-identifier',
'value': uuid},
verify=verify)
return sign(receipt)
def create_receipt(installed, flavour=None):
assert flavour in [None, 'developer', 'reviewer'], (
'Invalid flavour: %s' % flavour)
webapp = installed.addon
time_ = calendar.timegm(time.gmtime())
typ = 'purchase-receipt'
product = {'storedata': urlencode({'id': int(webapp.pk)}),
# Packaged and hosted apps should have an origin. If there
# isn't one, fallback to the SITE_URL.
'url': webapp.origin or settings.SITE_URL}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
if flavour:
if not (acl.action_allowed_user(installed.user, 'Apps', 'Review') or
webapp.has_author(installed.user)):
raise ValueError('User %s is not a reviewer or developer' %
installed.user.pk)
# Developer and reviewer receipts should expire after 24 hours.
expiry = time_ + (60 * 60 * 24)
typ = flavour + '-receipt'
verify = absolutify(reverse('receipt.verify', args=[webapp.guid]))
else:
verify = settings.WEBAPPS_RECEIPT_URL
reissue = absolutify(reverse('receipt.reissue'))
receipt = dict(exp=expiry, iat=time_,
iss=settings.SITE_URL, nbf=time_, product=product,
# TODO: This is temporary until detail pages get added.
detail=absolutify(reissue), # Currently this is a 404.
reissue=absolutify(reissue), # Currently this is a 404.
typ=typ,
user={'type': 'directed-identifier',
'value': installed.uuid},
verify=verify)
if settings.SIGNING_SERVER_ACTIVE:
# The shiny new code.
return sign(receipt)
else:
# Our old bad code.
return jwt.encode(receipt, get_key(), u'RS512')
def issue(request, addon):
user = request.amo_user
review = acl.action_allowed_user(user, 'Apps', 'Review') if user else None
developer = addon.has_author(user)
if not (review or developer):
return http.HttpResponseForbidden()
installed, c = Installed.objects.safer_get_or_create(addon=addon,
user=request.amo_user)
error = ''
flavour = 'reviewer' if review else 'developer'
receipt_cef.log(request, addon, 'sign', 'Receipt signing for %s' % flavour)
try:
receipt = create_receipt(installed.pk, flavour=flavour)
except SigningError:
error = _('There was a problem installing the app.')
return {'addon': addon.pk, 'receipt': receipt, 'error': error}
def issue(request, addon):
user = request.amo_user
review = acl.action_allowed_user(user, 'Apps', 'Review') if user else None
author = addon.has_author(user)
if not user or not (review or author):
return http.HttpResponseForbidden()
installed, c = Installed.objects.safer_get_or_create(addon=addon,
user=request.amo_user)
error = ''
flavour = 'reviewer' if review else 'developer'
receipt_cef.log(request, addon, 'sign', 'Receipt signing for %s' % flavour)
try:
receipt = create_receipt(installed.pk, flavour=flavour)
except SigningError:
error = _('There was a problem installing the app.')
return {'addon': addon.pk, 'receipt': receipt, 'error': error}
def needs_tougher_password(user):
if user.source in amo.LOGIN_SOURCE_BROWSERIDS:
return False
from access import acl
return (
acl.action_allowed_user(user, "Admin", "%")
or acl.action_allowed_user(user, "Addons", "Edit")
or acl.action_allowed_user(user, "Addons", "Review")
or acl.action_allowed_user(user, "Apps", "Review")
or acl.action_allowed_user(user, "Personas", "Review")
or acl.action_allowed_user(user, "Users", "Edit")
)
def verify(request, addon):
receipt = request.read()
verify = Verify(receipt, request)
output = verify(check_purchase=False)
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, "Apps", "Review") or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return http.HttpResponse(output, verify.get_headers(len(output)))
return http.HttpResponse(verify.invalid(), verify.get_headers(verify.invalid()))
def create_receipt(installed_pk, flavour=None):
assert flavour in [None, 'developer', 'reviewer'], (
'Invalid flavour: %s' % flavour)
installed = Installed.objects.get(pk=installed_pk)
webapp = installed.addon
origin = (settings.SITE_URL if webapp.is_packaged else webapp.origin)
time_ = calendar.timegm(time.gmtime())
typ = 'purchase-receipt'
product = {'url': origin, 'storedata': urlencode({'id': int(webapp.pk)})}
# Generate different receipts for reviewers or developers.
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
if flavour:
if not (acl.action_allowed_user(installed.user, 'Apps', 'Review') or
webapp.has_author(installed.user)):
raise ValueError('User %s is not a reviewer or developer' %
installed.user.pk)
# Developer and reviewer receipts should expire after 24 hours.
expiry = time_ + (60 * 60 * 24)
typ = flavour + '-receipt'
verify = absolutify(reverse('receipt.verify', args=[webapp.guid]))
else:
verify = settings.WEBAPPS_RECEIPT_URL
detail = reverse('account.purchases.receipt', args=[webapp.pk])
reissue = webapp.get_purchase_url('reissue')
receipt = dict(detail=absolutify(detail), exp=expiry, iat=time_,
iss=settings.SITE_URL, nbf=time_, product=product,
reissue=absolutify(reissue), typ=typ,
user={'type': 'directed-identifier',
'value': installed.uuid},
verify=verify)
if settings.SIGNING_SERVER_ACTIVE:
# The shiny new code.
return sign(receipt)
else:
# Our old bad code.
return jwt.encode(receipt, get_key(), u'RS512')
def issue(request, addon):
user = request.amo_user
review = acl.action_allowed_user(user, 'Apps', 'Review') if user else None
developer = addon.has_author(user)
if not (review or developer):
raise PermissionDenied
install, flavour = ((apps.INSTALL_TYPE_REVIEWER, 'reviewer') if review
else (apps.INSTALL_TYPE_DEVELOPER, 'developer'))
installed, c = Installed.objects.safer_get_or_create(addon=addon,
user=request.amo_user, install_type=install)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt signing for %s' % flavour)
receipt = None
try:
receipt = create_receipt(installed.pk, flavour=flavour)
except SigningError:
error = _('There was a problem installing the app.')
return {'addon': addon.pk, 'receipt': receipt, 'error': error}
def verify(request, addon):
receipt = request.raw_post_data
verify = Verify(addon.pk, receipt, request)
output = verify(check_purchase=False)
# Only reviewers or the authors can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, 'Apps', 'Review')
or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return http.HttpResponse(output, verify.get_headers(len(output)))
return http.HttpResponse(verify.invalid(),
verify.get_headers(verify.invalid()))
def create_receipt(installed_pk, flavour=None):
assert flavour in [None, 'author', 'reviewer'], (
'Invalid flavour: %s' % flavour)
installed = Installed.objects.get(pk=installed_pk)
addon_pk = installed.addon.pk
time_ = calendar.timegm(time.gmtime())
product = {'url': installed.addon.origin,
'storedata': urlencode({'id': int(addon_pk)})}
# Generate different receipts for reviewers or authors.
if flavour in ['author', 'reviewer']:
if not (acl.action_allowed_user(installed.user, 'Apps', 'Review') or
installed.addon.has_author(installed.user)):
raise ValueError('User %s is not a reviewer or author' %
installed.user.pk)
expiry = time_ + (60 * 60 * 24)
product['type'] = flavour
verify = absolutify(reverse('reviewers.receipt.verify',
args=[installed.addon.app_slug]))
else:
expiry = time_ + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS
verify = '%s%s' % (settings.WEBAPPS_RECEIPT_URL, addon_pk)
detail = reverse('account.purchases.receipt', args=[addon_pk])
reissue = installed.addon.get_purchase_url('reissue')
receipt = dict(detail=absolutify(detail), exp=expiry, iat=time_,
iss=settings.SITE_URL, nbf=time_, product=product,
reissue=absolutify(reissue), typ='purchase-receipt',
user={'type': 'directed-identifier',
'value': installed.uuid},
verify=absolutify(verify))
if settings.SIGNING_SERVER_ACTIVE:
# The shiny new code.
return sign(receipt)
else:
# Our old bad code.
return jwt.encode(receipt, get_key(), u'RS512')
def verify(request, uuid):
# Because this will be called at any point in the future,
# use guid in the URL.
addon = get_object_or_404(Addon, guid=uuid)
receipt = request.read()
verify = Verify(receipt, request)
output = verify(check_purchase=False)
# Only reviewers or the developers can use this which is different
# from the standard receipt verification. The user is contained in the
# receipt.
if verify.user_id:
try:
user = UserProfile.objects.get(pk=verify.user_id)
except UserProfile.DoesNotExist:
user = None
if user and (acl.action_allowed_user(user, 'Apps', 'Review')
or addon.has_author(user)):
amo.log(amo.LOG.RECEIPT_CHECKED, addon, user=user)
return response(output)
return response(verify.invalid())
def inner(view, request, guid=None, **kwargs):
try:
addon = Addon.unfiltered.get(guid=guid)
except Addon.DoesNotExist:
if allow_missing:
addon = None
else:
return Response({'error': _('Could not find add-on with '
'id "{}".').format(guid)},
status=status.HTTP_404_NOT_FOUND)
# Call the view if there is no add-on, the current user is an
# auther of the add-on or the current user is an admin and the
# request is a GET.
if addon is None or (
addon.has_author(request.user)
or (request.method == 'GET'
and acl.action_allowed_user(request.user, 'Addons',
'Edit'))):
return fn(view, request, addon=addon, **kwargs)
else:
return Response(
{'error': _('You do not own this addon.')},
status=status.HTTP_403_FORBIDDEN)
def is_staff(self):
from access import acl
return acl.action_allowed_user(self, 'Admin', '%')
def is_staff(self):
from access import acl
return acl.action_allowed_user(self, "Admin", "%")
def needs_tougher_password(user):
from access.acl import action_allowed_user
return (action_allowed_user(user, 'Editors', '%')
or action_allowed_user(user, 'Admin', '%'))
def is_staff(self):
from access import acl
return acl.action_allowed_user(self, 'Admin', '%')
def needs_tougher_password(user):
from access.acl import action_allowed_user
return action_allowed_user(user, "Editors", "%") or action_allowed_user(user, "Admin", "%")
def needs_tougher_password(user):
from access.acl import action_allowed_user
return (action_allowed_user(user, 'Editors', '%')
or action_allowed_user(user, 'Admin', '%'))
