def setup_viewer(request, file_obj):
data = {
'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''
}
if (acl.check_addons_reviewer(request) or acl.check_addon_ownership(
request, file_obj.version.addon, viewer=True,
ignore_disabled=True)):
data['validate_url'] = reverse(
'devhub.json_file_validation',
args=[file_obj.version.addon.slug, file_obj.id])
if acl.check_addons_reviewer(request):
data['file_link'] = {
'text': _('Back to review'),
'url': reverse('editors.review', args=[data['addon'].slug])
}
else:
data['file_link'] = {
'text': _('Back to addon'),
'url': reverse('addons.detail', args=[data['addon'].pk])
}
return data
def setup_viewer(request, file_obj):
data = {'file': file_obj,
'version': file_obj.version,
'addon': file_obj.version.addon,
'status': False,
'selected': {},
'validate_url': ''}
if (acl.check_addons_reviewer(request) or
acl.check_addon_ownership(request, file_obj.version.addon,
viewer=True, ignore_disabled=True)):
addon = file_obj.version.addon
data['validate_url'] = reverse('devhub.json_file_validation',
args=[addon.slug, file_obj.id])
if acl.check_addons_reviewer(request):
data['annotate_url'] = reverse('devhub.annotate_file_validation',
args=[addon.slug, file_obj.id])
data['automated_signing'] = file_obj.automated_signing
if file_obj.has_been_validated:
data['validation_data'] = file_obj.validation.processed_validation
if acl.check_addons_reviewer(request):
data['file_link'] = {'text': _('Back to review'),
'url': reverse('editors.review',
args=[data['addon'].slug])}
else:
data['file_link'] = {'text': _('Back to addon'),
'url': reverse('addons.detail',
args=[data['addon'].pk])}
return data
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
# General case: addon is listed.
if addon.is_listed:
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(
request, addon, viewer=True, ignore_disabled=True)
or acl.check_addons_reviewer(request)):
return HttpResponseSendFile(
request,
file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, addon):
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
# General case: addon is listed.
if addon.is_listed:
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True) or
acl.check_addons_reviewer(request)):
return HttpResponseSendFile(
request, file.guarded_file_path,
content_type='application/xp-install')
else:
raise http.Http404()
else:
if not owner_or_unlisted_reviewer(request, addon):
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.with_unlisted, pk=file.version.addon_id)
if addon.is_disabled or file.status == amo.STATUS_DISABLED:
if (acl.check_addon_ownership(request, addon, viewer=True,
ignore_disabled=True) or
acl.check_addons_reviewer(request)):
return HttpResponseSendFile(request, file.guarded_file_path,
content_type='application/x-xpinstall')
log.info(u'download file {file_id}: addon/file disabled or user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404()
if not (addon.is_listed or owner_or_unlisted_reviewer(request, addon)):
log.info(u'download file {file_id}: addon is unlisted but user '
u'{user_id} is not an owner'.format(file_id=file_id,
user_id=request.user.pk))
raise http.Http404 # Not listed, not owner or admin.
attachment = (type == 'attachment' or not request.APP.browser)
loc = urlparams(file.get_mirror(addon, attachment=attachment),
filehash=file.hash)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def allowed(request, file):
allowed = acl.check_addons_reviewer(request)
if not allowed:
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
if addon.view_source and addon.status in amo.REVIEWED_STATUSES:
allowed = True
else:
allowed = acl.check_addon_ownership(request, addon, viewer=True,
dev=True)
if not allowed:
raise PermissionDenied
return True
def allowed(request, file):
allowed = acl.check_addons_reviewer(request)
if not allowed:
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
if addon.view_source and addon.status in amo.REVIEWED_STATUSES:
allowed = True
else:
allowed = acl.check_addon_ownership(request,
addon,
viewer=True,
dev=True)
if not allowed:
raise PermissionDenied
return True
def allowed(request, file):
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if addon.is_listed:
if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES) or
acl.check_addons_reviewer(request) or
acl.check_addon_ownership(request, addon, viewer=True,
dev=True)):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def allowed(request, file):
try:
addon = file.version.addon
except ObjectDoesNotExist:
raise http.Http404
# General case: addon is listed.
if addon.is_listed:
if ((addon.view_source and addon.status in amo.REVIEWED_STATUSES)
or acl.check_addons_reviewer(request)
or acl.check_addon_ownership(
request, addon, viewer=True, dev=True)):
return True # Public and sources are visible, or reviewer.
raise PermissionDenied # Listed but not allowed.
# Not listed? Needs an owner or an "unlisted" admin.
else:
if owner_or_unlisted_reviewer(request, addon):
return True
raise http.Http404 # Not listed, not owner or admin.
def wrapper(request, *args, **kw):
if _view_on_get(request) or acl.check_addons_reviewer(request):
return f(request, *args, **kw)
raise PermissionDenied
def wrapper(request, *args, **kw):
if _view_on_get(request) or acl.check_addons_reviewer(request):
return f(request, *args, **kw)
raise PermissionDenied
def global_settings(request):
"""
Storing standard AMO-wide information used in global headers, such as
account links and settings.
"""
account_links = []
tools_links = []
context = {}
tools_title = _('Tools')
is_reviewer = False
if request.user.is_authenticated():
amo_user = request.amo_user
profile = request.user
is_reviewer = (acl.check_addons_reviewer(request)
or acl.check_personas_reviewer(request))
account_links.append({
'text': _('My Profile'),
'href': profile.get_url_path()
})
if amo_user.is_artist:
account_links.append({
'text': _('My Themes'),
'href': profile.get_user_url('themes')
})
account_links.append({
'text': _('Account Settings'),
'href': reverse('users.edit')
})
account_links.append({
'text':
_('My Collections'),
'href':
reverse('collections.user', args=[amo_user.username])
})
if amo_user.favorite_addons:
account_links.append({
'text':
_('My Favorites'),
'href':
reverse('collections.detail',
args=[amo_user.username, 'favorites'])
})
account_links.append({
'text':
_('Log out'),
'href':
remora_url('/users/logout?to=' + urlquote(request.path)),
})
if request.amo_user.is_developer:
tools_links.append({
'text': _('Manage My Submissions'),
'href': reverse('devhub.addons')
})
tools_links += [
{
'text': _('Submit a New Add-on'),
'href': reverse('devhub.submit.1')
},
{
'text': _('Submit a New Theme'),
'href': reverse('devhub.themes.submit')
},
{
'text': _('Developer Hub'),
'href': reverse('devhub.index')
},
]
if is_reviewer:
tools_links.append({
'text': _('Editor Tools'),
'href': reverse('editors.home')
})
if acl.action_allowed(request, 'L10nTools', 'View'):
tools_links.append({
'text': _('Localizer Tools'),
'href': '/localizers'
})
if (acl.action_allowed(request, 'Admin', '%')
or acl.action_allowed(request, 'AdminTools', 'View')):
tools_links.append({
'text': _('Admin Tools'),
'href': reverse('zadmin.home')
})
context['amo_user'] = request.amo_user
else:
context['amo_user'] = AnonymousUser()
context.update({
'account_links': account_links,
'settings': settings,
'amo': amo,
'tools_links': tools_links,
'tools_title': tools_title,
'ADMIN_MESSAGE': get_config('site_notice'),
'collect_timings_percent': get_collect_timings(),
'is_reviewer': is_reviewer
})
return context
def global_settings(request):
"""
Storing standard AMO-wide information used in global headers, such as
account links and settings.
"""
account_links = []
tools_links = []
context = {}
tools_title = _('Tools')
is_reviewer = False
if request.user.is_authenticated():
amo_user = request.amo_user
profile = request.user
is_reviewer = (acl.check_addons_reviewer(request) or
acl.check_personas_reviewer(request))
account_links.append({'text': _('My Profile'),
'href': profile.get_url_path()})
if amo_user.is_artist:
account_links.append({'text': _('My Themes'),
'href': profile.get_user_url('themes')})
account_links.append({'text': _('Account Settings'),
'href': reverse('users.edit')})
account_links.append({
'text': _('My Collections'),
'href': reverse('collections.user', args=[amo_user.username])})
if amo_user.favorite_addons:
account_links.append(
{'text': _('My Favorites'),
'href': reverse('collections.detail',
args=[amo_user.username, 'favorites'])})
account_links.append({
'text': _('Log out'),
'href': reverse('users.logout') + '?to=' + urlquote(request.path),
})
if request.amo_user.is_developer:
tools_links.append({'text': _('Manage My Submissions'),
'href': reverse('devhub.addons')})
links = [
{'text': _('Submit a New Add-on'),
'href': reverse('devhub.submit.1')},
{'text': _('Submit a New Theme'),
'href': reverse('devhub.themes.submit')},
{'text': _('Developer Hub'),
'href': reverse('devhub.index')},
]
if waffle.switch_is_active('signing-api'):
links.append({'text': _('Manage API Keys'),
'href': reverse('devhub.api_key')})
tools_links += links
if is_reviewer:
tools_links.append({'text': _('Editor Tools'),
'href': reverse('editors.home')})
if acl.action_allowed(request, 'L10nTools', 'View'):
tools_links.append({'text': _('Localizer Tools'),
'href': '/localizers'})
if (acl.action_allowed(request, 'Admin', '%') or
acl.action_allowed(request, 'AdminTools', 'View')):
tools_links.append({'text': _('Admin Tools'),
'href': reverse('zadmin.home')})
context['amo_user'] = request.amo_user
else:
context['amo_user'] = AnonymousUser()
context.update({'account_links': account_links,
'settings': settings, 'amo': amo,
'tools_links': tools_links,
'tools_title': tools_title,
'ADMIN_MESSAGE': get_config('site_notice'),
'collect_timings_percent': get_collect_timings(),
'is_reviewer': is_reviewer})
return context
def global_settings(request):
"""
Storing standard AMO-wide information used in global headers, such as
account links and settings.
"""
account_links = []
tools_links = []
context = {}
tools_title = _("Tools")
is_reviewer = False
if request.user.is_authenticated():
user = request.user
profile = request.user
is_reviewer = acl.check_addons_reviewer(request) or acl.check_personas_reviewer(request)
account_links.append({"text": _("My Profile"), "href": profile.get_url_path()})
if user.is_artist:
account_links.append({"text": _("My Themes"), "href": profile.get_user_url("themes")})
account_links.append({"text": _("Account Settings"), "href": reverse("users.edit")})
account_links.append({"text": _("My Collections"), "href": reverse("collections.user", args=[user.username])})
if user.favorite_addons:
account_links.append(
{"text": _("My Favorites"), "href": reverse("collections.detail", args=[user.username, "favorites"])}
)
account_links.append({"text": _("Log out"), "href": reverse("users.logout") + "?to=" + urlquote(request.path)})
if request.user.is_developer:
tools_links.append({"text": _("Manage My Submissions"), "href": reverse("devhub.addons")})
links = [
{"text": _("Submit a New Add-on"), "href": reverse("devhub.submit.1")},
{"text": _("Submit a New Theme"), "href": reverse("devhub.themes.submit")},
{"text": _("Developer Hub"), "href": reverse("devhub.index")},
]
if waffle.switch_is_active("signing-api"):
links.append({"text": _("Manage API Keys"), "href": reverse("devhub.api_key")})
tools_links += links
if is_reviewer:
tools_links.append({"text": _("Editor Tools"), "href": reverse("editors.home")})
if acl.action_allowed(request, "L10nTools", "View"):
tools_links.append({"text": _("Localizer Tools"), "href": "/localizers"})
if acl.action_allowed(request, "Admin", "%") or acl.action_allowed(request, "AdminTools", "View"):
tools_links.append({"text": _("Admin Tools"), "href": reverse("zadmin.home")})
context["user"] = request.user
else:
context["user"] = AnonymousUser()
context.update(
{
"account_links": account_links,
"settings": settings,
"amo": amo,
"tools_links": tools_links,
"tools_title": tools_title,
"ADMIN_MESSAGE": get_config("site_notice"),
"is_reviewer": is_reviewer,
}
)
return context
