Пример #1
0
 def check_ownership(self, request, require_owner, require_author,
                     ignore_disabled, admin):
     """
     Used by acl.check_ownership to see if request.user has permissions for
     the collection.
     """
     return acl.check_collection_ownership(request, self, require_owner)
Пример #2
0
 def check_ownership(self, request, require_owner, require_author,
                     ignore_disabled, admin):
     """
     Used by acl.check_ownership to see if request.user has permissions for
     the collection.
     """
     return acl.check_collection_ownership(request, self, require_owner)
Пример #3
0
 def wrapper(request, username, slug, *args, **kw):
     collection = get_collection(request, username, slug)
     if acl.check_collection_ownership(request, collection,
                                       require_owner=require_owner):
         return func(request, collection, username, slug, *args, **kw)
     else:
         return http.HttpResponseForbidden()
Пример #4
0
 def get_object(self, request, username, slug):
     self.request = request
     c = views.get_collection(request, username, slug)
     if not (c.listed or acl.check_collection_ownership(request, c)):
         # 403 can't be raised as an exception.
         raise http.Http404()
     return c
Пример #5
0
 def wrapper(request, username, slug, *args, **kw):
     collection = get_collection(request, username, slug)
     if acl.check_collection_ownership(request, collection,
                                       require_owner=require_owner):
         return func(request, collection, username, slug, *args, **kw)
     else:
         return http.HttpResponseForbidden()
Пример #6
0
def collection_detail_json(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        raise PermissionDenied
    # We evaluate the QuerySet with `list` to work around bug 866454.
    addons_dict = [addon_to_dict(a) for a in list(c.addons.valid())]
    return {"name": c.name, "url": c.get_abs_url(), "iconUrl": c.icon_url, "addons": addons_dict}
Пример #7
0
 def wrapper(request, username, slug, *args, **kw):
     collection = get_collection(request, username, slug)
     if acl.check_collection_ownership(request, collection,
                                       require_owner=require_owner):
         return func(request, collection, username, slug, *args, **kw)
     else:
         raise PermissionDenied
Пример #8
0
 def get_object(self, request, username, slug):
     self.request = request
     c = views.get_collection(request, username, slug)
     if not (c.listed or acl.check_collection_ownership(request, c)):
         # 403 can't be raised as an exception.
         raise http.Http404()
     return c
Пример #9
0
 def wrapper(request, username, slug, *args, **kw):
     collection = get_collection(request, username, slug)
     if acl.check_collection_ownership(request, collection,
                                       require_owner=require_owner):
         return func(request, collection, username, slug, *args, **kw)
     else:
         raise PermissionDenied
Пример #10
0
        def wrapper(request, username, slug, *args, **kw):
            collection = get_object_or_404(Collection,
                                           author__nickname=username,
                                           slug=slug)

            if acl.check_collection_ownership(request, collection,
                                              require_owner=require_owner):
                return func(request, collection, username, slug, *args, **kw)
            else:
                return http.HttpResponseForbidden(
                        _("This is not the collection you are looking for."))
Пример #11
0
def collection_detail_json(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        raise PermissionDenied
    addons_dict = [addon_to_dict(a) for a in c.addons.valid()]
    return {
        'name': c.name,
        'url': c.get_abs_url(),
        'iconUrl': c.icon_url,
        'addons': addons_dict
    }
Пример #12
0
def collection_detail_json(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        raise PermissionDenied
    addons_dict = [addon_to_dict(a) for a in c.addons.valid()]
    return {
        'name': c.name,
        'url': c.get_abs_url(),
        'iconUrl': c.icon_url,
        'addons': addons_dict
    }
Пример #13
0
def collection_detail_json(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        raise PermissionDenied
    # We evaluate the QuerySet with `list` to work around bug 866454.
    addons_dict = [addon_to_dict(a) for a in list(c.addons.valid())]
    return {
        'name': c.name,
        'url': c.get_abs_url(),
        'iconUrl': c.icon_url,
        'addons': addons_dict
    }
Пример #14
0
def collection_detail_json(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        return http.HttpResponseForbidden()

    addons = c.addons.valid()
    addons_dict = [addon_to_dict(a) for a in addons]
    d = {'name': c.name,
         'url': c.get_abs_url(),
         'iconUrl': c.icon_url,
         'addons': addons_dict, }
    return d
Пример #15
0
def collection_detail(request, username, slug):
    c = get_collection(request, username, slug)
    if not c.listed:
        if not request.user.is_authenticated():
            return redirect_for_login(request)
        if not acl.check_collection_ownership(request, c):
            raise PermissionDenied

    if request.GET.get('format') == 'rss':
        return http.HttpResponsePermanentRedirect(c.feed_url())

    base = Addon.objects.valid() & c.addons.all()
    filter = CollectionAddonFilter(request,
                                   base,
                                   key='sort',
                                   default='popular')
    notes = get_notes(c)
    # Go directly to CollectionAddon for the count to avoid joins.
    count = CollectionAddon.objects.filter(Addon.objects.valid_q(
        amo.VALID_STATUSES, prefix='addon__'),
                                           collection=c.id)
    addons = paginate(request, filter.qs, per_page=15, count=count.count())

    # The add-on query is not related to the collection, so we need to manually
    # hook them up for invalidation.  Bonus: count invalidation.
    keys = [addons.object_list.flush_key(), count.flush_key()]
    caching.invalidator.add_to_flush_list({c.flush_key(): keys})

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    # `perms` is defined in django.contrib.auth.context_processors. Gotcha!
    user_perms = {
        'view_stats': acl.check_ownership(request, c, require_owner=False),
    }

    tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
    return render_cat(
        request, 'bandwagon/collection_detail.html', {
            'collection': c,
            'filter': filter,
            'addons': addons,
            'notes': notes,
            'author_collections': others,
            'tags': tags,
            'user_perms': user_perms
        })
Пример #16
0
def collection_detail_json(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        return http.HttpResponseForbidden()

    addons = c.addons.valid()
    addons_dict = [addon_to_dict(a) for a in addons]
    d = {
        'name': c.name,
        'url': c.get_abs_url(),
        'iconUrl': c.icon_url,
        'addons': addons_dict,
    }
    return d
Пример #17
0
def change_addon(request, collection, action):
    if not acl.check_collection_ownership(request, collection):
        raise PermissionDenied

    try:
        addon = get_object_or_404(Addon.objects, pk=request.POST["addon_id"])
    except (ValueError, KeyError):
        return http.HttpResponseBadRequest()

    getattr(collection, action + "_addon")(addon)
    log.info(u"%s: %s %s to collection %s" % (request.amo_user, action, addon.id, collection.id))

    if request.is_ajax():
        url = "%s?addon_id=%s" % (reverse("collections.ajax_list"), addon.id)
    else:
        url = collection.get_url_path()
    return http.HttpResponseRedirect(url)
Пример #18
0
def collection_detail(request, username, slug):
    c = get_collection(request, username, slug)
    if not c.listed:
        if not request.user.is_authenticated():
            return redirect_for_login(request)
        if not acl.check_collection_ownership(request, c):
            raise PermissionDenied

    if request.GET.get("format") == "rss":
        return http.HttpResponsePermanentRedirect(c.feed_url())

    base = Addon.objects.valid() & c.addons.all()
    filter = CollectionAddonFilter(request, base, key="sort", default="popular")
    notes = get_notes(c)
    # Go directly to CollectionAddon for the count to avoid joins.
    count = CollectionAddon.objects.filter(Addon.objects.valid_q(amo.VALID_STATUSES, prefix="addon__"), collection=c.id)
    addons = paginate(request, filter.qs, per_page=15, count=count.count())

    # The add-on query is not related to the collection, so we need to manually
    # hook them up for invalidation.  Bonus: count invalidation.
    keys = [addons.object_list.flush_key(), count.flush_key()]
    caching.invalidator.add_to_flush_list({c.flush_key(): keys})

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    # `perms` is defined in django.contrib.auth.context_processors. Gotcha!
    user_perms = {"view_stats": acl.check_ownership(request, c, require_owner=False)}

    tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
    return render(
        request,
        "bandwagon/collection_detail.html",
        {
            "collection": c,
            "filter": filter,
            "addons": addons,
            "notes": notes,
            "author_collections": others,
            "tags": tags,
            "user_perms": user_perms,
        },
    )
Пример #19
0
def change_addon(request, collection, action):
    if not acl.check_collection_ownership(request, collection):
        return http.HttpResponseForbidden()

    try:
        addon = get_object_or_404(Addon.objects, pk=request.POST['addon_id'])
    except (ValueError, KeyError):
        return http.HttpResponseBadRequest()

    getattr(collection, action + '_addon')(addon)
    log.info(u'%s: %s %s to collection %s' %
             (request.amo_user, action, addon.id, collection.id))

    if request.is_ajax():
        url = '%s?addon_id=%s' % (reverse('collections.ajax_list'), addon.id)
    else:
        url = collection.get_url_path()
    return redirect(url)
Пример #20
0
def change_addon(request, collection, action):
    if not acl.check_collection_ownership(request, collection):
        return http.HttpResponseForbidden()

    try:
        addon = get_object_or_404(Addon.objects, pk=request.POST['addon_id'])
    except (ValueError, KeyError):
        return http.HttpResponseBadRequest()

    getattr(collection, action + '_addon')(addon)
    log.info(u'%s: %s %s to collection %s' %
             (request.amo_user, action, addon.id, collection.id))

    if request.is_ajax():
        url = '%s?addon_id=%s' % (reverse('collections.ajax_list'), addon.id)
    else:
        url = collection.get_url_path()
    return redirect(url)
Пример #21
0
def delete(request, username, slug):
    collection = get_object_or_404(Collection, author__username=username, slug=slug)

    if not acl.check_collection_ownership(request, collection, True):
        log.info(u"%s is trying to delete collection %s" % (request.amo_user, collection.id))
        raise PermissionDenied

    data = dict(collection=collection, username=username, slug=slug)

    if request.method == "POST":
        if request.POST["sure"] == "1":
            collection.delete()
            log.info(u"%s deleted collection %s" % (request.amo_user, collection.id))
            url = reverse("collections.user", args=[username])
            return http.HttpResponseRedirect(url)
        else:
            return http.HttpResponseRedirect(collection.get_url_path())

    return render(request, "bandwagon/delete.html", data)
Пример #22
0
def collection_detail(request, username, slug):
    c = get_collection(request, username, slug)
    if not (c.listed or acl.check_collection_ownership(request, c)):
        return http.HttpResponseForbidden()

    if request.GET.get('format') == 'rss':
        return redirect(c.feed_url(), permanent=True)

    base = Addon.objects.valid() & c.addons.all()
    filter = CollectionAddonFilter(request, base,
                                   key='sort', default='popular')
    notes = get_notes(c)
    # Go directly to CollectionAddon for the count to avoid joins.
    count = CollectionAddon.objects.filter(
        Addon.objects.valid_q(amo.VALID_STATUSES, prefix='addon__'),
        collection=c.id)
    addons = paginate(request, filter.qs, per_page=15, count=count.count())

    # The add-on query is not related to the collection, so we need to manually
    # hook them up for invalidation.  Bonus: count invalidation.
    keys = [addons.object_list.flush_key(),
            count.flush_key()]
    caching.invalidator.add_to_flush_list({c.flush_key(): keys})

    if c.author_id:
        qs = Collection.objects.listed().filter(author=c.author)
        others = amo.utils.randslice(qs, limit=4, exclude=c.id)
    else:
        others = []

    # `perms` is defined in django.contrib.auth.context_processors. Gotcha!
    user_perms = {
        'view_stats': acl.check_ownership(request, c, require_owner=False),
    }

    tags = Tag.objects.filter(id__in=c.top_tags) if c.top_tags else []
    return render(request, 'bandwagon/collection_detail.html',
                  {'collection': c, 'filter': filter, 'addons': addons,
                   'notes': notes, 'author_collections': others, 'tags': tags,
                   'user_perms': user_perms})
Пример #23
0
def delete(request, username, slug):
    collection = get_object_or_404(Collection, author__username=username,
                                   slug=slug)

    if not acl.check_collection_ownership(request, collection, True):
        log.info(u'%s is trying to delete collection %s'
                 % (request.amo_user, collection.id))
        return http.HttpResponseForbidden()

    data = dict(collection=collection, username=username, slug=slug)

    if request.method == 'POST':
        if request.POST['sure'] == '1':
            collection.delete()
            log.info(u'%s deleted collection %s' %
                     (request.amo_user, collection.id))
            url = reverse('collections.user', args=[username])
            return http.HttpResponseRedirect(url)
        else:
            return http.HttpResponseRedirect(collection.get_url_path())

    return render(request, 'bandwagon/delete.html', data)
Пример #24
0
def delete(request, username, slug):
    collection = get_object_or_404(Collection, author__username=username,
                                   slug=slug)

    if not acl.check_collection_ownership(request, collection, True):
        log.info(u'%s is trying to delete collection %s'
                 % (request.amo_user, collection.id))
        return http.HttpResponseForbidden()

    data = dict(collection=collection, username=username, slug=slug)

    if request.method == 'POST':
        if request.POST['sure'] == '1':
            collection.delete()
            log.info(u'%s deleted collection %s' %
                     (request.amo_user, collection.id))
            url = reverse('collections.user', args=[username])
            return http.HttpResponseRedirect(url)
        else:
            return http.HttpResponseRedirect(collection.get_url_path())

    return render(request, 'bandwagon/delete.html', data)