def test_apply_to_class_based_view(self):
@self.registry.register(allow_anonymous=True)
def can_do_things(user):
return user.can_do_things
@self.registry.require('can_do_things')
class View(object):
def dispatch(self, req):
return getattr(self, req.method.lower())(req)
def get(self, req):
pass
self.assertEqual(View.dispatch.__name__, 'dispatch')
request = self.request_factory.get('/things')
request.user = User()
request.user.can_do_things = True
view = View()
view.dispatch(request)
request.user.can_do_things = False
self.assertRaises(PermissionDenied, view.dispatch, request)
def dispatch(self, request, *args, **kwargs):
if not ("supervisor_id" in request.POST
or "activity" in request.FILES):
return View.dispatch(self, request, *args, **kwargs)
supervisor_id_value = request.POST["supervisor_id"]
': :type supervisor_id_value: str'
if not (len(supervisor_id_value) == 7
and supervisor_id_value.isalnum()):
return View.dispatch(self, request, *args, **kwargs)
file = request.FILES["activity"]
filename = file.name
': :type filename: str'
filename_match = re.fullmatch(r'next_(?P<interval>\d+)\.jpg', filename)
if filename_match is None or not (1 <= int(
filename_match.group('interval')) <= 600000):
return View.dispatch(self, request, *args, **kwargs)
# TODO: Use chunks?
activity_value = file.read()
': :type activity_value: bytes'
activity = Snap(filename, activity_value)
supervisor_id = SupervisorId(supervisor_id_value)
monitoring_service.track_activity(activity, supervisor_id)
return redirect('/')
def dispatch(self, request, *args, **kwargs):
# Authentication
if not users.get_current_user().email() in settings.AUTHORIZED_USER:
if not 'localhost' == request.META['SERVER_NAME']:
if not 0 == len(settings.AUTHORIZED_USER):
return HttpResponse(status=403)
return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
if not self.has_permission(request, *args, **kwargs):
if not request.user.is_authenticated():
path = request.get_full_path()
return HttpResponseRedirect("%s?next=%s" % (settings.LOGIN_URL,
path))
else:
return render_to_forbidden(request)
return _View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
if not self.has_permission(request, *args, **kwargs):
if not request.user.is_authenticated():
path = request.get_full_path()
return HttpResponseRedirect("%s?next=%s" %
(settings.LOGIN_URL, path))
else:
return render_to_forbidden(request)
return _View.dispatch(self, request, *args, **kwargs)
def test_apply_to_class_based_view_with_model(self):
@self.registry.register(model=Model, allow_anonymous=True)
def can_do_stuff(user, instance):
return user.can_do_stuff and instance is not None
@self.registry.require('can_do_stuff')
class View(object):
def dispatch(self, req, model_id, *args, **kwargs):
return getattr(self, req.method.lower())(req, model_id, *args, **kwargs)
def get(self, req, model_id):
return model_id
request = self.request_factory.get('/stuff/1')
request.user = User()
request.user.can_do_stuff = True
view = View()
view.dispatch(request, 1)
request.user.can_do_stuff = False
self.assertRaises(PermissionDenied, view.dispatch, request, model_id=1)
def dispatch(self, request, *args, **kwargs):
return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
# Give leader names and Gravatars to the public
# (Gravatar URLs hash the email with MD5)
return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
# api_key = ApiKey.authenticate(request, username=settings.USSD_USER_NAME)
# if not api_key:
# logger.error('Attempted call to API only view: {}.'.format(self.__class__.__name__))
# raise Http404()
return View.dispatch(self, request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
# base_queryset is equal to all orders the user is allowed to access
self.set_base_queryset(request)
return View.dispatch(self, request, *args, **kwargs)
