Пример #1
0
    def dispatch(self, *args, **kwargs):
        """
        checks permissions, requires a login and
        because we are using a generic view approach to the data-models
        in django BMF, we can ditch a middleware (less configuration)
        and add the functionality we need for the framework to
        work properly to this function.
        """

        # add the site object to every request
        setattr(self.request, 'djangobmf_appconfig', apps.get_app_config(bmfsettings.APP_LABEL))
        setattr(self.request, 'djangobmf_site', self.request.djangobmf_appconfig.site)

        # add the authenticated user and employee to the request (as a lazy queryset)
        self.request.user.djangobmf = Employee(self.request.user)

        # TODO ... call check_object_permission instead when objects have a model
        try:
            if not self.check_permissions(self.request):
                return permission_denied(self.request)
        except Http404:
            return page_not_found(self.request)

        # TODO MOVE THIS CHECK TO PERMISSIONS
        # check if bmf has a employee model and if so do a validation of the
        # employee instance (users, who are not employees are not allowed to access)
        if self.request.user.djangobmf.has_employee and not self.request.user.djangobmf.employee:
            logger.debug("User %s does not have permission to access djangobmf" % self.request.user)
            if self.request.user.is_superuser:
                return redirect('djangobmf:wizard', permanent=False)
            else:
                return permission_denied(self.request)

        response = super(BaseMixin, self).dispatch(*args, **kwargs)

        # Catch HTTP error codes and redirect to a bmf-specific template
        if response.status_code in [400, 403, 404, 500] and not settings.DEBUG:

            if response.status_code == 400:
                return bad_request(self.request)

            if response.status_code == 403:
                return permission_denied(self.request)

            if response.status_code == 404:
                return page_not_found(self.request)

            if response.status_code == 500:
                return server_error(self.request)

        return response
Пример #2
0
 def test_permission_denied(self):
     request = self.factory.get('/403/')
     response = permission_denied(request)
     self.assertEqual(response.status_code, 403)