def download_file(request, file_id, type=None):
# Fetch what we need with a minimum amount of queries (Transforms on
# Version and Webapp are avoided). This breaks several things like
# translations, but it should be fine here, we don't need much to go on.
file_ = get_object_or_404(File.objects.select_related('version'),
pk=file_id)
webapp = get_object_or_404(Webapp.objects.all().no_transforms(),
pk=file_.version.webapp_id, is_packaged=True)
if webapp.is_disabled or file_.status == mkt.STATUS_DISABLED:
if not acl.check_webapp_ownership(request, webapp, viewer=True,
ignore_disabled=True):
raise http.Http404()
# We treat blocked files like public files so users get the update.
if file_.status in [mkt.STATUS_PUBLIC, mkt.STATUS_BLOCKED]:
path = file_.signed_file_path
public = True
else:
# This is someone asking for an unsigned packaged app.
if not acl.check_webapp_ownership(request, webapp, dev=True):
raise http.Http404()
path = file_.file_path
public = False
log.info('Downloading package: %s from %s' % (webapp.id, path))
return get_file_response(request, path, content_type='application/zip',
etag=file_.hash.split(':')[-1], public=public)
def in_app_products(request, webapp_id, webapp, account=None):
owner = acl.check_webapp_ownership(request, webapp)
products = webapp.inappproduct_set.all()
new_product = InAppProduct(webapp=webapp)
form = InAppProductForm()
if webapp.origin:
inapp_origin = webapp.origin
elif webapp.guid:
# Derive a marketplace specific origin out of the GUID.
# This is for apps that do not specify a custom origin.
inapp_origin = 'marketplace:{}'.format(webapp.guid)
else:
# Theoretically this is highly unlikely. A hosted app will
# always have a domain and a packaged app will always have
# a generated GUID.
raise TypeError(
'Cannot derive origin: no declared origin, no GUID')
list_url = _fix_origin_link(reverse('in-app-products-list',
kwargs={'origin': inapp_origin}))
detail_url = _fix_origin_link(reverse('in-app-products-detail',
# {guid} is replaced in JS.
kwargs={'origin': inapp_origin,
'guid': "{guid}"}))
return render(request, 'developers/payments/in-app-products.html',
{'webapp': webapp, 'form': form, 'new_product': new_product,
'owner': owner, 'products': products, 'form': form,
'list_url': list_url, 'detail_url': detail_url,
'active_lang': request.LANG.lower()})
def setup_viewer(request, file_obj):
data = {'file': file_obj,
'version': file_obj.version,
'webapp': file_obj.version.webapp,
'status': False,
'selected': {},
'validate_url': ''}
if (acl.check_reviewer(request) or
acl.check_webapp_ownership(request, file_obj.version.webapp,
viewer=True, ignore_disabled=True)):
data['validate_url'] = reverse(
'mkt.developers.apps.json_file_validation',
args=[file_obj.version.webapp.app_slug, file_obj.id])
if acl.check_reviewer(request):
data['file_link'] = {'text': _('Back to review'),
'url': reverse('reviewers.apps.review',
args=[data['webapp'].app_slug])}
else:
data['file_link'] = {
'text': _('Back to app'),
'url': reverse('detail', args=[data['webapp'].pk])
}
return data
def wrapper(request, webapp, *args, **kw):
from mkt.submit.views import _resume
def fun():
return f(request, webapp_id=webapp.id, webapp=webapp,
*args, **kw)
if allow_editors and acl.check_reviewer(request):
return fun()
if staff and (acl.action_allowed(request, 'Apps', 'Configure') or
acl.action_allowed(request, 'Apps',
'ViewConfiguration')):
return fun()
if support:
# Let developers and support people do their thangs.
if (acl.check_webapp_ownership(request, webapp,
support=True) or
acl.check_webapp_ownership(request, webapp,
dev=True)):
return fun()
else:
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.check_webapp_ownership(request, webapp,
dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.check_webapp_ownership(request, webapp, viewer=True,
ignore_disabled=True):
if not skip_submit_check:
try:
# If it didn't go through the app submission
# checklist. Don't die. This will be useful for
# creating apps with an API later.
step = webapp.appsubmissionchecklist.get_next()
except ObjectDoesNotExist:
step = None
# Redirect to the submit flow if they're not done.
if not getattr(f, 'submitting', False) and step:
return _resume(webapp, step)
return fun()
raise PermissionDenied
def get_app(self, ident):
try:
app = Webapp.objects.by_identifier(ident)
except Webapp.DoesNotExist:
raise Http404
if not app.is_public() and not check_webapp_ownership(
self.request, app):
# App owners and admin can see the app even if it's not public.
# Regular users or anonymous users can't.
raise PermissionDenied('The app requested is not public')
return app
def allowed(request, file):
allowed = acl.check_reviewer(request)
if not allowed:
try:
webapp = file.version.webapp
except ObjectDoesNotExist:
raise http.Http404
if webapp.status in mkt.REVIEWED_STATUSES:
allowed = True
else:
allowed = acl.check_webapp_ownership(request, webapp, viewer=True,
dev=True)
if not allowed:
raise PermissionDenied
return True
def in_app_config(request, webapp_id, webapp):
"""
Allows developers to get a key/secret for doing in-app payments.
"""
config = get_inapp_config(webapp)
owner = acl.check_webapp_ownership(request, webapp)
if request.method == 'POST':
# Reset the in-app secret for the app.
(client.api.generic
.product(config['resource_pk'])
.patch(data={'secret': generate_key(48)}))
messages.success(request, _('Changes successfully saved.'))
return redirect(reverse('mkt.developers.apps.in_app_config',
args=[webapp.app_slug]))
return render(request, 'developers/payments/in-app-config.html',
{'webapp': webapp, 'owner': owner,
'seller_config': config})