def wrapper(request, addon, *args, **kw): if theme: kw['theme'] = addon.is_persona() elif addon.is_persona(): # Don't allow theme views if theme not passed in. raise http.Http404 def fun(): return f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.is_editor(request, addon): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): # Redirect to the submit flow if they're not done. if (not submitting and addon.should_redirect_to_submit_flow()): return redirect('devhub.submit.details', addon.slug) return fun() raise PermissionDenied
def wrapper(request, addon, *args, **kw): if theme: kw['theme'] = addon.is_persona() elif addon.is_persona(): # Don't allow theme views if theme not passed in. raise http.Http404 def fun(): return f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.is_editor(request, addon): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): # Redirect to the submit flow if they're not done. if (not submitting and addon.status == amo.STATUS_NULL and not addon.has_complete_metadata()): return redirect('devhub.submit.details', addon.slug) return fun() raise PermissionDenied
def wrapper(request, addon, *args, **kw): from olympia.devhub.views import _resume if theme: kw['theme'] = addon.is_persona() elif addon.is_persona(): # Don't allow theme views if theme not passed in. raise http.Http404 def fun(): return f(request, addon_id=addon.id, addon=addon, *args, **kw) if allow_editors: if acl.is_editor(request, addon): return fun() # Require an owner or dev for POST requests. if request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() # Ignore disabled so they can view their add-on. elif acl.check_addon_ownership(request, addon, viewer=True, ignore_disabled=True): step = SubmitStep.objects.filter(addon=addon) # Redirect to the submit flow if they're not done. if not getattr(f, 'submitting', False) and step: return _resume(addon, step) return fun() raise PermissionDenied
def review_list(request, addon, review_id=None, user_id=None): qs = Review.without_replies.all().filter(addon=addon).order_by('-created') ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) is_admin = acl.action_allowed(request, amo.permissions.ADDONS_EDIT) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review qs = qs.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' qs = qs.filter(user=user_id) if not qs: raise http.Http404() else: ctx['page'] = 'list' qs = qs.filter(is_latest=True) # Don't filter out empty reviews for admins. if not is_admin: # But otherwise, filter out everyone elses empty reviews. user_filter = (Q(user=request.user.pk) if request.user.is_authenticated() else Q()) qs = qs.filter(~Q(body=None) | user_filter) ctx['reviews'] = reviews = paginate(request, qs) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': is_admin, 'is_editor': acl.is_editor(request, addon), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return render(request, 'reviews/review_list.html', ctx)
def review_list(request, addon, review_id=None, user_id=None): qs = Review.without_replies.all().filter( addon=addon).order_by('-created') ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) is_admin = acl.action_allowed(request, amo.permissions.ADDONS_EDIT) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review qs = qs.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' qs = qs.filter(user=user_id) if not qs: raise http.Http404() else: ctx['page'] = 'list' qs = qs.filter(is_latest=True) # Don't filter out empty reviews for admins. if not is_admin: # But otherwise, filter out everyone elses empty reviews. user_filter = (Q(user=request.user.pk) if request.user.is_authenticated() else Q()) qs = qs.filter(~Q(body=None) | user_filter) ctx['reviews'] = reviews = paginate(request, qs) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': is_admin, 'is_editor': acl.is_editor(request, addon), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return render(request, 'reviews/review_list.html', ctx)
def user_can_delete_review(request, review): """Return whether or not the request.user can delete reviews. People who can delete reviews: * The original review author. * Editors, but only if they aren't listed as an author of the add-on and the add-on is flagged for moderation * Users in a group with "Users:Edit" privileges. * Users in a group with "Addons:Edit" privileges. Persona editors can't delete addons reviews. """ is_author = review.addon.has_author(request.user) return (review.user_id == request.user.id or not is_author and ((acl.is_editor(request, review.addon) and review.editorreview) or acl.action_allowed(request, 'Users', 'Edit') or acl.action_allowed(request, 'Addons', 'Edit')))
def review_list(request, addon, review_id=None, user_id=None, template=None): qs = Review.without_replies.all().filter(addon=addon).order_by('-created') ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review qs = qs.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' qs = qs.filter(user=user_id) if not qs: raise http.Http404() else: ctx['page'] = 'list' qs = qs.filter(is_latest=True) ctx['reviews'] = reviews = paginate(request, qs) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.is_editor(request, addon), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return render(request, template, ctx)
def user_can_delete_review(request, review): """Return whether or not the request.user can delete reviews. People who can delete reviews: * The original review author. * Editors, but only if they aren't listed as an author of the add-on. * Users in a group with "Users:Edit" privileges. * Users in a group with "Addons:Edit" privileges. Persona editors can't delete addons reviews. """ is_author = review.addon.has_author(request.user) return ( review.user_id == request.user.id or not is_author and ( acl.is_editor(request, review.addon) or acl.action_allowed(request, 'Users', 'Edit') or acl.action_allowed(request, 'Addons', 'Edit')))
def user_can_delete_review(request, review): """Return whether or not the request.user can delete reviews. People who can delete reviews: * The original review author. * Editors, but only if they aren't listed as an author of the add-on and the add-on is flagged for moderation * Users in a group with "Users:Edit" privileges. * Users in a group with "Addons:Edit" privileges. Persona editors can't delete addons reviews. """ is_author = review.addon.has_author(request.user) return ( review.user_id == request.user.id or not is_author and ( (acl.is_editor(request, review.addon) and review.editorreview) or acl.action_allowed(request, amo.permissions.USERS_EDIT) or acl.action_allowed(request, amo.permissions.ADDONS_EDIT)))
def review_list(request, addon, review_id=None, user_id=None, template=None): q = (Review.objects.valid().filter(addon=addon) .order_by('-created')) ctx = {'addon': addon, 'grouped_ratings': GroupedRating.get(addon.id)} ctx['form'] = forms.ReviewForm(None) if review_id is not None: ctx['page'] = 'detail' # If this is a dev reply, find the first msg for context. review = get_object_or_404(Review.objects.all(), pk=review_id) if review.reply_to_id: review_id = review.reply_to_id ctx['reply'] = review q = q.filter(pk=review_id) elif user_id is not None: ctx['page'] = 'user' q = q.filter(user=user_id) if not q: raise http.Http404() else: ctx['page'] = 'list' q = q.filter(is_latest=True) ctx['reviews'] = reviews = amo_utils.paginate(request, q) ctx['replies'] = Review.get_replies(reviews.object_list) if request.user.is_authenticated(): ctx['review_perms'] = { 'is_admin': acl.action_allowed(request, 'Addons', 'Edit'), 'is_editor': acl.is_editor(request, addon), 'is_author': acl.check_addon_ownership(request, addon, viewer=True, dev=True, support=True), } ctx['flags'] = get_flags(request, reviews.object_list) else: ctx['review_perms'] = {} return render(request, template, ctx)