Пример #1
0
    def process(self, request, ids):
        shop = get_shop(request)
        reset_domain_url = request.build_absolute_uri("/")

        if isinstance(ids, str) and ids == "all":
            query = Q()
        else:
            query = Q(pk__in=ids)

        for user in get_user_model().objects.filter(query):
            # if user is staff, then use the admin url and templates
            if user.is_staff or user.is_superuser:
                reset_url_name = "shuup_admin:recover_password"
                subject_template_name = "shuup/admin/auth/recover_password_mail_subject.jinja"
                email_template_name = "shuup/admin/auth/recover_password_mail_content.jinja"
            else:
                reset_url_name = "shuup:recover_password_confirm"
                subject_template_name = "shuup/user/recover_password_mail_subject.jinja"
                email_template_name = "shuup/user/recover_password_mail_content.jinja"

            send_user_reset_password_email(
                user=user,
                shop=shop,
                reset_domain_url=reset_domain_url,
                reset_url_name=reset_url_name,
                token_generator=default_token_generator,
                subject_template_name=subject_template_name,
                email_template_name=email_template_name,
            )
Пример #2
0
 def process_request(self, request):
     shop = getattr(request, "shop", get_shop(request))
     theme = get_current_theme(shop)
     if theme:
         theme.set_current()
     else:
         log.error((_("Shop '{}' has no active theme")).format(shop))
Пример #3
0
def inject_global_snippet(context, content):
    if not valid_view(context):
        return

    from shuup.xtheme import get_current_theme
    from shuup.xtheme.models import Snippet, SnippetType
    shop = get_shop(context["request"])

    cache_key = GLOBAL_SNIPPETS_CACHE_KEY.format(shop_id=shop.id)
    snippets = cache.get(cache_key)

    if snippets is None:
        snippets = Snippet.objects.filter(shop=shop)
        cache.set(cache_key, snippets)

    for snippet in snippets:
        if snippet.themes:
            current_theme = get_current_theme(shop)
            if current_theme and current_theme.identifier not in snippet.themes:
                continue

        content = snippet.snippet
        if snippet.snippet_type == SnippetType.InlineJS:
            content = InlineScriptResource(content)
        elif snippet.snippet_type == SnippetType.InlineCSS:
            content = InlineStyleResource(content)
        elif snippet.snippet_type == SnippetType.InlineHTMLMarkup:
            content = InlineMarkupResource(content)
        elif snippet.snippet_type == SnippetType.InlineJinjaHTMLMarkup:
            context = dict(context.items())
            # prevent recursive injection
            context["allow_resource_injection"] = False
            content = JinjaMarkupResource(content, context)

        add_resource(context, snippet.location, content)
Пример #4
0
    def has_permission(self, request, view):
        try:
            permission = int(
                configuration.get(None, make_permission_config_key(view),
                                  DEFAULT_PERMISSION))
        except ValueError:
            permission = DEFAULT_PERMISSION

        # god mode - just works if API is not disabled
        if request.user.is_authenticated:
            if request.user.is_superuser or get_shop(
                    request).staff_members.filter(pk=request.user.pk).exists():
                return permission <= PermissionLevel.ADMIN

        # safe requests: GET, HEAD, OPTIONS
        if request.method in permissions.SAFE_METHODS:
            # to READ, the permissions can be WRITE or READ
            return (request.user.is_authenticated
                    and permission <= PermissionLevel.AUTHENTICATED_WRITE
                    ) or permission <= PermissionLevel.PUBLIC_WRITE

        # NOT safe: POST, PUT, DELETE
        else:
            # to change data, permission must be exactly WRITE
            if request.user.is_authenticated:
                return permission in (PermissionLevel.AUTHENTICATED_WRITE,
                                      PermissionLevel.PUBLIC_WRITE)
            return permission == PermissionLevel.PUBLIC_WRITE
Пример #5
0
def inject_global_snippet(context, content):
    if not valid_view(context):
        return

    from shuup.xtheme import get_current_theme
    from shuup.xtheme.models import Snippet, SnippetType
    shop = get_shop(context["request"])

    cache_key = GLOBAL_SNIPPETS_CACHE_KEY.format(shop_id=shop.id)
    snippets = cache.get(cache_key)

    if snippets is None:
        snippets = Snippet.objects.filter(shop=shop)
        cache.set(cache_key, snippets)

    for snippet in snippets:
        if snippet.themes:
            current_theme = get_current_theme(shop)
            if current_theme and current_theme.identifier not in snippet.themes:
                continue

        content = snippet.snippet
        if snippet.snippet_type == SnippetType.InlineJS:
            content = InlineScriptResource(content)
        elif snippet.snippet_type == SnippetType.InlineCSS:
            content = InlineStyleResource(content)
        elif snippet.snippet_type == SnippetType.InlineHTMLMarkup:
            content = InlineMarkupResource(content)

        add_resource(context, snippet.location, content)
Пример #6
0
def add_gdpr_consent_resources(context, content):
    if not valid_view(context):
        return

    request = context["request"]
    shop = get_shop(request)
    gdpr_settings = GDPRSettings.get_for_shop(shop)

    # GDPR not enabled, nothing to do
    if not gdpr_settings.enabled:
        return

    # always add styles
    add_resource(context, "head_end",
                 static("shuup_gdpr/shuup_gdpr_styles.css"))

    user = request.user
    if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
        consent_page = get_privacy_policy_page(shop)
        render_context = {
            "request":
            request,
            "csrf_token":
            context["csrf_token"],
            "url":
            "/%s" % consent_page.url,
            "accept_url":
            reverse("shuup:gdpr_policy_consent",
                    kwargs=dict(page_id=consent_page.id))
        }
        update_resource = InlineMarkupResource(
            loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja",
                                    context=render_context))
        add_resource(context, "body_end", update_resource)

    # consent already added
    if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
        return

    gdpr_documents = []
    if has_installed("shuup.simple_cms"):
        gdpr_documents = get_active_consent_pages(shop)

    render_context = {
        "request": request,
        "csrf_token": context["csrf_token"],
        "gdpr_settings": gdpr_settings,
        "gdpr_documents": gdpr_documents,
        "gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
    }
    html_resource = InlineMarkupResource(
        loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
                                context=render_context))
    add_resource(context, "body_end", html_resource)
    add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
Пример #7
0
 def get_context_data(self, context):
     shop = get_shop(context["request"])
     cfg = get_connection_info(shop)
     return {
         "mailchimp_enabled": cfg.get("mailchimp_check_success", False),
         "title": self.get_translated_value("title"),
         "lead": self.get_translated_value("lead"),
         "link_title": self.get_translated_value("link_title"),
         "input_placeholder_text": self.get_translated_value("input_placeholder_text"),
         "success_message": self.get_translated_value("success_message"),
         "error_message": self.get_translated_value("error_message"),
     }
Пример #8
0
def inject_global_snippet(context, content):  # noqa: C901
    if not valid_view(context):
        return

    from shuup.xtheme import get_current_theme
    from shuup.xtheme.models import Snippet, SnippetType

    request = context["request"]
    shop = getattr(request, "shop", None) or get_shop(context["request"])

    cache_key = GLOBAL_SNIPPETS_CACHE_KEY.format(shop_id=shop.id)
    snippets = cache.get(cache_key)

    if snippets is None:
        snippets = Snippet.objects.filter(shop=shop)
        cache.set(cache_key, snippets)

    for snippet in snippets:
        if snippet.themes:
            current_theme = getattr(request, "theme",
                                    None) or get_current_theme(shop)
            if current_theme and current_theme.identifier not in snippet.themes:
                continue

        snippet_blockers = get_provide_objects(
            "xtheme_snippet_blocker")  # type: Iterable[SnippetBlocker]
        blocked = False

        for snippet_blocker in snippet_blockers:
            if snippet_blocker.should_block_global_snippet_injection(
                    snippet, context):
                blocked = True
                break

        if blocked:
            continue

        content = snippet.snippet
        if snippet.snippet_type == SnippetType.InlineJS:
            content = InlineScriptResource(content)
        elif snippet.snippet_type == SnippetType.InlineCSS:
            content = InlineStyleResource(content)
        elif snippet.snippet_type == SnippetType.InlineHTMLMarkup:
            content = InlineMarkupResource(content)
        elif snippet.snippet_type == SnippetType.InlineJinjaHTMLMarkup:
            context = dict(context.items())
            # prevent recursive injection
            context["allow_resource_injection"] = False
            content = JinjaMarkupResource(content, context)

        add_resource(context, snippet.location, content)
Пример #9
0
    def resolve_manufactures(self, info, search=None, **kwargs):
        queryset = Manufacturer.objects.all()

        # if some shop is returned, then use it in the queryset
        # custom shop providers can return no shop and then
        # all manufactures will be returned, like in marketplace environments
        shop = get_shop(info.context)
        if shop:
            queryset = queryset.filter(shops=shop)

        if search:
            queryset = queryset.filter(name__icontains=search)

        return queryset
Пример #10
0
def add_gdpr_consent_resources(context, content):
    if not valid_view(context):
        return

    request = context["request"]
    shop = get_shop(request)
    gdpr_settings = GDPRSettings.get_for_shop(shop)

    # GDPR not enabled, nothing to do
    if not gdpr_settings.enabled:
        return

    # always add styles
    add_resource(context, "head_end", static("shuup-gdpr.css"))

    user = request.user
    if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
        consent_page = get_privacy_policy_page(shop)
        render_context = {
            "request": request,
            "csrf_token": context["csrf_token"],
            "url": "/%s" % consent_page.url,
            "accept_url": reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=consent_page.id))
        }
        update_resource = InlineMarkupResource(
            loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja", context=render_context)
        )
        add_resource(context, "body_end", update_resource)

    # consent already added
    if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
        return

    gdpr_documents = []
    if has_installed("shuup.simple_cms"):
        gdpr_documents = get_active_consent_pages(shop)

    render_context = {
        "request": request,
        "csrf_token": context["csrf_token"],
        "gdpr_settings": gdpr_settings,
        "gdpr_documents": gdpr_documents,
        "gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
    }
    html_resource = InlineMarkupResource(
        loader.render_to_string("shuup/gdpr/gdpr_consent.jinja", context=render_context)
    )
    add_resource(context, "body_end", html_resource)
    add_resource(context, "body_end", static("shuup-gdpr.js"))
Пример #11
0
    def process_user(self, user_to_recover, request):
        if (not user_to_recover.has_usable_password()
                or not hasattr(user_to_recover, 'email')
                or not user_to_recover.email):
            return False

        send_user_reset_password_email(
            user=user_to_recover,
            shop=get_shop(request),
            reset_domain_url=request.build_absolute_uri("/"),
            reset_url_name=self.recover_password_confirm_view_url_name,
            token_generator=self.token_generator,
            subject_template_name=self.subject_template_name,
            email_template_name=self.email_template_name,
            from_email=self.from_email)

        return True
Пример #12
0
def media_upload(request, *args, **kwargs):
    if not settings.SHUUP_CUSTOMER_INFORMATION_ALLOW_PICTURE_UPLOAD:
        return HttpResponseForbidden()

    shop = get_shop(request)
    folder = get_or_create_folder(shop, "/contacts")
    form = UploadImageForm(request.POST, request.FILES)
    if form.is_valid():
        filer_file = filer_image_from_upload(request, path=folder, upload_data=request.FILES['file'])
    else:
        error_messages = []
        for validation_error in form.errors.as_data().get("file", []):
            error_messages += validation_error.messages

        return JsonResponse({"error": ", ".join([msg for msg in error_messages])}, status=400)

    ensure_media_file(shop, filer_file)
    return JsonResponse({"file": filer_file_to_json_dict(filer_file)})
Пример #13
0
    def resolve_shop_products(self, info, search=None, **kwargs):
        queryset = get_shop_product_queryset().filter(
            product__variation_parent__isnull=True,
            product__mode__in=(ProductMode.NORMAL,
                               ProductMode.VARIABLE_VARIATION_PARENT,
                               ProductMode.SIMPLE_VARIATION_PARENT,
                               ProductMode.PACKAGE_PARENT))

        # if some shop is returned, then use it in the queryset
        # custom shop providers can return no shop and then
        # all manufactures will be returned, like in marketplace environments
        shop = get_shop(info.context)
        if shop:
            queryset = queryset.filter(shop=shop)

        if search:
            queryset = queryset.filter(
                product__translations__name__icontains=search)

        return queryset
Пример #14
0
def add_gdpr_consent_resources(context, content):
    # TODO: should we ignore admin urls?
    view_class = getattr(context["view"], "__class__",
                         None) if context.get("view") else None
    if not view_class or not context.get("request"):
        return

    shop = get_shop(context["request"])
    gdpr_settings = GDPRSettings.get_for_shop(shop)

    # GDPR not enabled
    if not gdpr_settings.enabled:
        return

    # consent already added
    # TODO: Should we check for changes and ask the consent again here?
    if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in context["request"].COOKIES:
        return

    gdpr_documents = []
    if has_installed("shuup.simple_cms"):
        from shuup.simple_cms.models import Page, PageType
        gdpr_documents = Page.objects.visible(shop).filter(
            page_type=PageType.GDPR_CONSENT_DOCUMENT)

    render_context = {
        "request": context["request"],
        "csrf_token": context["csrf_token"],
        "gdpr_settings": gdpr_settings,
        "gdpr_documents": gdpr_documents,
        "gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
    }
    html_resource = InlineMarkupResource(
        loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
                                context=render_context))
    add_resource(context, "body_end", html_resource)
    add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
    add_resource(context, "head_end",
                 static("shuup_gdpr/shuup_gdpr_styles.css"))
Пример #15
0
 def _set_shop(self, request):
     """
     Set the shop here again, even if the ShuupCore already did it.
     As we use this middleware alone in `refresh_on_user_change`, we should ensure the request shop.
     """
     request.shop = get_shop(request)
Пример #16
0
 def get_queryset(self):
     return self.queryset.filter(shop=get_shop(self.request))
Пример #17
0
    def process_request(self, request):
        request.shop = get_shop(request)

        if not request.shop:
            raise ImproperlyConfigured(_("No shop!"))
Пример #18
0
    def process_request(self, request):
        request.shop = get_shop(request)

        if not request.shop:
            raise ImproperlyConfigured(_("No shop!"))
Пример #19
0
 def get_queryset(self):
     return self.queryset.filter(Q(shops=get_shop(self.request)) | Q(shops__isnull=True))
Пример #20
0
 def _set_shop(self, request):
     """
     Set the shop here again, even if the ShuupCore already did it.
     As we use this middleware alone in `refresh_on_user_change`, we should ensure the request shop.
     """
     request.shop = get_shop(request)
Пример #21
0
 def get_queryset(self):
     return self.queryset.filter(Q(shops=get_shop(self.request)) | Q(shops__isnull=True))