def wrapper(request, addon, *args, **kw):
fun = lambda: f(request, addon_id=addon.id, addon=addon, *args,
**kw)
# Require an owner or dev for POST requests.
if request.method == 'POST':
if acl.has_perm(request, addon, dev=not owner_for_post):
return fun()
# Ignore disabled so they can view their add-on.
elif acl.has_perm(request, addon, viewer=True,
ignore_disabled=True):
return fun()
return http.HttpResponseForbidden()
def download_file(request, file_id, type=None):
file = get_object_or_404(File.objects, pk=file_id)
addon = get_object_or_404(Addon.objects, pk=file.version.addon_id)
if (addon.is_disabled and not
acl.has_perm(request, addon, viewer=True, ignore_disabled=True)):
raise http.Http404()
attachment = (type == 'attachment' or not request.APP.browser)
loc = file.get_mirror(addon, attachment=attachment)
response = http.HttpResponseRedirect(loc)
response['X-Target-Digest'] = file.hash
return response
def wrapper(*args, **kw):
request = args[1]
addon_id = kw['addon_id']
try:
addon = Addon.objects.id_or_slug(addon_id).get()
except:
return rc.NOT_HERE
if not acl.has_perm(request, addon, viewer=True):
return rc.FORBIDDEN
if 'version_id' in kw:
try:
version = Version.objects.get(addon=addon, pk=kw['version_id'])
except Version.DoesNotExist:
return rc.NOT_HERE
return f(*args, addon=addon, version=version)
else:
return f(*args, addon=addon)
def review_list(request, addon, review_id=None, user_id=None):
q = (Review.objects.valid().filter(addon=addon)
.order_by('-created'))
ctx = {'addon': addon,
'grouped_ratings': GroupedRating.get(addon.id)}
ctx.update(flag_context())
ctx['form'] = forms.ReviewForm(None)
if review_id is not None:
ctx['page'] = 'detail'
# If this is a dev reply, find the first msg for context.
review = get_object_or_404(Review.objects.all(), pk=review_id)
if review.reply_to_id:
review_id = review.reply_to_id
ctx['reply'] = review
q = q.filter(pk=review_id)
elif user_id is not None:
ctx['page'] = 'user'
q = q.filter(user=user_id)
if not q:
raise http.Http404()
else:
ctx['page'] = 'list'
q = q.filter(is_latest=True)
ctx['reviews'] = reviews = amo.utils.paginate(request, q)
ctx['replies'] = Review.get_replies(reviews.object_list)
if request.user.is_authenticated():
ctx['review_perms'] = {
'is_admin': acl.action_allowed(request, 'Admin', 'EditAnyAddon'),
'is_editor': acl.action_allowed(request, 'Editor', '%'),
'is_author': acl.has_perm(request, addon, dev=True),
'can_delete': acl.action_allowed(request, 'Editors',
'DeleteReview'),
}
ctx['flags'] = get_flags(request, reviews.object_list)
else:
ctx['review_perms'] = {}
return jingo.render(request, 'reviews/review_list.html', ctx)
def feed(request, addon_id=None):
if request.GET.get('privaterss'):
return feeds.ActivityFeedRSS()(request)
if not request.user.is_authenticated():
url = reverse('users.login')
p = urlquote(request.get_full_path())
return http.HttpResponseRedirect('%s?to=%s' % (url, p))
else:
addons_all = request.amo_user.addons.all()
if addon_id:
addon = get_object_or_404(Addon.objects.id_or_slug(addon_id))
addons = addon # common query set
try:
key = RssKey.objects.get(addon=addons)
except RssKey.DoesNotExist:
key = RssKey.objects.create(addon=addons)
rssurl = urlparams(reverse('devhub.feed', args=[addon_id]),
privaterss=key.key)
if not acl.has_perm(request, addons, viewer=True):
return http.HttpResponseForbidden()
else:
rssurl = _get_rss_feed(request)
addon = None
addons = addons_all
action = request.GET.get('action')
items = _get_items(action, addons)
activities = _get_activities(request, action)
addon_items = _get_addons(request, addons_all, addon_id)
pager = amo.utils.paginate(request, items, 20)
data = dict(addons=addon_items, pager=pager, activities=activities,
rss=rssurl, addon=addon)
return jingo.render(request, 'devhub/addons/activity.html', data)
def reply(request, addon, review_id):
is_admin = acl.action_allowed(request, 'Admin', 'EditAnyAddon')
is_author = acl.has_perm(request, addon, dev=True)
if not (is_admin or is_author):
return http.HttpResponseForbidden()
review = get_object_or_404(Review.objects, pk=review_id, addon=addon)
form = forms.ReviewReplyForm(request.POST or None)
if request.method == 'POST':
if form.is_valid():
d = dict(reply_to=review, addon=addon,
defaults=dict(user=request.amo_user))
reply, new = Review.objects.get_or_create(**d)
for key, val in _review_details(request, addon, form).items():
setattr(reply, key, val)
reply.save()
action = 'New' if new else 'Edited'
log.debug('%s reply to %s: %s' % (action, review_id, reply.id))
return redirect('reviews.detail', addon.slug, review_id)
ctx = dict(review=review, form=form, addon=addon)
ctx.update(flag_context())
return jingo.render(request, 'reviews/reply.html', ctx)