def user_login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, user_type='User'): """ user_login_required: Decorator for views that checks that if a certain type of User is logged in, redirecting to the log-in page if not. """ if user_type=='Person': actual_decorator = user_passes_test( lambda u: is_person(u), redirect_field_name=redirect_field_name ) elif user_type=='Vendor': actual_decorator = user_passes_test( lambda u: is_vendor(u), redirect_field_name=redirect_field_name ) else: actual_decorator = user_passes_test( lambda u: u.is_authenticated() and u.is_active(), redirect_field_name=redirect_field_name ) if function: return actual_decorator(function) return actual_decorator
def test_user_passes_test_composition(self): """ The user_passes_test decorator can be applied multiple times (#9474). """ def test1(user): user.decorators_applied.append('test1') return True def test2(user): user.decorators_applied.append('test2') return True def callback(request): return request.user.decorators_applied callback = user_passes_test(test1)(callback) callback = user_passes_test(test2)(callback) class DummyUser(object): pass class DummyRequest(object): pass request = DummyRequest() request.user = DummyUser() request.user.decorators_applied = [] response = callback(request) self.assertEqual(response, ['test2', 'test1'])
def user_is_instance(model, login_url=None, raise_exception=False): def check_instance(user): if isinstance(user, model): return True else: raise PermissionDenied return False user_passes_test(check_instance, login_url=login_url)
def group_required(*group_names, **kwargs): """Requires user membership in at least one of the groups passed in.""" def in_groups(u): if u.is_authenticated(): if bool(u.groups.filter(name__in=group_names)) | u.is_superuser: return True return False if 'login_url' in kwargs: return user_passes_test(in_groups, kwargs['login_url']) else: return user_passes_test(in_groups)
def role_required(*user_roles): """ Decorator for views that checks whether a user has a particular role, redirecting to the log-in page if neccesary. Follows same style as django.contrib.auth.decorators.login_required, and django.contrib.auth.decorators.permission_required. """ required_roles = [] for each in user_roles: if isinstance(each, basestring): required_roles.append( roles.get(each) ) else: required_roles.append(each) def check_role(user): try: user_role = getattr(user, 'role', None) if not user_role: return False for each in required_roles: if user_role == each or user_role.subrole_of( each ): return True return False except UserRole.DoesNotExist: return False return user_passes_test(check_role)
def admin_required(function=None): actual_decorator = user_passes_test( lambda u: u.is_authenticated() and u.is_superuser, ) if function: return actual_decorator(function) return actual_decorator
def is_active_required(function): actual_decorator = user_passes_test( lambda u: u.is_active, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME ) return login_required(actual_decorator(function))
def group_required(*groups, **kwargs): """ Decorator for views that checks whether a user is a member of a group, redirecting to the log-in page if neccesary. If the raise_exception parameter is not given the PermissionDenied exception (403 error) is raised. """ login_url = kwargs.get("login_url", None) raise_exception = kwargs.get("raise_exception", True) def is_user_in_group(user, group): return user.groups.filter(name=group).exists() def check_group(user): # If user is not logged in, redirect them to login form if user.is_anonymous(): return False # First check if the user is in one of groups for group in groups: if is_user_in_group(user, group): return True # In case the 403 handler should be called raise the exception if raise_exception: raise PermissionDenied # As the last resort, show the login form return False return user_passes_test(check_group, login_url=login_url)
def any_permission_required(*args): def test_func(user): for perm in args: if user.has_perm(perm): return True return False return user_passes_test(test_func)
def dispatch(self, request, pk): company = get_object_or_404(models.Comment, pk=pk).company can_edit = CanEdit(company) login_url = reverse('login') dispatch = super(CommentDelete, self).dispatch wrapped_dispatch = user_passes_test(can_edit, login_url)(dispatch) return wrapped_dispatch(request, pk=pk)
def _wrapped_view(request, wiki_url, *args, **kwargs): actual_decorator = user_passes_test( lambda user: is_author(user,request, wiki_url), login_url=login_url, redirect_field_name=redirect_field_name )(function)(request, wiki_url, *args, **kwargs) return actual_decorator
def login_required(func): """ Decorator for views that checks that the user is logged in """ def check_user(user): return user.is_authenticated() return user_passes_test(check_user)(func)
def login_or_public_add_book_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None): """ Decorator for views that checks that the user is logged in or if the Pathagar setting ALLOW_PUBLIC_ADD_BOOKS == True, redirecting to the log-in page if necessary. """ def check_perms(user): if settings.ALLOW_PUBLIC_ADD_BOOKS: return True if user.is_authenticated(): if settings.ALLOW_USER_EDIT or user.is_staff: return True else: raise PermissionDenied else: return False actual_decorator = user_passes_test( check_perms, login_url=login_url, redirect_field_name=redirect_field_name ) if function: return actual_decorator(function) return actual_decorator
def local_user_required(func): """ Decorator for views that checks that the user is logged in and not a shibboleth user. """ decorator= user_passes_test(lambda u: not u.is_shibboleth_user()) return decorator(func)
def group_required(*permission_groups, **kwargs): """Requires user membership in at least one of the groups passed in.""" def in_groups(u): if u.is_authenticated() and u.is_active: group_names = [pg.value for pg in permission_groups] return u.groups.filter(name__in=group_names).exists() return user_passes_test(in_groups)
def _wrapped_view(request, *args, **kwargs): enforcer = user_passes_test(lambda u: request.agent.is_trusted, redirect_field_name=redirect_field_name, login_url=(login_url or settings.AGENT_LOGIN_URL) ) return enforcer(view_func)(request, *args, **kwargs)
def group_required(*group_names): """Requires user membership in at least one of the groups passed in.""" def in_groups(u): if u.is_authenticated(): return u.get_profile().is_librarian return False return user_passes_test(in_groups)
def subscription_in(subscription_list, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None): return user_passes_test( lambda u: u.get_active_subscription() in subscription_list, login_url=login_url, redirect_field_name=redirect_field_name )
def is_faculty(function=None): """Use this decorator to restrict access to authenticated users who are in the "Faculty" group.""" actual_decorator = user_passes_test( lambda u: u.is_authenticated() and u.groups.filter(name=FACULTY_GROUP_NAME).exists() ) return actual_decorator(function)
def login_required(view=None, **kwargs): u""" Decorator for views that checks that the user is logged in, redirecting to the log-in page if necessary. If ``raise_exception`` is True, ``PermissionDenied`` is rased instead of redirecting. Based on: django.contrib.auth.decorators.login_required Example: @login_required def view(request, ...): # We can assume now that the user is logged in. If he was not, he was redirected. @login_required(raise_exception=True) def view(request, ...): # We can assume now that the user is logged in. If he was not, he has got # PermissionDenied. """ raise_exception = kwargs.pop(u'raise_exception', False) def check(user): if user.is_authenticated(): return True if raise_exception: raise PermissionDenied return False actual_decorator = user_passes_test(check, **kwargs) if view: return actual_decorator(view) return actual_decorator
def sadmin_prerequisites(function): actual_decorator = user_passes_test( lambda u: u.is_authenticated() and u.is_staff and u.is_superuser, login_url=reverse_lazy('sadmin2:login'), redirect_field_name=REDIRECT_FIELD_NAME ) return actual_decorator(function)
def listUsers(request): """ Listar todos os utilizadores exceto superuser e staff. :param request: :return: """ utilizadores = User.objects.filter().exclude(is_superuser=True, is_staff=True) teste = user_passes_test(lambda user: '******' in list(user.get_all_permissions())) # print("all_permissions", list(request.user.get_all_permissions())) # tamLista = len(utilizadores) if not utilizadores: context = { 'utilizadores': utilizadores, 'tamLista': 0, } return render(request, "config/index.html", context) else: context = { 'utilizadores': utilizadores, 'tamLista': 1, } return render(request, "config/index.html", context)
def privilege_required(privilege, function=None, redirect_field_name=None, login_url=None): if redirect_field_name is None: redirect_field_name = REDIRECT_FIELD_NAME def test(user): if user.is_authenticated() and has_privilege(user, privilege): return True if user.is_superuser: return True return False actual_decorator = user_passes_test( test, login_url=login_url, redirect_field_name=redirect_field_name ) if function: return actual_decorator(function) return actual_decorator
def permission_required(perm): """ Decorator for views that checks whether a user has a particular permission enabled for the current site through django-guardian. If the user is logged out, redirect to the login page. If the user lacks the permission, return a 403 error. If a list of permissions is passed, then a user needs at least one to pass. This code is based on django.contrib.auth.decorators.permission_required """ def check_perms(user): if not user.is_authenticated(): return False try: resident = user.resident except ObjectDoesNotExist: # use the superclass ObjectDoesNotExist to avoid a circular import error raise PermissionDenied site = Site.objects.get_current() if isinstance(perm, list): perms = perm else: perms = [perm] for p in perms: if resident.has_perm_for_dorm(p, site): return True raise PermissionDenied return user_passes_test(check_perms)
def custom_perms(perm, group, app, login_url=None, raise_exception=True): """ """ def check_perms(user): a = user if isinstance(perm, six.string_types): perms = [perm, ] else: perms = perm if isinstance(group, list): groups = group else: groups = [group, ] appname = app + '.' perm_list = [appname + item for item in perms] for groupname in groups: group_obj = Group.objects.get(name=groupname) group_perms = [appname + item.codename for item in group_obj.permissions.all()] perm_list.extend(group_perms) if user.has_perms(perm_list): return True return False if raise_exception: raise PermissionDenied return False return user_passes_test(check_perms, login_url=login_url)
def require_groups(*group_names): def in_groups(u): if u.is_authenticated(): if bool(u.groups.filter(name__in=group_names)) | u.is_superuser: return True return False return user_passes_test(in_groups)
def instance_manager_required(function=None, redirect_to=None, raise_exception=False): """ View decorator that checks whether the user is an InstanceManager, i.e. if user.is_staff or has the InstanceManagerPermission enabled. Modeled on django.contrib.auth.decorators.permission_required(). :param function: view function to wrap :param redirect_to: URL to redirect to if user is not an InstanceManager user :param raise_exception: if set, will raise PermissionDenied if user is not an InstanceManager user. """ def check_perm(user): """Checks if the user is an instance manager""" if InstanceReference.can_manage(user): return True # In case the 403 handler should be called raise the exception if raise_exception: raise PermissionDenied # Or, show login form. return False # Use the user_passes_test view decorator to handle redirect. actual_decorator = user_passes_test( check_perm, login_url=redirect_to, redirect_field_name=None ) if function: return actual_decorator(function) return actual_decorator
def admin_staff_member_required( view_func=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login', cacheable=False ): """ Decorator for views that checks that the user is logged in and is a staff member, redirecting to the login page if necessary. Also it make csrf_protect for each view and if need mark as chachable """ actual_decorator = user_passes_test( lambda u: u.is_active and u.is_staff, login_url=login_url, redirect_field_name=redirect_field_name ) view_func = actual_decorator(view_func) # make views as non chached if not cacheable: view_func = never_cache(view_func) # We add csrf_protect here so this function can be used as a utility # function for any view, without having to repeat 'csrf_protect'. if not getattr(view_func, 'csrf_exempt', False): view_func = csrf_protect(view_func) return view_func
def admin_with_permission(perm=None, login_url=None, raise_exception=False): """ Decorator for views that checks whether a user 'is_staff' and has particular permission enabled, redirecting to the log-in page if necessary. If the raise_exception parameter is given the PermissionDenied exception is raised. """ def check_perms(user): # ensure that user is a staff to access the ADMIN AREA if not user.is_staff: return False if not perm: return True # extracted from django.contrib.auth.decorators.permission_required if not isinstance(perm, (list, tuple)): perms = (perm,) else: perms = perm # first check if the user has the permission (even anonymous users) if user.has_perms(perms): return True # in clase 403 handler should be called raise the Exception if raise_exception: raise PermissionDenied # as last resort, show login form return False return user_passes_test(check_perms, login_url=login_url)
def dispatch(self, request, *args, **kwargs): super_dispatch = super(UserPassesTestMixin, self).dispatch protected_dispatch = user_passes_test( self.user_passes_test, self.get_login_url(), self.get_redirect_field_name())(super_dispatch) return protected_dispatch(request, *args, **kwargs)
from . import views from django.contrib.auth import views as auth_views from django.contrib.auth.decorators import user_passes_test from django.conf import settings from django.conf.urls.static import static def has_dashboard_permission(user): return user.groups.filter(name='factory').exists() or user.groups.filter( name='government').exists() urlpatterns = [ path('login', user_passes_test(has_dashboard_permission)(auth_views.login), {'template_name': 'dashboard/login.html'}, name='login'), path('logout', auth_views.logout, {'template_name': 'dashboard/logout.html'}, name='logout'), path('overview', user_passes_test(has_dashboard_permission)(views.dashboard), name='dashboard'), path('add_farmer', user_passes_test(has_dashboard_permission)(views.add_farmer), name='add_farmer'), path('add_user', user_passes_test(has_dashboard_permission)(views.add_user), name='add_user'), path('edit_farmer',
def leadership_required(function=None, login_url=None): actual_decorator = user_passes_test( lambda u: u.is_authenticated and u.is_leadership, login_url=login_url) if function: return actual_decorator(function) return actual_decorator
@method_decorator(check_profiles, 'get') class IncorporationView(LoginRequiredMixin, View): template_name = 'content/incorporation_view.html' def get_context_data(self, **kwargs): context = super(IncorporationView, self).get_context_data(**kwargs) context.update(JOB_CONTEXT) return context def get(self, request, *args, **kwargs): return render(request, self.template_name) @method_decorator(user_passes_test(lambda u: u.is_superuser), 'get') class PictureAutocomplete(autocomplete.Select2QuerySetView): def get_result_label(self, item): # TODO TODO TODO PUT ESCAPING IN THIS WIDGET TO STOP XSS return format_html( '<div class="auto-select"><div class="image-holder"><img src="{}"></div> {}</div>', item.image.url, item.title) def get_queryset(self): # Don't forget to filter out results depending on the visitor ! if not self.request.user.is_authenticated(): return Picture.objects.none() qs = Picture.objects.all() if self.q:
def user_is_superuser(view_func): active_required = user_passes_test(lambda u: u.is_superuser) decorated_view_func = login_required(active_required(view_func)) return decorated_view_func
context_instance=RequestContext(request)) def server_status(request, index): try: index = int(index) except ValueError: raise Http404 if 'memcached' not in settings.CACHE_BACKEND: raise Http404 if not SERVERS: raise Http404 try: server = SERVERS[index] except IndexError: raise Http404 stats = get_memcached_stats(server) if not stats: raise Http404 context = { 'server': server, 'stats': stats.items(), } return render_to_response('memcached/server_status.html', context, context_instance=RequestContext(request)) if getattr(settings, 'DJANGO_MEMCACHED_REQUIRE_STAFF', False): server_list = user_passes_test(lambda u: u.is_staff)(server_list) server_status = user_passes_test(lambda u: u.is_staff)(server_status)
def is_active_required(function): actual_decorator = user_passes_test( lambda u: u.is_active, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME) return login_required(actual_decorator(function))
require_POST, require_safe, condition(lambda r: None, lambda r: None), # django.views.decorators.vary vary_on_headers('Accept-language'), vary_on_cookie, # django.views.decorators.cache cache_page(60 * 15), cache_control(private=True), never_cache, # django.contrib.auth.decorators # Apply user_passes_test twice to check #9474 user_passes_test(lambda u: True), login_required, permission_required('change_world'), # django.contrib.admin.views.decorators staff_member_required, # django.utils.functional keep_lazy(HttpResponse), keep_lazy_text, lazy, # django.utils.safestring mark_safe, )
from django.conf.urls import patterns, url from django.conf import settings from django.contrib.auth.decorators import login_required,user_passes_test from pyas2 import views staff_required = user_passes_test(lambda u: u.is_staff) superuser_required = user_passes_test(lambda u: u.is_superuser) urlpatterns = patterns('', url(r'^login.*', 'django.contrib.auth.views.login', {'template_name': 'admin/login.html'}, name='login'), url(r'^logout.*', 'django.contrib.auth.views.logout',{'next_page': 'home'}, name='logout'), url(r'^password_change/$', 'django.contrib.auth.views.password_change', name='password_change'), url(r'^password_change/done/$', 'django.contrib.auth.views.password_change_done',name='password_change_done'), url(r'^home.*', login_required(views.home, login_url='login'), name='home'), url(r'^msearch/$', login_required(views.MessageSearch.as_view(), login_url='login'), name='msearch'), url(r'^message/$', login_required(views.MessageList.as_view(), login_url='login'), name='messages'), url(r'^message/(?P<pk>.+)/$', login_required(views.MessageDetail.as_view(), login_url='login'), name='message_detail'), url(r'^payload/(?P<pk>.+)/$', login_required(views.PayloadView.as_view(), login_url='login'), name='payload_view'), url(r'^mdnsearch/$', login_required(views.MDNSearch.as_view(), login_url='login'), name='mdnsearch'), url(r'^mdn/$', login_required(views.MDNList.as_view(), login_url='login'), name='mdns'), url(r'^mdn/(?P<pk>.+)/$', login_required(views.MDNView.as_view(), login_url='login'), name='mdn_view'), url(r'^sendmessage/$', login_required(views.sendmessage.as_view(), login_url='login'), name='sendmessage'), url(r'^resendmessage/(?P<pk>.+)/$', login_required(views.resendmessage, login_url='login'), name='resendmessage'), url(r'^sendasyncmdn/$', login_required(views.sendasyncmdn, login_url='login'), name='sendasyncmdn'), url(r'^retryfailedcomms/$', login_required(views.retryfailedcomms, login_url='login'), name='retryfailedcomms'), url(r'^cancelretries/(?P<pk>.+)/$', login_required(views.cancelretries, login_url='login'), name='cancelretries'), #only superuser url(r'^sendtestmail$', superuser_required(views.sendtestmailmanagers), name='sendtestmail'), # as2 asynchronous mdn and message receive url url(r'^as2receive$', views.as2receive, name="as2-receive"), #catch-all
def is_backoffice_user(user: User) -> bool: if user.is_authenticated(): return user.is_superuser or user.is_backoffice_user return False class BackofficeUserRequiredMixin(UserPassesTestMixin): login_url = 'backoffice:login' def test_func(self) -> bool: return is_backoffice_user(self.request.user) backoffice_user_required = user_passes_test(is_backoffice_user, login_url='backoffice:login') def is_superuser(user: User) -> bool: if user.is_authenticated(): return user.is_superuser return False class SuperuserRequiredMixin(UserPassesTestMixin): login_url = 'backoffice:login' def test_func(self) -> bool: return is_superuser(self.request.user)
from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.mixins import LoginRequiredMixin from django.views import View from genesishealth.apps.utils.request import admin_user class ApproveWorkQueueItemView(LoginRequiredMixin, View): def get(self, request, *args, **kwargs): pass approve_work_queue_item = user_passes_test(admin_user)( ApproveWorkQueueItemView.as_view())
def inner_role_login_required(view_func): role_required = user_passes_test( lambda user: user.profile.role in roles, login_url='sis:access_denied') decorated_func = login_required(role_required(view_func)) return decorated_func
def staff_required(): return user_passes_test(lambda u: u.is_staff)
class OrdersListView(ListView): model = Order template_name = 'orders_list.html' paginate_by = ITEMS_IN_PAGES def get_order_list(self): if User.objects.values('is_staff').get( pk=self.request.user.id)['is_staff']: order_list = Order.objects.all().order_by('-pk') else: order_list = Order.objects.filter( user_id=self.request.user.id).order_by('-pk') return order_list def get_context_data(self, **kwargs): context = super(OrdersListView, self).get_context_data(**kwargs) context['media_url'] = MEDIA_URL if User.objects.values('is_staff').get( pk=self.request.user.id)['is_staff']: context['current_site'] = 'manage_orders' else: context['current_site'] = 'orders_list' context['profile_form'] = OrderCommentForm() order_list = self.get_order_list() select_list = [] for item in order_list: options = {} statuses = [] if str(item.status) == 'Новый': statuses = OrderStatus.objects.filter(name__in=[ 'Подтверждён', 'Дозвониться не удалось', 'Отменён' ]).order_by('pk') elif str(item.status) == 'Подтверждён': statuses = OrderStatus.objects.filter(name__in=[ 'Доставлен и вручен', 'Отказ принять, возврат', 'Отменён' ]).order_by('pk') elif str(item.status) == 'Дозвониться не удалось': statuses = OrderStatus.objects.filter( name__in=['Подтверждён', 'Отменён']).order_by('pk') for st in statuses: options[st.pk] = st.name select_list.append({'orderId': item.pk, 'options': options}) context['select_list'] = select_list return context def get_queryset(self): return self.get_order_list() @method_decorator( user_passes_test(lambda u: u.is_authenticated, login_url='/')) def dispatch(self, *args, **kwargs): if User.objects.values('is_staff').get( pk=self.request.user.id)['is_staff']: order_list = Order.objects.all().order_by('pk') else: order_list = Order.objects.filter( user_id=self.request.user.id).order_by('pk') paginator = Paginator(order_list, self.paginate_by) page = self.request.GET.get('page', 1) try: object_list = paginator.page(page) except PageNotAnInteger: self.kwargs['page'] = 1 return redirect('orders') except EmptyPage: self.kwargs['page'] = 1 return redirect('orders') return super(ListView, self).dispatch(*args, **kwargs)
from django.views.generic import CreateView, DeleteView, DetailView, ListView, UpdateView from .models import Course, Grade, ForumPost, Comment from django.forms.models import model_to_dict from django.utils.decorators import method_decorator from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.mixins import UserPassesTestMixin def teacher_check(user): return user.is_teacher #Courses views @method_decorator(login_required, name='dispatch') @method_decorator(user_passes_test(teacher_check), name='dispatch') class CourseCreateView(CreateView): model = Course template_name = 'courses/course_create.html' fields = ['name', 'teacher', 'students'] def get_form_kwargs(self, *args, **kwargs): kwargs = super(CourseCreateView, self).get_form_kwargs(*args, **kwargs) return kwargs def get_success_url(self, *args, **kwargs): return reverse('course-detail', kwargs={'pk': self.object.pk}) @method_decorator(login_required, name='dispatch') @method_decorator(user_passes_test(teacher_check), name='dispatch')
import json from django.contrib.auth.decorators import login_required, user_passes_test from django.db.models import F, Q from django.shortcuts import render, get_object_or_404, redirect, reverse from django.utils.decorators import method_decorator from django.utils.translation import ugettext_lazy as _ from django.views.generic import ListView from common import auths from matrix.models import ProfileUser from survey import forms, models @method_decorator(login_required, name="dispatch") @method_decorator(user_passes_test(auths.check_is_student), name="dispatch") class SurveyListView(ListView): model = models.Survey template_name = "survey/list.html" def get_queryset(self): # cf. https://stackoverflow.com/a/48910072/8980220 profile_user = ProfileUser.objects.get(user=self.request.user) surveys = models.Survey.objects.filter( Q(opened=True), Q(promotionyear=profile_user.year_entrance) | Q(promotionyear=None), ) responses = models.Response.objects.filter( user__user=self.request.user,
class TemplateView(_TemplateView): @method_decorator(login_required) @method_decorator(user_passes_test(lambda u: u.is_superuser)) def dispatch(self, *args, **kwargs): return super(TemplateView, self).dispatch(*args, **kwargs)
def permission_required(*perms): return user_passes_test(lambda u: any(u.has_perm(perm) for perm in perms), login_url='/')
""" Definition of urls for DjangoSalicornia. """ from django.conf.urls import url, include from django.contrib import admin from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.views import login from rest_framework_swagger.views import get_swagger_view from saliapp import views from saliapp.views import * login_forbidden = user_passes_test(lambda u: u.is_anonymous(), 'home') schema_view = get_swagger_view(title='API documentation') urlpatterns = [ # url(r'^api/', include(router.urls)), url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')), url(r'^api/$', login_required(schema_view), name="api-doc"), url(r'^$', login_forbidden(login), name="login"), url(r'^home/$', home, name='home'), url(r'^accounts/login/$', login), url(r'^logout/$', logout_page), url(r'^manageruser/$', login_required(ManagerUserCompany.as_view()), name='managerUser'),
class ManufacturerCartonImportFormView(GenesisFormView): form_class = ManufacturerCartonImportForm success_message = 'The cartons have been added.' page_title = 'Import Manufacturer Cartons' def _get_breadcrumbs(self): return [ Breadcrumb('Manufacturer Cartons', reverse('gdrives:manufacturer-cartons')) ] def get_success_url(self, form): return reverse('gdrives:manufacturer-cartons') import_manufacturer_carton_csv = user_passes_test(admin_user)( ManufacturerCartonImportFormView.as_view()) class ManufacturerCartonTableView(GenesisTableView): def create_columns(self): return [ AttributeTableColumn('Carton Number', 'number'), AttributeTableColumn('Lot Number', 'lot_number'), AttributeTableColumn('Date Shipped', 'date_shipped'), ActionTableColumn( 'Actions', actions=[ ActionItem('Inspect', GenesisTableLink( 'gdrives:inspect-manufacturer-carton', url_args=[GenesisTableLinkAttrArg('pk')]),
def user_can_write_a_review(func): """View decorator that checks a user is allowed to write a review, in negative case the decorator return Forbidden""" @functools.wrap(func) def wrapper(request, *args, **kwargs): if request.user.is_authenticated() and request.user.points < 10: logger.warning( 'The {} user has tried to write a review, but does not have enough points to do so' .format(request.user.pk)) return HttpResponseForbidden() return func(request, *args, **kwargs) return wrapper user_login_required = user_passes_test(lambda user: user.is_active, login_url='/') def active_user_required(view_func): decorated_view_func = login_required(user_login_required(view_func)) return decorated_view_func def is_recruiter(self): if str(self.user_type) == 'Recruiter': return True else: return False
from django.urls import path from customers.views import Delete, CheckForExisting, my_companies, CompanyList from django.contrib.auth.decorators import user_passes_test urlpatterns = [ # path('new', user_passes_test(lambda u: u.is_superuser)(Create.as_view())), path('delete', user_passes_test(lambda u: u.is_superuser)(Delete.as_view())), # path('', user_passes_test(lambda u: u.is_superuser)(TenantView.as_view())), path('my-companies', my_companies), path('check-name', CheckForExisting.as_view(), name='Check Name'), path('list', (CompanyList.as_view())), ]
def get(self, request, *args, **kwargs): context = self.get_context_data(**kwargs) request.session.setdefault('favorite_investments', []) request.session.save() return self.render_to_response(context) class InvestmentView(DetailView): model = Investment template_name = 'investment.html' @method_decorator(login_required, name='dispatch') @method_decorator(user_passes_test(is_staff), name='dispatch') class CreateInvestmentView(CreateView): model = Investment fields = ['name', 'description', 'category'] template_name = 'create_investment.html' success_url = '/investments' @method_decorator(login_required, name='dispatch') @method_decorator(user_passes_test(is_staff), name='dispatch') class EditInvestmentView(UpdateView): model = Investment fields = ['name', 'description', 'category'] template_name = 'edit_investment.html' success_url = '/investments'
mtime = newmtime with open(file_path) as f: f.seek(last) result = f.read() if result: t = loader.get_template('django_live_log/main.html') yield result + "<script>$('html,body').animate({ scrollTop: $(document).height() }, 'slow');</script>" last = f.tell() except Exception as e: import traceback print(traceback.format_exc()) def dll(request): response = StreamingHttpResponse( log_streamer(request, request.GET.get('from', 1000), request.GET.get('file_path', ""))) response['X-Accel-Buffering'] = "no" return response def group_check(user): return user.groups.filter( name__in=settings.DLL_GROUP_PERMISSION if isinstance( settings.DLL_GROUP_PERMISSION, list ) else [settings.DLL_GROUP_PERMISSION]) if getattr(settings, "DLL_GROUP_PERMISSION", ""): dll = user_passes_test(group_check)(dll)
def admin_required(view): return user_passes_test(is_admin)(view)
def admin_required(login_url=None): return user_passes_test(lambda u: u.is_superuser, login_url=login_url)
def editor_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME): actual_decorator = user_passes_test( lambda u: is_editor(u), redirect_field_name=redirect_field_name) if function: return actual_decorator(function) return actual_decorator
class OnlyStaffMixin: @method_decorator(user_passes_test(lambda user: user.is_staff)) def dispatch(self, request, *args, **kwargs): return super().dispatch(request, *args, **kwargs)
def user_authenticated(view_func): active_required = user_passes_test(lambda u: u.is_active) decorated_view_func = login_required(active_required(view_func)) return decorated_view_func
url(r'^changeLogEventType/$', ChangeLogEventType.as_view(), name='change_logeventtype'), url(r'^changeLogEventType/(?P<object_id>[-\w]+)$', ChangeLogEventType.as_view(), name='change_logeventtype'), url(r'^logEventTypes$', LogEventTypeList.as_view(), name='logeventtype_list'), url(r'^changeAssetLog/$', ChangeAssetLog.as_view(), name='change_assetlog'), url(r'^changeAssetLog/(?P<object_id>[-\w]+)$', ChangeAssetLog.as_view(), name='change_assetlog'), url(r'^assetsLog$', AssetLogList.as_view(), name='assetlog_list'), url(r'^changeNeighborhood/$', ChangeNeighborhood.as_view(), name='change_neighborhood'), url(r'^changeNeighborhood/(?P<object_id>[-\w]+)$', ChangeNeighborhood.as_view(), name='change_neighborhood'), url(r'^neighborhoods$', NeighborhoodList.as_view(), name='neighborhood_list'), url(r'^findFiberlines', find_lines, name='find_lines'), url(r'^statistics$', user_passes_test(is_registered_member)(Statistic.as_view()), name='statistic'), url(r'^save_pin$', save_pin, name='save_pin'), url(r'^save_pin_position$', save_pin_position, name='save_pin_position'), url(r'^save_live_optical_fiber_coords$', save_live_optical_fiber_coords, name='save_live_optical_fiber_coords'), url(r'^filter_network_data$', filter_network_data, name='filter_network_data'), url(r'^delete_old_way$', delete_old_way, name='delete_old_way'), url(r'^save_fiber_way$', save_optical_fiber_position, name='save_fiber_way'), url(r'^full_search$', search, name='search'), url(r'^get_selected_pin$', get_selected_pin, name='get_selected_pin'), url(r'^get_selected_fiber$', get_selected_fiber, name='get_selected_fiber'), url(r'^change_pin_position$', change_pin_position, name='change_pin_position'), url(r'^get_agent_installation$', get_agent_installation, name='get_agent_installation'), url(r'^get_recent_equipments$', get_recent_equipments, name='get_recent_equipments'), url(r'^grab_fibers$', grab_fibers, name='grab_fibers'), url(r'^grab_pins$', grab_pins, name='grab_pins'), url(r'^grab_pin_info$', grab_pin_info, name='grab_pin_info'),
fully_decorated = require_http_methods(["GET"])(fully_decorated) fully_decorated = require_GET(fully_decorated) fully_decorated = require_POST(fully_decorated) # django.views.decorators.vary fully_decorated = vary_on_headers('Accept-language')(fully_decorated) fully_decorated = vary_on_cookie(fully_decorated) # django.views.decorators.cache fully_decorated = cache_page(60*15)(fully_decorated) fully_decorated = cache_control(private=True)(fully_decorated) fully_decorated = never_cache(fully_decorated) # django.contrib.auth.decorators # Apply user_passes_test twice to check #9474 fully_decorated = user_passes_test(lambda u:True)(fully_decorated) fully_decorated = login_required(fully_decorated) fully_decorated = permission_required('change_world')(fully_decorated) # django.contrib.admin.views.decorators fully_decorated = staff_member_required(fully_decorated) # django.utils.functional fully_decorated = memoize(fully_decorated, {}, 1) fully_decorated = allow_lazy(fully_decorated) fully_decorated = lazy(fully_decorated) class DecoratorsTest(TestCase): def test_attributes(self):