Python check_unlisted_addons_viewer_or_reviewer示例

示例#1

def owner_or_unlisted_viewer_or_reviewer(request, addon):
    return (
        acl.check_unlisted_addons_viewer_or_reviewer(request)
        # We don't want "admins" here, because it includes anyone with the
        # "Addons:Edit" perm, we only want those with
        # "ReviewerTools:ViewUnlisted" or "Addons:ReviewUnlisted" perm
        # (which is checked above).
        or acl.check_addon_ownership(request, addon, admin=False, dev=True)
    )

示例#2

文件： views.py 项目： wagnerand/addons-server

 def get_serializer_class(self):
     # Override serializer to use serializer_class_with_unlisted_data if
     # we are allowed to access unlisted data.
     obj = getattr(self, 'instance', None)
     request = self.request
     if acl.check_unlisted_addons_viewer_or_reviewer(request) or (
             obj and request.user.is_authenticated
             and obj.authors.filter(pk=request.user.pk).exists()):
         return self.serializer_class_with_unlisted_data
     return self.serializer_class

示例#3

文件： decorators.py 项目： wagnerand/addons-server

        def wrapper(request, addon, *args, **kw):
            def fun():
                return f(request, addon_id=addon.id, addon=addon, *args, **kw)

            if submitting and addon.type == amo.ADDON_SITE_PERMISSION:
                raise PermissionDenied
            if request.method in ('HEAD', 'GET'):
                # Allow reviewers for read operations, if file_id is present
                # and the reviewer is the right kind of reviewer for this file.
                if allow_reviewers_for_read:
                    file_id = kw.get('file_id')
                    if file_id:
                        is_unlisted = Version.unfiltered.filter(
                            file__id=file_id, channel=amo.RELEASE_CHANNEL_UNLISTED
                        ).exists()
                        has_required_permission = (
                            acl.check_unlisted_addons_viewer_or_reviewer(request)
                            if is_unlisted
                            else (acl.check_listed_addons_viewer_or_reviewer(request))
                        )
                        if has_required_permission:
                            return fun()
                    else:
                        raise ImproperlyConfigured

                # On read-only requests, we can allow developers, and even let
                # authors see mozilla disabled or site permission add-ons.
                if acl.check_addon_ownership(
                    request,
                    addon,
                    allow_developer=True,
                    allow_mozilla_disabled_addon=True,
                    allow_site_permission=True,
                ):
                    # Redirect to the submit flow if they're not done with
                    # listed submission.
                    if not submitting and addon.should_redirect_to_submit_flow():
                        return redirect('devhub.submit.details', addon.slug)
                    return fun()
            # Require an owner or deveveloper for POST requests (if the add-on
            # status is disabled that check will return False).
            elif request.method == 'POST':
                if acl.check_addon_ownership(
                    request,
                    addon,
                    allow_developer=not owner_for_post,
                    allow_site_permission=allow_site_permission_for_post,
                ):
                    return fun()
            raise PermissionDenied

示例#4

文件： decorators.py 项目： st333v/addons-server

        def wrapper(request, addon, *args, **kw):
            def fun():
                return f(request, addon_id=addon.id, addon=addon, *args, **kw)

            if request.method in ('HEAD', 'GET'):
                # Allow reviewers for read operations, if file_id is present
                # and the reviewer is the right kind of reviewer for this file.
                if allow_reviewers_for_read:
                    file_id = kw.get('file_id')
                    if file_id:
                        is_unlisted = Version.unfiltered.filter(
                            files__id=file_id,
                            channel=amo.RELEASE_CHANNEL_UNLISTED).exists()
                        has_required_permission = (
                            acl.check_unlisted_addons_viewer_or_reviewer(
                                request) if is_unlisted else
                            (acl.check_listed_addons_viewer_or_reviewer(
                                request)))
                        if has_required_permission:
                            return fun()
                    else:
                        raise ImproperlyConfigured

                # On read-only requests, ignore disabled so developers can
                # still view their add-on.
                if acl.check_addon_ownership(request,
                                             addon,
                                             dev=not owner_for_get,
                                             ignore_disabled=True):
                    # Redirect to the submit flow if they're not done.
                    if not submitting and addon.should_redirect_to_submit_flow(
                    ):
                        return redirect('devhub.submit.details', addon.slug)
                    return fun()
            # Require an owner or dev for POST requests (if the add-on status
            # is disabled that check will return False).
            elif request.method == 'POST':
                if acl.check_addon_ownership(request,
                                             addon,
                                             dev=not owner_for_post):
                    return fun()
            raise PermissionDenied

示例#5

文件： views.py 项目： copyit/addons-server

 def is_appropriate_reviewer(addon, channel):
     return (acl.is_reviewer(request, addon)
             if channel == amo.RELEASE_CHANNEL_LISTED else
             acl.check_unlisted_addons_viewer_or_reviewer(request))

示例#6

文件： permissions.py 项目： Mitrajit/addons-server

 def has_permission(self, request, view):
     return acl.check_unlisted_addons_viewer_or_reviewer(request)