def owner_or_unlisted_viewer_or_reviewer(request, addon): return ( acl.check_unlisted_addons_viewer_or_reviewer(request) # We don't want "admins" here, because it includes anyone with the # "Addons:Edit" perm, we only want those with # "ReviewerTools:ViewUnlisted" or "Addons:ReviewUnlisted" perm # (which is checked above). or acl.check_addon_ownership(request, addon, admin=False, dev=True) )
def get_serializer_class(self): # Override serializer to use serializer_class_with_unlisted_data if # we are allowed to access unlisted data. obj = getattr(self, 'instance', None) request = self.request if acl.check_unlisted_addons_viewer_or_reviewer(request) or ( obj and request.user.is_authenticated and obj.authors.filter(pk=request.user.pk).exists()): return self.serializer_class_with_unlisted_data return self.serializer_class
def wrapper(request, addon, *args, **kw): def fun(): return f(request, addon_id=addon.id, addon=addon, *args, **kw) if submitting and addon.type == amo.ADDON_SITE_PERMISSION: raise PermissionDenied if request.method in ('HEAD', 'GET'): # Allow reviewers for read operations, if file_id is present # and the reviewer is the right kind of reviewer for this file. if allow_reviewers_for_read: file_id = kw.get('file_id') if file_id: is_unlisted = Version.unfiltered.filter( file__id=file_id, channel=amo.RELEASE_CHANNEL_UNLISTED ).exists() has_required_permission = ( acl.check_unlisted_addons_viewer_or_reviewer(request) if is_unlisted else (acl.check_listed_addons_viewer_or_reviewer(request)) ) if has_required_permission: return fun() else: raise ImproperlyConfigured # On read-only requests, we can allow developers, and even let # authors see mozilla disabled or site permission add-ons. if acl.check_addon_ownership( request, addon, allow_developer=True, allow_mozilla_disabled_addon=True, allow_site_permission=True, ): # Redirect to the submit flow if they're not done with # listed submission. if not submitting and addon.should_redirect_to_submit_flow(): return redirect('devhub.submit.details', addon.slug) return fun() # Require an owner or deveveloper for POST requests (if the add-on # status is disabled that check will return False). elif request.method == 'POST': if acl.check_addon_ownership( request, addon, allow_developer=not owner_for_post, allow_site_permission=allow_site_permission_for_post, ): return fun() raise PermissionDenied
def wrapper(request, addon, *args, **kw): def fun(): return f(request, addon_id=addon.id, addon=addon, *args, **kw) if request.method in ('HEAD', 'GET'): # Allow reviewers for read operations, if file_id is present # and the reviewer is the right kind of reviewer for this file. if allow_reviewers_for_read: file_id = kw.get('file_id') if file_id: is_unlisted = Version.unfiltered.filter( files__id=file_id, channel=amo.RELEASE_CHANNEL_UNLISTED).exists() has_required_permission = ( acl.check_unlisted_addons_viewer_or_reviewer( request) if is_unlisted else (acl.check_listed_addons_viewer_or_reviewer( request))) if has_required_permission: return fun() else: raise ImproperlyConfigured # On read-only requests, ignore disabled so developers can # still view their add-on. if acl.check_addon_ownership(request, addon, dev=not owner_for_get, ignore_disabled=True): # Redirect to the submit flow if they're not done. if not submitting and addon.should_redirect_to_submit_flow( ): return redirect('devhub.submit.details', addon.slug) return fun() # Require an owner or dev for POST requests (if the add-on status # is disabled that check will return False). elif request.method == 'POST': if acl.check_addon_ownership(request, addon, dev=not owner_for_post): return fun() raise PermissionDenied
def is_appropriate_reviewer(addon, channel): return (acl.is_reviewer(request, addon) if channel == amo.RELEASE_CHANNEL_LISTED else acl.check_unlisted_addons_viewer_or_reviewer(request))
def has_permission(self, request, view): return acl.check_unlisted_addons_viewer_or_reviewer(request)