django-authority/src/authority/decorators.py

import inspect
from django.core.exceptions import PermissionDenied
from django.http import HttpResponseForbidden, HttpResponseRedirect, Http404
from django.utils.http import urlquote
from django.utils.functional import wraps
from django.db.models import Model, get_model
from django.shortcuts import get_object_or_404
from django.conf import settings
from django.contrib.auth.decorators import user_passes_test
from django.contrib.auth import REDIRECT_FIELD_NAME

from authority import permissions
from authority.views import permission_denied

def permission_required(perm, *model_lookups, **kwargs):
    """
    Decorator for views that checks whether a user has a particular permission
    enabled, redirecting to the log-in page if necessary.
    """
    login_url = kwargs.pop('login_url', settings.LOGIN_URL)
    redirect_field_name = kwargs.pop('redirect_field_name', REDIRECT_FIELD_NAME)
    redirect_to_login = kwargs.pop('redirect_to_login', True)
    def decorate(view_func):
        def decorated(request, *args, **kwargs):
            objs = []
            if request.user.is_authenticated():
                for model, lookup, varname in model_lookups:
                    if varname not in kwargs:
                        continue
                    value = kwargs.get(varname, None)
                    if value is None:
                        continue
                    if isinstance(model, basestring):
                        model_class = get_model(*model.split("."))
                    else:
                        model_class = model
                    if model_class is None:
                        raise ValueError(
                            "The given argument '%s' is not a valid model." % model)
                    if inspect.isclass(model_class) and \
                            not issubclass(model_class, Model):
                        raise ValueError(
                            'The argument %s needs to be a model.' % model)
                    objs.append(get_object_or_404(model_class, **{lookup: value}))
                check = permissions.registry.get_check(request.user, perm)
                granted = False
                if check is not None:
                    granted = check(*objs)
                if granted or request.user.has_perm(perm):
                    return view_func(request, *args, **kwargs)
            if redirect_to_login:
                path = urlquote(request.get_full_path())
                tup = login_url, redirect_field_name, path
                return HttpResponseRedirect('%s?%s=%s' % tup)
            return permission_denied(request)
        return wraps(view_func)(decorated)
    return decorate

def permission_required_or_403(perm, *args, **kwargs):
    """
    Decorator that wraps the permission_required decorator and returns a
    permission denied (403) page instead of redirecting to the login URL.
    """
    kwargs['redirect_to_login'] = False
    return permission_required(perm, *args, **kwargs)
Added decorator to be used with views, yay 2009-06-21 23:06:21 +00:00			`import inspect`
			`from django.core.exceptions import PermissionDenied`
			`from django.http import HttpResponseForbidden, HttpResponseRedirect, Http404`
			`from django.utils.http import urlquote`
Removed dependency on external decorator package, using functools.wraps instead. 2009-07-06 09:08:36 +00:00			`from django.utils.functional import wraps`
Added decorator to be used with views, yay 2009-06-21 23:06:21 +00:00			`from django.db.models import Model, get_model`
			`from django.shortcuts import get_object_or_404`
			`from django.conf import settings`
			`from django.contrib.auth.decorators import user_passes_test`
			`from django.contrib.auth import REDIRECT_FIELD_NAME`

			`from authority import permissions`
Fixed decorator to only check for permissions if user is logged in. Added permission_denied view to be used when permission check unsuccessful, e.g. with the new permission_required_or_403 decorator. The permission_required decorator will redirect to the login form by default. 2009-07-03 13:41:21 +00:00			`from authority.views import permission_denied`
Added decorator to be used with views, yay 2009-06-21 23:06:21 +00:00
Back to tuple style syntax for permission required decorator. 2009-07-06 19:57:16 +00:00			`def permission_required(perm, model_lookups, *kwargs):`
Added decorator to be used with views, yay 2009-06-21 23:06:21 +00:00			`"""`
			`Decorator for views that checks whether a user has a particular permission`
			`enabled, redirecting to the log-in page if necessary.`
			`"""`
Back to tuple style syntax for permission required decorator. 2009-07-06 19:57:16 +00:00			`login_url = kwargs.pop('login_url', settings.LOGIN_URL)`
			`redirect_field_name = kwargs.pop('redirect_field_name', REDIRECT_FIELD_NAME)`
			`redirect_to_login = kwargs.pop('redirect_to_login', True)`
Removed dependency on external decorator package, using functools.wraps instead. 2009-07-06 09:08:36 +00:00			`def decorate(view_func):`
			`def decorated(request, args, *kwargs):`
			`objs = []`
			`if request.user.is_authenticated():`
Back to tuple style syntax for permission required decorator. 2009-07-06 19:57:16 +00:00			`for model, lookup, varname in model_lookups:`
			`if varname not in kwargs:`
			`continue`
			`value = kwargs.get(varname, None)`
			`if value is None:`
Removed dependency on external decorator package, using functools.wraps instead. 2009-07-06 09:08:36 +00:00			`continue`
			`if isinstance(model, basestring):`
			`model_class = get_model(*model.split("."))`
			`else:`
			`model_class = model`
			`if model_class is None:`
			`raise ValueError(`
			`"The given argument '%s' is not a valid model." % model)`
			`if inspect.isclass(model_class) and \`
			`not issubclass(model_class, Model):`
			`raise ValueError(`
			`'The argument %s needs to be a model.' % model)`
Introduce a new syntax for the decorator to not rely on the order of the arguments passed to the view function. That failed because kwargs is a dict, d'oh. 2009-07-06 14:03:56 +00:00			`objs.append(get_object_or_404(model_class, **{lookup: value}))`
Removed dependency on external decorator package, using functools.wraps instead. 2009-07-06 09:08:36 +00:00			`check = permissions.registry.get_check(request.user, perm)`
Back to tuple style syntax for permission required decorator. 2009-07-06 19:57:16 +00:00			`granted = False`
			`if check is not None:`
			`granted = check(*objs)`
			`if granted or request.user.has_perm(perm):`
Try to fix the permission system after breaking it. 2009-07-06 17:08:44 +00:00			`return view_func(request, args, *kwargs)`
Removed dependency on external decorator package, using functools.wraps instead. 2009-07-06 09:08:36 +00:00			`if redirect_to_login:`
			`path = urlquote(request.get_full_path())`
			`tup = login_url, redirect_field_name, path`
			`return HttpResponseRedirect('%s?%s=%s' % tup)`
			`return permission_denied(request)`
			`return wraps(view_func)(decorated)`
			`return decorate`
Fixed decorator to only check for permissions if user is logged in. Added permission_denied view to be used when permission check unsuccessful, e.g. with the new permission_required_or_403 decorator. The permission_required decorator will redirect to the login form by default. 2009-07-03 13:41:21 +00:00
			`def permission_required_or_403(perm, args, *kwargs):`
			`"""`
			`Decorator that wraps the permission_required decorator and returns a`
			`permission denied (403) page instead of redirecting to the login URL.`
			`"""`
			`kwargs['redirect_to_login'] = False`
			`return permission_required(perm, args, *kwargs)`