mirror of
https://github.com/umap-project/umap.git
synced 2025-04-29 20:02:36 +02:00
5f67c9c229
In the same move, refactor the can_edit/_view/_delete functions to only take the request, which is what really happen in the code, and adapt the test in that way.
72 lines
2.3 KiB
Python
72 lines
2.3 KiB
Python
from functools import wraps
|
|
|
|
from django.conf import settings
|
|
from django.http import HttpResponseForbidden
|
|
from django.shortcuts import get_object_or_404
|
|
from django.urls import reverse_lazy
|
|
|
|
from .models import Map, Team
|
|
from .views import simple_json_response
|
|
|
|
LOGIN_URL = getattr(settings, "LOGIN_URL", "login")
|
|
LOGIN_URL = reverse_lazy(LOGIN_URL) if not LOGIN_URL.startswith("/") else LOGIN_URL
|
|
|
|
|
|
def login_required_if_not_anonymous_allowed(view_func):
|
|
@wraps(view_func)
|
|
def wrapper(request, *args, **kwargs):
|
|
if (
|
|
not getattr(settings, "UMAP_ALLOW_ANONYMOUS", False)
|
|
and not request.user.is_authenticated
|
|
):
|
|
return simple_json_response(login_required=str(LOGIN_URL))
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return wrapper
|
|
|
|
|
|
def can_edit_map(view_func):
|
|
"""
|
|
Used for URLs dealing with editing the map.
|
|
"""
|
|
|
|
@wraps(view_func)
|
|
def wrapper(request, *args, **kwargs):
|
|
map_inst = get_object_or_404(Map, pk=kwargs["map_id"])
|
|
kwargs["map_inst"] = map_inst # Avoid rerequesting the map in the view
|
|
if map_inst.edit_status >= map_inst.COLLABORATORS:
|
|
can_edit = map_inst.can_edit(request=request)
|
|
if not can_edit:
|
|
if map_inst.owner and not request.user.is_authenticated:
|
|
return simple_json_response(login_required=str(LOGIN_URL))
|
|
return HttpResponseForbidden()
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return wrapper
|
|
|
|
|
|
def can_view_map(view_func):
|
|
"""
|
|
Used for URLs dealing with viewing the map.
|
|
"""
|
|
|
|
@wraps(view_func)
|
|
def wrapper(request, *args, **kwargs):
|
|
map_inst = get_object_or_404(Map, pk=kwargs["map_id"])
|
|
kwargs["map_inst"] = map_inst # Avoid rerequesting the map in the view
|
|
if not map_inst.can_view(request):
|
|
return HttpResponseForbidden()
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return wrapper
|
|
|
|
|
|
def team_members_only(view_func):
|
|
@wraps(view_func)
|
|
def wrapper(request, *args, **kwargs):
|
|
team = get_object_or_404(Team, pk=kwargs["pk"])
|
|
if not request.user.is_authenticated or team not in request.user.teams.all():
|
|
return HttpResponseForbidden()
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return wrapper
|