1 | from functools import wraps
|
---|
2 | from urllib.parse import urlparse
|
---|
3 |
|
---|
4 | from django.conf import settings
|
---|
5 | from django.contrib.auth import REDIRECT_FIELD_NAME
|
---|
6 | from django.core.exceptions import PermissionDenied
|
---|
7 | from django.shortcuts import resolve_url
|
---|
8 |
|
---|
9 |
|
---|
10 | def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME, arg_position=None):
|
---|
11 | """
|
---|
12 | Decorator for views that checks that the user passes the given test,
|
---|
13 | redirecting to the log-in page if necessary. The test should be a callable
|
---|
14 | that takes the user object and returns True if the user passes.
|
---|
15 | arg_position: int, write on decoration position in args vars of request data
|
---|
16 | """
|
---|
17 |
|
---|
18 | def decorator(view_func):
|
---|
19 | @wraps(view_func, assigned=available_attrs(view_func))
|
---|
20 | def _wrapped_view(request, *args, **kwargs):
|
---|
21 |
|
---|
22 | if type(arg_position) is int:
|
---|
23 | request = args[arg_position]
|
---|
24 |
|
---|
25 | if test_func(request.user):
|
---|
26 | return view_func(request, *args, **kwargs)
|
---|
27 | path = request.build_absolute_uri()
|
---|
28 | resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
|
---|
29 | # If the login url is the same scheme and net location then just
|
---|
30 | # use the path as the "next" url.
|
---|
31 | login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
|
---|
32 | current_scheme, current_netloc = urlparse(path)[:2]
|
---|
33 | if ((not login_scheme or login_scheme == current_scheme) and
|
---|
34 | (not login_netloc or login_netloc == current_netloc)):
|
---|
35 | path = request.get_full_path()
|
---|
36 | from django.contrib.auth.views import redirect_to_login
|
---|
37 | return redirect_to_login(
|
---|
38 | path, resolved_login_url, redirect_field_name)
|
---|
39 | return _wrapped_view
|
---|
40 | return decorator
|
---|
41 |
|
---|
42 |
|
---|
43 | def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None):
|
---|
44 | """
|
---|
45 | Decorator for views that checks that the user is logged in, redirecting
|
---|
46 | to the log-in page if necessary.
|
---|
47 | """
|
---|
48 | actual_decorator = user_passes_test(
|
---|
49 | lambda u: u.is_authenticated,
|
---|
50 | login_url=login_url,
|
---|
51 | redirect_field_name=redirect_field_name
|
---|
52 | )
|
---|
53 | if function:
|
---|
54 | return actual_decorator(function)
|
---|
55 | return actual_decorator
|
---|
56 |
|
---|
57 |
|
---|
58 | def permission_required(perm, login_url=None, raise_exception=False):
|
---|
59 | """
|
---|
60 | Decorator for views that checks whether a user has a particular permission
|
---|
61 | enabled, redirecting to the log-in page if necessary.
|
---|
62 | If the raise_exception parameter is given the PermissionDenied exception
|
---|
63 | is raised.
|
---|
64 | """
|
---|
65 | def check_perms(user):
|
---|
66 | if isinstance(perm, str):
|
---|
67 | perms = (perm,)
|
---|
68 | else:
|
---|
69 | perms = perm
|
---|
70 | # First check if the user has the permission (even anon users)
|
---|
71 | if user.has_perms(perms):
|
---|
72 | return True
|
---|
73 | # In case the 403 handler should be called raise the exception
|
---|
74 | if raise_exception:
|
---|
75 | raise PermissionDenied
|
---|
76 | # As the last resort, show the login form
|
---|
77 | return False
|
---|
78 | return user_passes_test(check_perms, login_url=login_url)
|
---|