| 1 | from functools import wraps |
|---|
| 2 | from urllib.parse import urlparse |
|---|
| 3 | |
|---|
| 4 | from django.conf import settings |
|---|
| 5 | from django.contrib.auth import REDIRECT_FIELD_NAME |
|---|
| 6 | from django.core.exceptions import PermissionDenied |
|---|
| 7 | from django.shortcuts import resolve_url |
|---|
| 8 | |
|---|
| 9 | |
|---|
| 10 | def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME, arg_position=None): |
|---|
| 11 | """ |
|---|
| 12 | Decorator for views that checks that the user passes the given test, |
|---|
| 13 | redirecting to the log-in page if necessary. The test should be a callable |
|---|
| 14 | that takes the user object and returns True if the user passes. |
|---|
| 15 | arg_position: int, write on decoration position in args vars of request data |
|---|
| 16 | """ |
|---|
| 17 | |
|---|
| 18 | def decorator(view_func): |
|---|
| 19 | @wraps(view_func, assigned=available_attrs(view_func)) |
|---|
| 20 | def _wrapped_view(request, *args, **kwargs): |
|---|
| 21 | |
|---|
| 22 | if type(arg_position) is int: |
|---|
| 23 | request = args[arg_position] |
|---|
| 24 | |
|---|
| 25 | if test_func(request.user): |
|---|
| 26 | return view_func(request, *args, **kwargs) |
|---|
| 27 | path = request.build_absolute_uri() |
|---|
| 28 | resolved_login_url = resolve_url(login_url or settings.LOGIN_URL) |
|---|
| 29 | # If the login url is the same scheme and net location then just |
|---|
| 30 | # use the path as the "next" url. |
|---|
| 31 | login_scheme, login_netloc = urlparse(resolved_login_url)[:2] |
|---|
| 32 | current_scheme, current_netloc = urlparse(path)[:2] |
|---|
| 33 | if ((not login_scheme or login_scheme == current_scheme) and |
|---|
| 34 | (not login_netloc or login_netloc == current_netloc)): |
|---|
| 35 | path = request.get_full_path() |
|---|
| 36 | from django.contrib.auth.views import redirect_to_login |
|---|
| 37 | return redirect_to_login( |
|---|
| 38 | path, resolved_login_url, redirect_field_name) |
|---|
| 39 | return _wrapped_view |
|---|
| 40 | return decorator |
|---|
| 41 | |
|---|
| 42 | |
|---|
| 43 | def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None): |
|---|
| 44 | """ |
|---|
| 45 | Decorator for views that checks that the user is logged in, redirecting |
|---|
| 46 | to the log-in page if necessary. |
|---|
| 47 | """ |
|---|
| 48 | actual_decorator = user_passes_test( |
|---|
| 49 | lambda u: u.is_authenticated, |
|---|
| 50 | login_url=login_url, |
|---|
| 51 | redirect_field_name=redirect_field_name |
|---|
| 52 | ) |
|---|
| 53 | if function: |
|---|
| 54 | return actual_decorator(function) |
|---|
| 55 | return actual_decorator |
|---|
| 56 | |
|---|
| 57 | |
|---|
| 58 | def permission_required(perm, login_url=None, raise_exception=False): |
|---|
| 59 | """ |
|---|
| 60 | Decorator for views that checks whether a user has a particular permission |
|---|
| 61 | enabled, redirecting to the log-in page if necessary. |
|---|
| 62 | If the raise_exception parameter is given the PermissionDenied exception |
|---|
| 63 | is raised. |
|---|
| 64 | """ |
|---|
| 65 | def check_perms(user): |
|---|
| 66 | if isinstance(perm, str): |
|---|
| 67 | perms = (perm,) |
|---|
| 68 | else: |
|---|
| 69 | perms = perm |
|---|
| 70 | # First check if the user has the permission (even anon users) |
|---|
| 71 | if user.has_perms(perms): |
|---|
| 72 | return True |
|---|
| 73 | # In case the 403 handler should be called raise the exception |
|---|
| 74 | if raise_exception: |
|---|
| 75 | raise PermissionDenied |
|---|
| 76 | # As the last resort, show the login form |
|---|
| 77 | return False |
|---|
| 78 | return user_passes_test(check_perms, login_url=login_url) |
|---|