|
1
|
|
|
################################################################ |
|
2
|
|
|
# MET v2 Metadate Explorer Tool |
|
3
|
|
|
# |
|
4
|
|
|
# This Software is Open Source. See License: https://github.com/TERENA/met/blob/master/LICENSE.md |
|
5
|
|
|
# Copyright (c) 2012, TERENA All rights reserved. |
|
6
|
|
|
# |
|
7
|
|
|
# This Software is based on MET v1 developed for TERENA by Yaco Sistemas, http://www.yaco.es/ |
|
8
|
|
|
# MET v2 was developed for TERENA by Tamim Ziai, DAASI International GmbH, http://www.daasi.de |
|
9
|
|
|
# Current version of MET has been revised for performance improvements by Andrea Biancini, |
|
10
|
|
|
# Consortium GARR, http://www.garr.it |
|
11
|
|
|
######################################################################################### |
|
12
|
|
|
|
|
13
|
|
|
import urlparse |
|
14
|
|
|
from django.http import HttpResponseForbidden |
|
15
|
|
|
try: |
|
16
|
|
|
from functools import wraps |
|
17
|
|
|
except ImportError: |
|
18
|
|
|
from django.utils.functional import wraps # Python 2.4 fallback |
|
19
|
|
|
|
|
20
|
|
|
from django.conf import settings |
|
21
|
|
|
from django.contrib.auth import REDIRECT_FIELD_NAME |
|
22
|
|
|
from django.utils.decorators import available_attrs |
|
23
|
|
|
|
|
24
|
|
|
def login_request(request, login_url=None): |
|
25
|
|
|
path = request.build_absolute_uri() |
|
26
|
|
|
# If the login url is the same scheme and net location then just |
|
27
|
|
|
# use the path as the "next" url. |
|
28
|
|
|
login_scheme, login_netloc = urlparse.urlparse(login_url or |
|
29
|
|
|
settings.LOGIN_URL)[:2] |
|
30
|
|
|
current_scheme, current_netloc = urlparse.urlparse(path)[:2] |
|
31
|
|
|
if ((not login_scheme or login_scheme == current_scheme) and |
|
32
|
|
|
(not login_netloc or login_netloc == current_netloc)): |
|
33
|
|
|
path = request.get_full_path() |
|
34
|
|
|
from django.contrib.auth.views import redirect_to_login |
|
35
|
|
|
return redirect_to_login(path, login_url) |
|
36
|
|
|
|
|
37
|
|
|
def user_can_edit(objtype, login_url=None, |
|
38
|
|
|
redirect_field=REDIRECT_FIELD_NAME, delete=False): |
|
39
|
|
|
""" based on user_passtest from django.contrib.auth.decorators""" |
|
40
|
|
|
def decorator(view_func): |
|
41
|
|
|
def _get_objid(kwargs): |
|
42
|
|
|
for key in kwargs.keys(): |
|
43
|
|
|
if key.endswith('_id'): |
|
44
|
|
|
return kwargs.get(key) |
|
45
|
|
|
return None |
|
46
|
|
|
|
|
47
|
|
|
@wraps(view_func, assigned=available_attrs(view_func)) |
|
48
|
|
|
def _wrapped_view(request, *args, **kwargs): |
|
49
|
|
|
path = request.build_absolute_uri() |
|
50
|
|
|
objid = _get_objid(kwargs) |
|
51
|
|
|
if objtype and objid: |
|
52
|
|
|
obj = objtype.objects.get(id=objid) |
|
53
|
|
|
if obj.can_edit(request.user, delete): |
|
54
|
|
|
return view_func(request, *args, **kwargs) |
|
55
|
|
|
elif request.user.is_authenticated(): |
|
56
|
|
|
return view_func(request, *args, **kwargs) |
|
57
|
|
|
|
|
58
|
|
|
if request.user.is_authenticated(): |
|
59
|
|
|
return HttpResponseForbidden(u"You can't edit this object") |
|
60
|
|
|
|
|
61
|
|
|
return login_request(path, login_url) |
|
62
|
|
|
return _wrapped_view |
|
63
|
|
|
return decorator |
|
64
|
|
|
|
GEANT /
met
