def authenticate(**credentials):
"""
If the given credentials are valid, return a User object.
"""
for backend, backend_path in _get_backends(return_tuples=True):
try:
inspect.getcallargs(backend.authenticate, **credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
try:
user = backend.authenticate(**credentials)
except PermissionDenied:
# This backend says to stop in our tracks - this user should not be allowed in at all.
return None
if user is None:
continue
# Annotate the user object with the path of the backend.
user.backend = backend_path
return user
# The credentials supplied are invalid to all backends, fire signal
user_login_failed.send(sender=__name__,
credentials=_clean_credentials(credentials))
python类PermissionDenied()的实例源码
def get_init_widget(self):
portal = []
widgets = self.widgets
for col in widgets:
portal_col = []
for opts in col:
try:
widget = UserWidget(user=self.user, page_id=self.get_page_id(), widget_type=opts['type'])
widget.set_value(opts)
widget.save()
portal_col.append(self.get_widget(widget))
except (PermissionDenied, WidgetDataError):
widget.delete()
continue
portal.append(portal_col)
UserSettings(
user=self.user, key="dashboard:%s:pos" % self.get_page_id(),
value='|'.join([','.join([str(w.id) for w in col]) for col in portal])).save()
return portal
def check_submission_permissions(request, xform):
"""Check that permission is required and the request user has permission.
The user does no have permissions iff:
* the user is authed,
* either the profile or the form require auth,
* the xform user is not submitting.
Since we have a username, the Instance creation logic will
handle checking for the forms existence by its id_string.
:returns: None.
:raises: PermissionDenied based on the above criteria.
"""
profile = UserProfile.objects.get_or_create(user=xform.user)[0]
if request and (profile.require_auth or xform.require_auth
or request.path == '/submission')\
and xform.user != request.user\
and not request.user.has_perm('report_xform', xform):
raise PermissionDenied(
_(u"%(request_user)s is not allowed to make submissions "
u"to %(form_user)s's %(form_title)s form." % {
'request_user': request.user,
'form_user': xform.user,
'form_title': xform.title}))
def enketo(self, request, *args, **kwargs):
self.object = self.get_object()
data = {}
if isinstance(self.object, XForm):
raise ParseError(_(u"Data id not provided."))
elif(isinstance(self.object, Instance)):
if request.user.has_perm("change_xform", self.object.xform):
return_url = request.query_params.get('return_url')
if not return_url:
raise ParseError(_(u"return_url not provided."))
try:
data["url"] = get_enketo_edit_url(
request, self.object, return_url)
except EnketoError as e:
data['detail'] = "{}".format(e)
else:
raise PermissionDenied(_(u"You do not have edit permissions."))
return Response(data=data)
def dispatch(self, request, *args, **kwargs):
if request.group.name == "Super Admin":
return super(ProjectRoleMixin, self).dispatch(request, *args, **kwargs)
project_id = self.kwargs.get('pk')
user_id = request.user.id
user_role = request.roles.filter(user_id = user_id, project_id = project_id, group__name="Project Manager")
if user_role:
return super(ProjectRoleMixin, self).dispatch(request, *args, **kwargs)
organization_id = Project.objects.get(pk=project_id).organization.id
user_role_asorgadmin = request.roles.filter(user_id = user_id, organization_id = organization_id, group__name="Organization Admin")
if user_role_asorgadmin:
return super(ProjectRoleMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied()
def dispatch(self, request, *args, **kwargs):
if request.group.name == "Super Admin":
return super(ReviewerRoleMixin, self).dispatch(request, *args, **kwargs)
site_id = self.kwargs.get('pk')
user_id = request.user.id
user_role = request.roles.filter(user_id = user_id, site_id = site_id, group__name="Reviewer")
if user_role:
return super(ReviewerRoleMixin, self).dispatch(request, *args, **kwargs)
project = Site.objects.get(pk=site_id).project
user_role_aspadmin = request.roles.filter(user_id = user_id, project_id = project.id, group__name="Project Manager")
if user_role_aspadmin:
return super(ReviewerRoleMixin, self).dispatch(request, *args, **kwargs)
organization_id = project.organization.id
user_role_asorgadmin = request.roles.filter(user_id = user_id, organization_id = organization_id, group__name="Organization Admin")
if user_role_asorgadmin:
return super(ReviewerRoleMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied()
def dispatch(self, request, *args, **kwargs):
if request.group.name == "Super Admin":
return super(ReviewerRoleMixin, self).dispatch(request, *args, **kwargs)
site_id = self.kwargs.get('pk')
user_id = request.user.id
user_role = request.roles.filter(user_id = user_id, site_id = site_id, group__name="Site Supervisor")
if user_role:
return super(SiteSupervisorRoleMixin, self).dispatch(request, *args, **kwargs)
project = Site.objects.get(pk=site_id).project
user_role_aspadmin = request.roles.filter(user_id = user_id, project_id = project.id, group__name="Project Manager")
if user_role_aspadmin:
return super(SiteSupervisorRoleMixin, self).dispatch(request, *args, **kwargs)
organization_id = project.organization.id
user_role_asorgadmin = request.roles.filter(user_id = user_id, organization_id = organization_id, group__name="Organization Admin")
if user_role_asorgadmin:
return super(SiteSupervisorRoleMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied()
def dispatch(self, request, *args, **kwargs):
if request.group.name == "Super Admin":
return super(SiteDeleteRoleMixin, self).dispatch(request, *args, **kwargs)
site_id = self.kwargs.get('pk')
user_id = request.user.id
project = Site.objects.get(pk=site_id).project
user_role_aspadmin = request.roles.filter(user_id = user_id, project_id = project.id, group__name="Project Manager")
if user_role_aspadmin:
return super(SiteDeleteRoleMixin, self).dispatch(request, *args, **kwargs)
organization_id = project.organization.id
user_role_asorgadmin = request.roles.filter(user_id = user_id, organization_id = organization_id, group__name="Organization Admin")
if user_role_asorgadmin:
return super(SiteDeleteRoleMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied()
def dispatch(self, request, *args, **kwargs):
if request.group.name == "Super Admin":
return super(ReviewerRoleMixinDeleteView, self).dispatch(request, *args, **kwargs)
site_id = self.kwargs.get('pk')
user_id = request.user.id
user_role = request.roles.filter(user_id = user_id, site_id = site_id, group__name="Reviewer")
if user_role:
return super(SiteSupervisorRoleMixin, self).dispatch(request, *args, **kwargs)
project = Site.objects.get(pk=site_id).project
user_role_aspadmin = request.roles.filter(user_id = user_id, project_id = project.id, group__name="Project Manager")
if user_role_aspadmin:
return super(ReviewerRoleMixinDeleteView, self).dispatch(request, *args, **kwargs)
organization_id = project.organization.id
user_role_asorgadmin = request.roles.filter(user_id = user_id, organization_id = organization_id, group__name="Organization Admin")
if user_role_asorgadmin:
return super(ReviewerRoleMixinDeleteView, self).dispatch(request, *args, **kwargs)
raise PermissionDenied()
def dispatch(self, request, *args, **kwargs):
if request.user.is_authenticated():
if request.group.name == "Super Admin":
return super(ReviewerMixin, self).dispatch(request, *args, **kwargs)
elif request.group.name == "Organization Admin":
pk = self.kwargs.get('pk', False)
if not pk:
return super(ReviewerMixin, self).dispatch(request, *args, **kwargs)
else:
site = Site.objects.get(pk=pk)
organization = site.project.organization
if organization == request.organization:
return super(ReviewerMixin, self).dispatch(request, *args, **kwargs)
elif request.role.group.name in USURPERS['Reviewer']:
pk = self.kwargs.get('pk', False)
if not pk:
return super(ReviewerMixin, self).dispatch(request, *args, **kwargs)
else:
site = Site.objects.get(pk=pk)
if site.project == request.project:
return super(ReviewerMixin, self).dispatch(request, *args, **kwargs)
raise PermissionDenied()
def permission_required(perm, login_url=None, raise_exception=False):
"""
Decorator for views that checks whether a user has a particular permission
enabled, redirecting to the log-in page if necessary.
If the raise_exception parameter is given the PermissionDenied exception
is raised.
"""
def check_perms(user):
if isinstance(perm, six.string_types):
perms = (perm, )
else:
perms = perm
# First check if the user has the permission (even anon users)
if user.has_perms(perms):
return True
# In case the 403 handler should be called raise the exception
if raise_exception:
raise PermissionDenied
# As the last resort, show the login form
return False
return user_passes_test(check_perms, login_url=login_url)
def authenticate(**credentials):
"""
If the given credentials are valid, return a User object.
"""
for backend, backend_path in _get_backends(return_tuples=True):
try:
inspect.getcallargs(backend.authenticate, **credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
try:
user = backend.authenticate(**credentials)
except PermissionDenied:
# This backend says to stop in our tracks - this user should not be allowed in at all.
return None
if user is None:
continue
# Annotate the user object with the path of the backend.
user.backend = backend_path
return user
# The credentials supplied are invalid to all backends, fire signal
user_login_failed.send(sender=__name__,
credentials=_clean_credentials(credentials))
def permission_required(perm, login_url=None, raise_exception=False):
"""
Decorator for views that checks whether a user has a particular permission
enabled, redirecting to the log-in page if necessary.
If the raise_exception parameter is given the PermissionDenied exception
is raised.
"""
def check_perms(user):
if isinstance(perm, six.string_types):
perms = (perm, )
else:
perms = perm
# First check if the user has the permission (even anon users)
if user.has_perms(perms):
return True
# In case the 403 handler should be called raise the exception
if raise_exception:
raise PermissionDenied
# As the last resort, show the login form
return False
return user_passes_test(check_perms, login_url=login_url)
def authenticate(**credentials):
"""
If the given credentials are valid, return a User object.
"""
for backend, backend_path in _get_backends(return_tuples=True):
try:
inspect.getcallargs(backend.authenticate, **credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
try:
user = backend.authenticate(**credentials)
except PermissionDenied:
# This backend says to stop in our tracks - this user should not be allowed in at all.
return None
if user is None:
continue
# Annotate the user object with the path of the backend.
user.backend = backend_path
return user
# The credentials supplied are invalid to all backends, fire signal
user_login_failed.send(sender=__name__,
credentials=_clean_credentials(credentials))
def permission_required(perm, login_url=None, raise_exception=False):
"""
Decorator for views that checks whether a user has a particular permission
enabled, redirecting to the log-in page if necessary.
If the raise_exception parameter is given the PermissionDenied exception
is raised.
"""
def check_perms(user):
if not isinstance(perm, (list, tuple)):
perms = (perm, )
else:
perms = perm
# First check if the user has the permission (even anon users)
if user.has_perms(perms):
return True
# In case the 403 handler should be called raise the exception
if raise_exception:
raise PermissionDenied
# As the last resort, show the login form
return False
return user_passes_test(check_perms, login_url=login_url)
def authenticate(**credentials):
"""
If the given credentials are valid, return a User object.
"""
for backend, backend_path in _get_backends(return_tuples=True):
try:
inspect.getcallargs(backend.authenticate, **credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
try:
user = backend.authenticate(**credentials)
except PermissionDenied:
# This backend says to stop in our tracks - this user should not be allowed in at all.
return None
if user is None:
continue
# Annotate the user object with the path of the backend.
user.backend = backend_path
return user
# The credentials supplied are invalid to all backends, fire signal
user_login_failed.send(sender=__name__,
credentials=_clean_credentials(credentials))
def addcard(request, card):
if request.method != "POST":
raise PermissionDenied()
collection = 'collection' in request.GET
queryset = models.Card
if not collection:
# Note: calling filterCards will add extra info need to display the card
queryset = filters.filterCards(models.Card.objects.all(), {}, request)
card = get_object_or_404(queryset, pk=card)
account = get_object_or_404(models.Account, pk=request.POST.get('account', None), owner=request.user)
models.OwnedCard.objects.create(card=card, account=account)
if not collection:
card.total_owned += 1
if collection:
return cardcollection(request, card.id)
else:
return item_view(request, 'card', ENABLED_COLLECTIONS['card'], pk=card.id, item=card, ajax=True)
def filterOwnedCards(queryset, parameters, request):
if 'account' in parameters:
queryset = queryset.filter(account_id=parameters['account'])
elif 'ids' in parameters and parameters['ids']:
queryset = queryset.filter(id__in=parameters['ids'].split(','))
else:
raise PermissionDenied()
if 'search' in parameters and parameters['search']:
terms = parameters['search'].split(' ')
for term in terms:
queryset = queryset.filter(Q(card__title__icontains=term)
| Q(card__idol__name__icontains=term)
)
if 'i_rarity' in parameters and parameters['i_rarity']:
queryset = queryset.filter(card__i_rarity=parameters['i_rarity'])
if 'is_event' in parameters and parameters['is_event']:
if parameters['is_event'] == '2':
queryset = queryset.filter(card__event__isnull=False)
elif parameters['is_event'] == '3':
queryset = queryset.filter(card__event__isnull=True)
if 'type' in parameters and parameters['type']:
queryset = queryset.filter(card__idol__i_type=parameters['type'])
if 'i_skill' in parameters and parameters['i_skill']:
queryset = queryset.filter(card__i_skill=parameters['i_skill'])
return queryset
