def task_file(request, contest_id, file_id):
contest = get_object_or_404(models.TaskBasedContest, pk=contest_id)
if not contest.is_visible_in_list and not request.user.is_staff:
return HttpResponseNotFound()
file = get_object_or_404(tasks_models.TaskFile, pk=file_id)
if not contest.has_task(file.task):
return HttpResponseNotFound()
if not contest.is_started() and not request.user.is_staff:
return HttpResponseForbidden('Contest is not started')
participant = contest.get_participant_for_user(request.user)
if not is_task_open(contest, file.task, participant) and not request.user.is_staff:
return HttpResponseForbidden('Task is closed')
if file.participant is not None and file.participant.id != request.user.id:
return HttpResponseForbidden()
file_path = file.get_path_abspath()
return respond_as_attachment(request, file_path, file.name, file.content_type)
python类HttpResponseForbidden()的实例源码
def get(self, request, **kwargs):
form = SearchForm(request.GET)
if not form.is_valid():
return HttpResponseForbidden()
query = form.cleaned_data.get('q')
paginator = SearchPaginator(
request,
query=query,
per_page=20,
page_neighbors=1,
side_neighbors=1,
)
# SEO
seo = Seo()
seo.title = _('Search results')
seo.save(request)
return self.render_to_response({
'form': form,
'title': _('Search by «%s»') % query,
'paginator': paginator,
})
def tutorial_message(request, pk):
tutorial = get_object_or_404(PyConTutorialProposal, pk=pk)
presentation = Presentation.objects.get(proposal_base=tutorial)
if not request.user.is_staff:
if not is_attendee_or_speaker(request.user, presentation):
return HttpResponseForbidden(_(u"Not authorized for this page"))
message_form = TutorialMessageForm()
if request.method == 'POST':
message = PyConTutorialMessage(user=request.user,
tutorial=tutorial)
message_form = TutorialMessageForm(request.POST, instance=message)
if message_form.is_valid():
message = message_form.save()
context = email_context(request, tutorial, message)
sender_email = request.user.email
speakers = [x.email for x in tutorial.speakers()
if x.email != sender_email]
attendees = [x.email for x in tutorial.registrants.all()
if x.email != sender_email]
recipients = speakers + attendees
# Send new message notice to speakers/attendees
send_email_message("message",
from_=settings.DEFAULT_FROM_EMAIL,
to=[request.user.email],
bcc=recipients,
context=context)
messages.add_message(request, messages.INFO, _(u"Message sent"))
url = reverse('schedule_presentation_detail', args=[presentation.pk])
return redirect(url)
return render(request, "tutorials/message.html", {
'presentation': presentation,
'form': message_form
})
def _process_individual_form(self, form_name, form_classes):
forms = self.get_forms(form_classes, (form_name,))
form = forms.get(form_name)
if not form:
return HttpResponseForbidden()
elif form.is_valid():
return self.forms_valid(forms, form_name)
else:
return self.forms_invalid(forms)
def dispatch(self, *args, **kwargs):
if not self.request.user.has_perm('clips.add_clip'):
return HttpResponseForbidden()
return super(ClipCreateView, self).dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs):
if not self.request.user.has_perm('clips.change_clip'):
return HttpResponseForbidden()
return super(ClipUpdateView, self).dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs):
if not self.request.user.has_perm('clips.delete_clip'):
return HttpResponseForbidden()
return super(ClipDeleteView, self).dispatch(*args, **kwargs)
def get(self, request):
username = request.user.get_username()
filename = request.GET['filename']
signature = request.GET['signature']
if not check_signature(signature, filename, username):
return HttpResponseForbidden()
return HttpResponseRedirect(
redirect_to=self.storage.cloud_front_url(filename)
)
def post(self, request, *args, **kwargs):
# Check if the secret key matches
if request.META.get('HTTP_AUTH_SECRET') != 'supersecretkey':
return HttpResponseForbidden('Auth key incorrect')
form_class = modelform_factory(DataPoint, fields=['node_name', 'data_type', 'data_value'])
form = form_class(request.POST)
if form.is_valid():
form.save()
return HttpResponse()
else:
return HttpResponseBadRequest()
def post(self, request, *args, **kwargs):
# Check if the secret key matches
if request.META.get('HTTP_AUTH_SECRET') != 'supersecretkey':
return HttpResponseForbidden('Auth key incorrect')
form_class = modelform_factory(DataPoint, fields=['node_name', 'data_type', 'data_value'])
form = form_class(request.POST)
if form.is_valid():
form.save()
return HttpResponse()
else:
return HttpResponseBadRequest()
def dispatch(self, request, *args, **kwargs):
user = request.user
if Blog.objects.filter(owner=user).exists():
return HttpResponseForbidden ('You can not create more than one blogs per account')
else:
return super(NewBlogView, self).dispatch(request, *args, **kwargs)
def get(self, request, post_pk, blog_pk):
blog_post = BlogPost.objects.get(pk=post_pk)
if blog_post.blog.owner != request.user:
return HttpResponseForbidden('You can only share posts that you created')
blog = Blog.objects.get(pk=blog_pk)
blog_post.shared_to.add(blog)
return HttpResponseRedirect(reverse('home'))
def get(self, request, post_pk, blog_pk):
blog_post = BlogPost.objects.get(pk=post_pk)
if blog_post.blog.owner != request.user:
return HttpResponseForbidden('You can only stop sharing posts that you created')
blog = Blog.objects.get(pk=blog_pk)
blog_post.shared_to.remove(blog)
return HttpResponseRedirect(reverse('home'))
def get(self, request, post_pk, blog_pk):
blog_post = BlogPost.objects.get(pk=post_pk)
if blog_post.blog.owner != request.user:
return HttpResponseForbidden('You can only share posts that you created')
blog = Blog.objects.get(pk=blog_pk)
blog_post.shared_to.add(blog)
return HttpResponseRedirect(reverse('home'))
def get(self, request, post_pk, blog_pk):
blog_post = BlogPost.objects.get(pk=post_pk)
if blog_post.blog.owner != request.user:
return HttpResponseForbidden('You can only stop sharing posts that you created')
blog = Blog.objects.get(pk=blog_pk)
blog_post.shared_to.remove(blog)
return HttpResponseRedirect(reverse('home'))
def dispatch(self, request, *args, **kwargs):
obj = self.get_object()
if obj.author != self.request.user:
#add a message here (see DeleteView)
#add a redirect instead of ResponseForbidden
#this mixin only works with Author
return HttpResponseForbidden()
return super(UserRequiredMixin, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
obj = self.get_object()
if obj.author != self.request.user:
#add a message here (see DeleteView)
#add a redirect instead of ResponseForbidden
#this mixin only works with Author
return HttpResponseForbidden()
return super(UserRequiredMixin, self).dispatch(request, *args, **kwargs)
def detail(request, pk):
mail = get_object_or_404(Mail, pk=pk)
can_read = mail.can_read(request)
if can_read == (True, None):
mail.read()
return render(request, 'web/detail.html', {
'mail': mail, 'recipient': mail.recipient
})
elif can_read == (False, {CannotReadReasons.secret_code}):
return render(request, 'web/secretcode_form.html', {
'mail': mail, 'recipient': mail.recipient
})
else:
return HttpResponseForbidden()
def dispatch(self, request, *args, **kwargs):
'''
Can only add contract types in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
if request.user.userprofile.gym_id != int(self.kwargs['gym_pk']):
return HttpResponseForbidden()
return super(AddView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only add contract types in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
contract_type = self.get_object()
if request.user.userprofile.gym_id != contract_type.gym_id:
return HttpResponseForbidden()
return super(UpdateView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only add contract types in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
contract_type = self.get_object()
if request.user.userprofile.gym_id != contract_type.gym_id:
return HttpResponseForbidden()
return super(DeleteView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only list contract types in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
self.gym = get_object_or_404(Gym, id=self.kwargs['gym_pk'])
if request.user.userprofile.gym_id != self.gym.id:
return HttpResponseForbidden()
return super(ListView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only add contract types in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
if request.user.userprofile.gym_id != int(self.kwargs['gym_pk']):
return HttpResponseForbidden()
return super(AddView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only add contract option in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
contract_type = self.get_object()
if request.user.userprofile.gym_id != contract_type.gym_id:
return HttpResponseForbidden()
return super(DeleteView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only list contract types in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
self.gym = get_object_or_404(Gym, id=self.kwargs['gym_pk'])
if request.user.userprofile.gym_id != self.gym.id:
return HttpResponseForbidden()
return super(ListView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only add documents to users in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
user = get_object_or_404(User, pk=self.kwargs['user_pk'])
self.member = user
if user.userprofile.gym_id != request.user.userprofile.gym_id:
return HttpResponseForbidden()
return super(AddView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only see contracts for own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
contract = self.get_object()
if contract.member.userprofile.gym_id != request.user.userprofile.gym_id:
return HttpResponseForbidden()
return super(DetailView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Only trainers for this gym can edit user notes
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
contract = self.get_object()
if contract.member.userprofile.gym_id != request.user.userprofile.gym_id:
return HttpResponseForbidden()
return super(UpdateView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Only managers for this gym can add new members
'''
if request.user.has_perm('gym.change_gymconfig'):
gym_id = request.user.userprofile.gym_id
if gym_id != int(self.kwargs['pk']):
return HttpResponseForbidden()
return super(GymConfigUpdateView, self).dispatch(request, *args, **kwargs)
def dispatch(self, request, *args, **kwargs):
'''
Can only add notes to users in own gym
'''
if not request.user.is_authenticated():
return HttpResponseForbidden()
user = User.objects.get(pk=self.kwargs['user_pk'])
self.member = user
if user.userprofile.gym_id != request.user.userprofile.gym_id:
return HttpResponseForbidden()
return super(ListView, self).dispatch(request, *args, **kwargs)
