Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

from django.conf import settings 

from django.http import HttpResponseForbidden, HttpResponseRedirect 

try: 

from django.utils.translation import ugettex as _ 

except: 

from django.utils.translation import gettext as _ 

from django.urls import resolve 

 

from django_roles_access.models import ViewAccess 

 

DEFAULT_FORBIDDEN_MESSAGE = _(u'<h1>403 Forbidden</h1>') 

 

 

def get_view_access(request): 

""" 

Check access if exist a ViewAccess object for the view being processed. 

 

A ViewAccess object is linked to present view when current namespace and 

view name are the value of *view* attribute of the ViewAccess object. Can 

be only one ViewAccess object for each namespace and view name. If no 

namespace is used, application name is used instead as Django default 

behavior. This also means for Django < 2.0 the attribute app_name is 

required in URLConf (Django > 2.0 has this requirement). 

 

If exist a ViewAccess object linked to present view, security checks are 

done to conclude if request user have access or not. In case request user 

do not have access, PermissionDenied is raised. 

 

:return: True if user have access. Or raise PermissionDenied. 

""" 

user = request.user 

current_url = resolve(request.path_info) 

view_name = current_url.view_name 

 

view_access = ViewAccess.objects.filter(view=view_name).first() 

if view_access: 

if view_access.type == 'pu': 

return True 

elif view_access.type == 'au': 

if user.is_authenticated: 

return True 

else: 

return False 

elif view_access.type == 'br': 

if user.is_authenticated: 

access = list(set(user.groups.all()) & 

set(view_access.roles.all())) 

if access: 

return True 

else: 

return False 

else: 

return False 

else: 

return None 

 

 

def get_setting_dictionary(): 

""" 

Return django-roles settings variable or None. 

 

:return: Dictionary with three keys: NOT_SECURE, PUBLIC, SECURE with their 

settings values or None. 

""" 

settings_dictionary = {} 

 

try: 

settings_dictionary['NOT_SECURED'] = settings.NOT_SECURED 

except AttributeError: 

settings_dictionary['NOT_SECURED'] = [] 

 

try: 

settings_dictionary['PUBLIC'] = settings.PUBLIC 

except AttributeError: 

settings_dictionary['PUBLIC'] = [] 

 

try: 

settings_dictionary['SECURED'] = settings.SECURED 

except AttributeError: 

settings_dictionary['SECURED'] = [] 

 

return settings_dictionary 

 

 

def check_access_by_role(request): 

""" 

Given a request to access a view the function check if user (logged or 

not) can access required view. 

 

:param request: :class:`django.http.HttpRequest` 

:return: True if can access the view. False in other case. 

""" 

current_url = resolve(request.path_info) 

app_name = current_url.app_name 

setting_dictionary = get_setting_dictionary() 

 

# NOT_SECURED applications are ignored 

if app_name in setting_dictionary['NOT_SECURED']: 

return True 

# If view has an access configuration, this takes precedence over 

# the classification of the application 

view_access = get_view_access(request) 

if view_access is not None: 

return view_access 

# Check for public applications 

if app_name in setting_dictionary['PUBLIC']: 

return True 

if app_name in setting_dictionary['SECURED']: 

if not request.user.is_authenticated: 

return False 

return True 

 

 

def get_app_type(app_name): 

for key, val in get_setting_dictionary().items(): 

if app_name in val: 

return key 

return None 

 

 

def get_forbidden_message(): 

if hasattr(settings, 'DJANGO_ROLES_ACCESS_FORBIDDEN_MESSAGE'): 

return settings.DJANGO_ROLES_ACCESS_FORBIDDEN_MESSAGE 

return DEFAULT_FORBIDDEN_MESSAGE 

 

 

def get_no_access_response(): 

if hasattr(settings, 'DJANGO_ROLES_ACCESS_REDIRECT'): 

if settings.DJANGO_ROLES_ACCESS_REDIRECT: 

return HttpResponseRedirect(settings.LOGIN_URL) 

if hasattr(settings, 'DJANGO_ROLES_ACCESS_FORBIDDEN_MESSAGE'): 

return HttpResponseForbidden( 

settings.DJANGO_ROLES_ACCESS_FORBIDDEN_MESSAGE) 

return HttpResponseForbidden(DEFAULT_FORBIDDEN_MESSAGE)