k4ever/k4ever/api2/decorators.py

88 lines
2.6 KiB
Python
Raw Normal View History

2011-09-29 14:14:29 +02:00
from functools import wraps
2011-09-30 17:22:26 +02:00
from django.contrib.auth.models import User, Group
from piston.utils import rc
from main.models import Plugin, PluginPermission
2011-09-29 14:14:29 +02:00
2011-09-30 17:22:26 +02:00
def manglePluginPerms(apiFunc):
2011-10-06 18:09:35 +02:00
""" Changes to a given user when the authenticated user is an plugin.
When the user which called the apifunc is a plugin this function
goes through the following steps:
2011-10-07 02:38:23 +02:00
2011-10-06 18:09:35 +02:00
- searches the user it should change to
- checks if this user allowed the plugin to "speak for him"
- change the request so it looks like the user called himself
- add an plugin_user entry containing the previous request user
2011-10-07 02:38:23 +02:00
2011-10-06 18:09:35 +02:00
This decorator is intended to be used with django piston, so on error
it will return the appropriate rc.* values.
2011-09-29 14:14:29 +02:00
"""
@wraps(apiFunc)
def wrapper(self, request, *args, **kwargs):
2011-09-30 17:22:26 +02:00
if request.method != 'GET':
if not request.content_type:
request.data = request.POST
else:
request.data = request.GET
# 0. is user a plugin?
try:
group = request.user.groups.get(name="Plugin")
except Group.DoesNotExist:
# user is not a plugin, exec the apiFunc
return apiFunc(self, request, *args, **kwargs)
# get the plugin for the user
# FIXME: Could throw exception when we have no plugin for the
# user - where should we report this?
plugin = Plugin.objects.get(user=request.user)
2011-10-07 02:38:23 +02:00
2011-09-30 17:22:26 +02:00
# 1. find user!
user = None
try:
user = User.objects.get(username=request.data.get('user', ''))
except User.DoesNotExist:
ret = rc.NOT_HERE
ret.write("\nThe user you requested could not be found\n")
return ret
# 2. does the plugin has permission for this user?
perms = None
try:
perms = PluginPermission.objects.get(user=user, plugin=plugin)
except PluginPermission.DoesNotExist:
ret = rc.FORBIDDEN
ret.write("\nThe user did not grant you permission to act on his behalf\n")
return ret
# 3. put stuff into the request
request.user = user
request.plugin = plugin
request.pluginperms = perms
2011-09-30 17:22:26 +02:00
return apiFunc(self, request, *args, **kwargs)
2011-09-29 14:14:29 +02:00
return wrapper
2011-09-30 17:22:26 +02:00
def requirePlugin(apiFunc):
"""Check if user is a plugin.
2011-10-07 02:38:23 +02:00
2011-09-30 17:22:26 +02:00
Checks if the user is a member of the "Plugin" Group. Returns a rc.FORBIDDEN
if not.
"""
@wraps(apiFunc)
def wrapper(self, request, *args, **kwargs):
try:
if request.user:
group = request.user.groups.get(name="Plugin")
# no exception, exec apiFunc!
2011-09-30 22:29:02 +02:00
request.plugin = Plugin.objects.get(user=request.user)
2011-09-30 17:22:26 +02:00
return apiFunc(self, request, *args, **kwargs)
2011-09-30 22:29:02 +02:00
except Group.DoesNotExist:
2011-09-30 17:22:26 +02:00
pass
ret = rc.FORBIDDEN
ret.write("\nA plugin is required for this api function\n")
return ret
2011-09-30 17:22:26 +02:00
return wrapper
2011-09-29 14:14:29 +02:00