Add zulip_internal decorator for internal Zulip reports.

(This also ensures that /queries is viewable only from inside Zulip.) (imported from commit 697da768889943ab6cea62b3e922cc43afa04759)
2013-10-22 09:39:39 -04:00 · 2013-10-22 09:39:39 -04:00 · 5562f09d99
parent 1f4b70938f
commit 5562f09d99
2 changed files with 14 additions and 15 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@ -1,5 +1,7 @@
 from __future__ import absolute_import

+from django.http import HttpResponseRedirect
+from django.contrib.auth.decorators import login_required
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
 from django.http import QueryDict
@ -112,6 +114,13 @@ def api_key_only_webhook_view(view_func):
        return view_func(request, user_profile, *args, **kwargs)
    return _wrapped_view_func

+def zulip_internal(view_func):
+    @login_required(login_url = settings.HOME_NOT_LOGGED_IN)
+    def _wrapped_view_func(request, *args, **kwargs):
+        if request.user.realm.domain != 'zulip.com':
+            return HttpResponseRedirect(settings.HOME_NOT_LOGGED_IN)
+        return view_func(request, *args, **kwargs)
+    return _wrapped_view_func

 # authenticated_api_view will add the authenticated user's user_profile to
 # the view function's arguments list, since we have to look it up
--- a/zerver/views/init.py
+++ b/zerver/views/init.py
@ -56,7 +56,8 @@ from zerver.decorator import require_post, \
    has_request_variables, authenticated_json_view, \
    to_non_negative_int, json_to_dict, json_to_list, json_to_bool, \
    JsonableError, get_user_profile_by_email, \
-    authenticated_rest_api_view, process_as_post, REQ, rate_limit_user
+    authenticated_rest_api_view, process_as_post, REQ, rate_limit_user, \
+    zulip_internal
 from zerver.lib.query import last_n
 from zerver.lib.avatar import avatar_url
 from zerver.lib.upload import upload_message_image_through_web_client, upload_avatar_image
@ -2074,17 +2075,9 @@ def user_activity_intervals():
    content = mark_safe('<pre>' + output + '</pre>')
    return dict(content=content), realm_minutes

-
-def can_view_activity(request):
-    return request.user.realm.domain == 'zulip.com'
-
-
-@login_required(login_url = settings.HOME_NOT_LOGGED_IN)
+@zulip_internal
@has_request_variables
 def sent_messages_report(request, realm=REQ(default=None)):
-    if not can_view_activity(request):
-        return HttpResponseRedirect(reverse('zerver.views.login_page'))
-
    title = 'Recently sent messages for ' + realm

    cols = [
@ -2138,7 +2131,7 @@ def sent_messages_report(request, realm=REQ(default=None)):
        context_instance=RequestContext(request)
    )

-@login_required(login_url = settings.HOME_NOT_LOGGED_IN)
+@zulip_internal
@has_request_variables
 def ad_hoc_queries(request):
    def get_data(query, cols, title):
@ -2373,12 +2366,9 @@ def ad_hoc_queries(request):
        context_instance=RequestContext(request)
    )

-@login_required(login_url = settings.HOME_NOT_LOGGED_IN)
+@zulip_internal
@has_request_variables
 def get_activity(request, realm=REQ(default=None)):
-    if not can_view_activity(request):
-        return HttpResponseRedirect(reverse('zerver.views.login_page'))
-
    web_queries = (
        ("get_updates",    ["/json/get_updates", "/json/get_events"]),
        ("send_message",   ["/json/send_message"]),