mirror of https://github.com/zulip/zulip.git
Move view decorators into decorator.py
(imported from commit 737cff552b395493f44864ac06e901b0ba17fa29)
This commit is contained in:
Zev Benjamin
parent
b278db110f
commit
dc8c54e6db
|
|
@ -1,3 +1,7 @@
|
|||
from django.views.decorators.csrf import csrf_exempt
|
||||
from zephyr.models import UserProfile
|
||||
from zephyr.lib.response import json_success, json_error
|
||||
|
||||
from functools import wraps
|
||||
|
||||
import types
|
||||
|
|
@ -24,3 +28,40 @@ def asynchronous(method):
|
|||
if getattr(method, 'csrf_exempt', False):
|
||||
wrapper.csrf_exempt = True
|
||||
return wrapper
|
||||
|
||||
def require_post(view_func):
|
||||
@wraps(view_func)
|
||||
def _wrapped_view_func(request, *args, **kwargs):
|
||||
if request.method != "POST":
|
||||
return json_error('This form can only be submitted by POST.')
|
||||
return view_func(request, *args, **kwargs)
|
||||
return _wrapped_view_func
|
||||
|
||||
# authenticated_api_view will add the authenticated user's user_profile to
|
||||
# the view function's arguments list, since we have to look it up
|
||||
# anyway.
|
||||
def authenticated_api_view(view_func):
|
||||
@csrf_exempt
|
||||
@require_post
|
||||
@wraps(view_func)
|
||||
def _wrapped_view_func(request, *args, **kwargs):
|
||||
try:
|
||||
user_profile = UserProfile.objects.get(user__email=request.POST.get("email"))
|
||||
except UserProfile.DoesNotExist:
|
||||
return json_error("Invalid user")
|
||||
if user_profile is None or request.POST.get("api-key") != user_profile.api_key:
|
||||
return json_error('Invalid API user/key pair.')
|
||||
return view_func(request, user_profile, *args, **kwargs)
|
||||
return _wrapped_view_func
|
||||
|
||||
# Checks if the request is a POST request and that the user is logged
|
||||
# in. If not, return an error (the @login_required behavior of
|
||||
# redirecting to a login page doesn't make sense for json views)
|
||||
def authenticated_json_view(view_func):
|
||||
@require_post
|
||||
@wraps(view_func)
|
||||
def _wrapped_view_func(request, *args, **kwargs):
|
||||
if not request.user.is_authenticated():
|
||||
return json_error("Not logged in")
|
||||
return view_func(request, *args, **kwargs)
|
||||
return _wrapped_view_func
|
||||
|
|
|
|||
|
|
@ -19,15 +19,14 @@ from zephyr.forms import RegistrationForm, HomepageForm, is_unique, \
|
|||
is_active
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
||||
from zephyr.decorator import asynchronous
|
||||
from zephyr.decorator import asynchronous, require_post, \
|
||||
authenticated_api_view, authenticated_json_view
|
||||
from zephyr.lib.query import last_n
|
||||
from zephyr.lib.avatar import gravatar_hash
|
||||
from zephyr.lib.response import json_success, json_error
|
||||
|
||||
from confirmation.models import Confirmation
|
||||
|
||||
from functools import wraps
|
||||
|
||||
import datetime
|
||||
import simplejson
|
||||
import socket
|
||||
|
|
@ -40,43 +39,6 @@ import base64
|
|||
|
||||
SERVER_GENERATION = int(time.time())
|
||||
|
||||
def require_post(view_func):
|
||||
@wraps(view_func)
|
||||
def _wrapped_view_func(request, *args, **kwargs):
|
||||
if request.method != "POST":
|
||||
return json_error('This form can only be submitted by POST.')
|
||||
return view_func(request, *args, **kwargs)
|
||||
return _wrapped_view_func
|
||||
|
||||
# authenticated_api_view will add the authenticated user's user_profile to
|
||||
# the view function's arguments list, since we have to look it up
|
||||
# anyway.
|
||||
def authenticated_api_view(view_func):
|
||||
@csrf_exempt
|
||||
@require_post
|
||||
@wraps(view_func)
|
||||
def _wrapped_view_func(request, *args, **kwargs):
|
||||
try:
|
||||
user_profile = UserProfile.objects.get(user__email=request.POST.get("email"))
|
||||
except UserProfile.DoesNotExist:
|
||||
return json_error("Invalid user")
|
||||
if user_profile is None or request.POST.get("api-key") != user_profile.api_key:
|
||||
return json_error('Invalid API user/key pair.')
|
||||
return view_func(request, user_profile, *args, **kwargs)
|
||||
return _wrapped_view_func
|
||||
|
||||
# Checks if the request is a POST request and that the user is logged
|
||||
# in. If not, return an error (the @login_required behavior of
|
||||
# redirecting to a login page doesn't make sense for json views)
|
||||
def authenticated_json_view(view_func):
|
||||
@require_post
|
||||
@wraps(view_func)
|
||||
def _wrapped_view_func(request, *args, **kwargs):
|
||||
if not request.user.is_authenticated():
|
||||
return json_error("Not logged in")
|
||||
return view_func(request, *args, **kwargs)
|
||||
return _wrapped_view_func
|
||||
|
||||
def get_stream(stream_name, realm):
|
||||
try:
|
||||
return Stream.objects.get(name__iexact=stream_name, realm=realm)
|
||||
|
|
|
|||
Loading…
Reference in New Issue