Last active
December 12, 2015 03:09
-
-
Save makmac213/4704927 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import threading | |
import re | |
from django.conf import settings | |
from django.http import HttpResponseRedirect | |
from django.contrib import messages | |
from django.utils.translation import ugettext as _ | |
# prevent python threading issue, use threading.local to instead of global var | |
stash = threading.local() | |
def get_current_user(): | |
"""Get the user whose session resulted in the current code running. (Only valid during requests.)""" | |
return getattr(stash, 'current_user', None) | |
def set_current_user(user): | |
stash.current_user = user | |
# refer to urls.py for your patterns | |
ALLOWED_URL_PATTERNS = { | |
'hostuser':[ | |
'.*(ico|jpg|png|gif|css)$', | |
'^/$', | |
'/logout/', | |
'^/events/$', | |
'^/hosts/(\d+)/$', | |
'^/hosts/(\d+)/event/(\d+)/$', | |
'^/hosts/(\d+)/event/(\d+)/orders/$', | |
'^/hosts/(\d+)/event/(\d+)/tickettype/$', | |
'^/hosts/(\d+)/event/(\d+)/tickettype/(\d+)/$', | |
'^/hosts/(\d+)/event/(\d+)/tickettype/(\d+)/report/sales-date/$', | |
'^/redemption/$', | |
'^/redemption/(\d+)/disable/$', | |
'^/redemption/(\d+)/enable/$', | |
'^/redemption/(\d+)/edit/$', | |
'^/redemption/create/$', | |
'^/entitlement/$', | |
'^/entitlement/edit/(\d+)$', | |
], | |
} | |
def group_allow_or_redirect(request, usergroup, **kwargs): | |
""" | |
Place this function in a middleware (process_request). | |
request and usergroup are required. Your middleware | |
should have the ability to check a user's group and pass | |
that group as a string to this function. The group should | |
be a dictionary key in your ALLOWED_URL_PATTERNS. | |
This function will accept two optional args, redirect_to is | |
where you want to redirect your user if the request.path | |
is not found. deny_message is what your message is to inform | |
them that their usergroup access is denied. | |
e.g. | |
class MyMiddleware: | |
def process_request(self, request): | |
# get user's group | |
deny_message = 'Acess Denied.' | |
return group_allow_or_redirect(request, user_group, deny_message=deny_message) | |
""" | |
redirect_to = kwargs.get('redirect_to', '/') | |
deny_message = kwargs.get('deny_message', None) | |
b_found = False | |
for pattern in ALLOWED_URL_PATTERNS[usergroup]: | |
regex = re.compile(pattern) | |
if regex.match(request.path): | |
b_found = True | |
if not b_found: | |
if deny_message: | |
messages.add_message(request, messages.ERROR, deny_message) | |
return HttpResponseRedirect(redirect_to) | |
class GroupBasedAccess: | |
def process_request(self, request): | |
set_current_user(request.user) | |
default_backoffice_template = settings.DEFAULT_BACKOFFICE_TEMPLATES | |
hostuser_templates = settings.HOSTUSER_TEMPLATES | |
# check if requestor is a hostuser | |
if request.user.groups.count(): | |
if 'hostuser' in request.user.groups.values_list('name', flat=True): | |
if hostuser_templates not in settings.TEMPLATE_DIRS: | |
settings.TEMPLATE_DIRS = ( | |
hostuser_templates, | |
) | |
# regardless of user's group if user logged out | |
# use default template | |
if request.path == settings.LOGOUT_URL: | |
settings.TEMPLATE_DIRS = ( | |
default_backoffice_template, | |
) | |
deny_message = _("You are not allowed to view this page.") | |
return group_allow_or_redirect(request, 'hostuser', deny_message=deny_message) | |
else: | |
if default_backoffice_template not in settings.TEMPLATE_DIRS: | |
settings.TEMPLATE_DIRS = ( | |
default_backoffice_template, | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment