From: Jessica Tallon Date: Sat, 12 Jul 2014 08:15:16 +0000 (+0100) Subject: oops - add decorators for federated APIs X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=0e283215bd2938f665930f3c481a6003d74bb845;p=mediagoblin.git oops - add decorators for federated APIs --- diff --git a/mediagoblin/federation/decorators.py b/mediagoblin/federation/decorators.py new file mode 100644 index 00000000..f515af42 --- /dev/null +++ b/mediagoblin/federation/decorators.py @@ -0,0 +1,51 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +from functools import wraps + +from mediagoblin.db.models import User +from mediagoblin.decorators import require_active_login +from mediagoblin.tools.response import json_response + +def user_has_privilege(privilege_name): + """ + Requires that a user have a particular privilege in order to access a page. + In order to require that a user have multiple privileges, use this + decorator twice on the same view. This decorator also makes sure that the + user is not banned, or else it redirects them to the "You are Banned" page. + + :param privilege_name A unicode object that is that represents + the privilege object. This object is + the name of the privilege, as assigned + in the Privilege.privilege_name column + """ + + def user_has_privilege_decorator(controller): + @wraps(controller) + @require_active_login + def wrapper(request, *args, **kwargs): + user_id = request.user.id + if not request.user.has_privilege(privilege_name): + error = "User '{0}' needs '{1}' privilege".format( + request.user.username, + privilege_name + ) + return json_response({"error": error}, status=403) + + return controller(request, *args, **kwargs) + + return wrapper + return user_has_privilege_decorator +