Inserindo um decorator para barrar o acesso de usuários não autorizados a visualizar e editar os questionários. Foi usado o decorator do django 1.3 para sanar o nosso problema provisioriamente, ou seja, até que não faça um upgrade do framework.

13 years ago · 824a4ab69f
2 changed files with 76 additions and 0 deletions
--- a/sigi/apps/diagnosticos/views.py
+++ b/sigi/apps/diagnosticos/views.py
@ -2,11 +2,14 @@

 from django.shortcuts import render_to_response
 from django.template import RequestContext
+from django.core.urlresolvers import reverse

+from sigi.apps.utils.decorators import login_required
 from sigi.apps.diagnosticos.models import Diagnostico, Categoria
 from sigi.apps.diagnosticos.forms import DiagnosticoMobileForm


+@login_required(login_url='/mobile/diagnosticos/login')
 def lista(request):
    """Consulta os diagnosticos do servidor logado,
    que contenham o status de não publicado.
@ -21,6 +24,7 @@ def lista(request):
    return render_to_response('diagnosticos/diagnosticos_list.html', context)


+@login_required(login_url='/mobile/diagnosticos/login')
 def categorias(request, id_diagnostico):
    """Consulta as categorias do diagnostico selecionado
    a partir da sua identificação
@ -33,6 +37,7 @@ def categorias(request, id_diagnostico):
        context)


+@login_required(login_url='/mobile/diagnosticos/login')
 def categoria_detalhes(request, id_diagnostico, id_categoria):
    """Captura as perguntas da categoria
    selecionada.
--- a/sigi/apps/utils/decorators.py
+++ b/sigi/apps/utils/decorators.py
@ -0,0 +1,71 @@
+# -*- coding: utf8 -*-
+
+"""
+Script baseado no arquivo decorators.py do django 1.3.
+Ele foi copiado para usar o decorador ``login_required``
+que possui o argumento ``login_url``, responsável por
+redirecionar ao template de login desejado.
+
+No ato de atualizar o framework, esse script torna-se
+obsoleto.
+"""
+
+import urlparse
+try:
+    from functools import wraps
+except ImportError:
+    from django.utils.functional import wraps  # Python 2.4 fallback.
+
+from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.utils.decorators import available_attrs
+
+
+def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
+    """
+    Decorator for views that checks that the user passes the given test,
+    redirecting to the log-in page if necessary. The test should be a callable
+    that takes the user object and returns True if the user passes.
+    """
+
+    def decorator(view_func):
+        @wraps(view_func, assigned=available_attrs(view_func))
+        def _wrapped_view(request, *args, **kwargs):
+            if test_func(request.user):
+                return view_func(request, *args, **kwargs)
+            path = request.build_absolute_uri()
+            # If the login url is the same scheme and net location then just
+            # use the path as the "next" url.
+            login_scheme, login_netloc = urlparse.urlparse(login_url or
+                                                        settings.LOGIN_URL)[:2]
+            current_scheme, current_netloc = urlparse.urlparse(path)[:2]
+            if ((not login_scheme or login_scheme == current_scheme) and
+                (not login_netloc or login_netloc == current_netloc)):
+                path = request.get_full_path()
+            from django.contrib.auth.views import redirect_to_login
+            return redirect_to_login(path, login_url, redirect_field_name)
+        return _wrapped_view
+    return decorator
+
+
+def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None):
+    """
+    Decorator for views that checks that the user is logged in, redirecting
+    to the log-in page if necessary.
+    """
+    actual_decorator = user_passes_test(
+        lambda u: u.is_authenticated(),
+        login_url=login_url,
+        redirect_field_name=redirect_field_name
+    )
+    if function:
+        return actual_decorator(function)
+    return actual_decorator
+
+
+def permission_required(perm, login_url=None):
+    """
+    Decorator for views that checks whether a user has a particular permission
+    enabled, redirecting to the log-in page if necessary.
+    """
+    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)