From 824a4ab69fca6d323441d790151f70be7efc0756 Mon Sep 17 00:00:00 2001
From: Gilson Filho <contato@gilsondev.com>
Date: Tue, 29 Nov 2011 21:54:56 +0000
Subject: [PATCH] =?UTF-8?q?Inserindo=20um=20decorator=20para=20barrar=20o?=
 =?UTF-8?q?=20acesso=20de=20usu=C3=A1rios=20n=C3=A3o=20autorizados=20a=20v?=
 =?UTF-8?q?isualizar=20e=20editar=20os=20question=C3=A1rios.=20Foi=20usado?=
 =?UTF-8?q?=20o=20decorator=20do=20django=201.3=20para=20sanar=20o=20nosso?=
 =?UTF-8?q?=20problema=20provisioriamente,=20ou=20seja,=20at=C3=A9=20que?=
 =?UTF-8?q?=20n=C3=A3o=20fa=C3=A7a=20um=20upgrade=20do=20framework.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sigi/apps/diagnosticos/views.py |  5 +++
 sigi/apps/utils/decorators.py   | 71 +++++++++++++++++++++++++++++++++
 2 files changed, 76 insertions(+)
 create mode 100644 sigi/apps/utils/decorators.py

diff --git a/sigi/apps/diagnosticos/views.py b/sigi/apps/diagnosticos/views.py
index 563d6c3..6b153ed 100644
--- a/sigi/apps/diagnosticos/views.py
+++ b/sigi/apps/diagnosticos/views.py
@@ -2,11 +2,14 @@
 
 from django.shortcuts import render_to_response
 from django.template import RequestContext
+from django.core.urlresolvers import reverse
 
+from sigi.apps.utils.decorators import login_required
 from sigi.apps.diagnosticos.models import Diagnostico, Categoria
 from sigi.apps.diagnosticos.forms import DiagnosticoMobileForm
 
 
+@login_required(login_url='/mobile/diagnosticos/login')
 def lista(request):
     """Consulta os diagnosticos do servidor logado,
     que contenham o status de não publicado.
@@ -21,6 +24,7 @@ def lista(request):
     return render_to_response('diagnosticos/diagnosticos_list.html', context)
 
 
+@login_required(login_url='/mobile/diagnosticos/login')
 def categorias(request, id_diagnostico):
     """Consulta as categorias do diagnostico selecionado
     a partir da sua identificação
@@ -33,6 +37,7 @@ def categorias(request, id_diagnostico):
         context)
 
 
+@login_required(login_url='/mobile/diagnosticos/login')
 def categoria_detalhes(request, id_diagnostico, id_categoria):
     """Captura as perguntas da categoria
     selecionada.
diff --git a/sigi/apps/utils/decorators.py b/sigi/apps/utils/decorators.py
new file mode 100644
index 0000000..736d527
--- /dev/null
+++ b/sigi/apps/utils/decorators.py
@@ -0,0 +1,71 @@
+# -*- coding: utf8 -*-
+
+"""
+Script baseado no arquivo decorators.py do django 1.3.
+Ele foi copiado para usar o decorador ``login_required``
+que possui o argumento ``login_url``, responsável por
+redirecionar ao template de login desejado.
+
+No ato de atualizar o framework, esse script torna-se
+obsoleto.
+"""
+
+import urlparse
+try:
+    from functools import wraps
+except ImportError:
+    from django.utils.functional import wraps  # Python 2.4 fallback.
+
+from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.utils.decorators import available_attrs
+
+
+def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
+    """
+    Decorator for views that checks that the user passes the given test,
+    redirecting to the log-in page if necessary. The test should be a callable
+    that takes the user object and returns True if the user passes.
+    """
+
+    def decorator(view_func):
+        @wraps(view_func, assigned=available_attrs(view_func))
+        def _wrapped_view(request, *args, **kwargs):
+            if test_func(request.user):
+                return view_func(request, *args, **kwargs)
+            path = request.build_absolute_uri()
+            # If the login url is the same scheme and net location then just
+            # use the path as the "next" url.
+            login_scheme, login_netloc = urlparse.urlparse(login_url or
+                                                        settings.LOGIN_URL)[:2]
+            current_scheme, current_netloc = urlparse.urlparse(path)[:2]
+            if ((not login_scheme or login_scheme == current_scheme) and
+                (not login_netloc or login_netloc == current_netloc)):
+                path = request.get_full_path()
+            from django.contrib.auth.views import redirect_to_login
+            return redirect_to_login(path, login_url, redirect_field_name)
+        return _wrapped_view
+    return decorator
+
+
+def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None):
+    """
+    Decorator for views that checks that the user is logged in, redirecting
+    to the log-in page if necessary.
+    """
+    actual_decorator = user_passes_test(
+        lambda u: u.is_authenticated(),
+        login_url=login_url,
+        redirect_field_name=redirect_field_name
+    )
+    if function:
+        return actual_decorator(function)
+    return actual_decorator
+
+
+def permission_required(perm, login_url=None):
+    """
+    Decorator for views that checks whether a user has a particular permission
+    enabled, redirecting to the log-in page if necessary.
+    """
+    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)