Merge pull request #28 from 5monkeys/feature/request-permissions

Get permissions and username based on request object.
5monkeys · Nov 7, 2017 · a926372 · a926372
2 parents 19c4ff3 + a902b8a
commit a926372
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 13 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 .PHONY: test
 test:
-	django-admin.py test --settings=djedi.tests.settings djedi --verbosity=2
+	python setup.py test
 
 .PHONY: lint
 lint:

diff --git a/djedi/admin/api.py b/djedi/admin/api.py
@@ -21,7 +21,7 @@ class APIView(View):
 
     @csrf_exempt
     def dispatch(self, request, *args, **kwargs):
-        if not auth.has_permission(request.user):
+        if not auth.has_permission(request):
             raise PermissionDenied
 
         try:
@@ -102,7 +102,7 @@ def post(self, request, uri):
         """
         uri = self.decode_uri(uri)
         data, meta = self.get_post_data(request)
-        meta['author'] = auth.get_username(request.user)
+        meta['author'] = auth.get_username(request)
         node = cio.set(uri, data, publish=False, **meta)
         return self.render_to_json(node)
 
@@ -201,7 +201,7 @@ def get(self, request, uri):
     def post(self, request, uri):
         uri = self.decode_uri(uri)
         data, meta = self.get_post_data(request)
-        meta['author'] = auth.get_username(request.user)
+        meta['author'] = auth.get_username(request)
         node = cio.set(uri, data, publish=False, **meta)
 
         context = cio.load(node.uri)

diff --git a/djedi/admin/cms.py b/djedi/admin/cms.py
@@ -25,7 +25,7 @@ def get_urls(self):
         )
 
     def has_change_permission(self, request, obj=None):
-        return has_permission(request.user)
+        return has_permission(request)
 
     def has_add_permission(self, request, obj=None):
         return False
@@ -37,7 +37,7 @@ def has_delete_permission(self, request, obj=None):
 class DjediCMS(DjediContextMixin, View):
 
     def get(self, request):
-        if has_permission(request.user):
+        if has_permission(request):
             return render(request, 'djedi/cms/cms.html', self.get_context_data())
         else:
             raise PermissionDenied
diff --git a/djedi/auth/__init__.py b/djedi/auth/__init__.py
@@ -1,15 +1,25 @@
-def has_permission(user):
+import logging
+
+_log = logging.getLogger(__name__)
+
+
+def has_permission(request):
+    user = getattr(request, 'user', None)
     if user:
         if user.is_superuser:
             return True
 
         if user.is_staff and user.groups.filter(name__iexact='djedi').exists():
             return True
+    else:
+        _log.warning("Request does not have `user` attribute. Make sure that "
+                     "Djedi middleware is used after AuthenticationMiddleware")
 
     return False
 
 
-def get_username(user):
+def get_username(request):
+    user = request.user
     if hasattr(user, 'get_username'):
         return user.get_username()
     else:

diff --git a/djedi/middleware/mixins.py b/djedi/middleware/mixins.py
@@ -26,8 +26,6 @@ def activate_language(self):
 class AdminPanelMixin(object):
 
     def inject_admin_panel(self, request, response):
-        user = getattr(request, 'user', None)
-
         # Do not inject admin panel on gzipped responses
         if 'gzip' in response.get('Content-Encoding', ''):
             _log.debug('gzip detected, not injecting panel.')
@@ -67,7 +65,7 @@ def inject_admin_panel(self, request, response):
                 return
 
         # Validate user permissions
-        if not has_permission(user):
+        if not has_permission(request):
             _log.debug('insufficient permissions, not injecting.')
             return
 

diff --git a/djedi/templatetags/djedi_admin.py b/djedi/templatetags/djedi_admin.py
@@ -16,7 +16,7 @@
 def djedi_admin(context):
     output = u''
 
-    if has_permission(context.get('user')):
+    if has_permission(context.get('request')):
         defaults = dict((node.uri.clone(version=None), node.initial) for node in pipeline.history.list('get'))
         output = render_to_string('djedi/cms/embed.html', {
             'json_nodes': json.dumps(defaults).replace('</', '\\x3C/'),

diff --git a/djedi/tests/test_admin.py b/djedi/tests/test_admin.py
@@ -13,6 +13,15 @@ def test_embed(self):
         self.assertIn(u'i18n://sv-se@foo/bar.txt', smart_unicode(response.content))
         self.assertIn(u'</body>', smart_unicode(response.content).lower())
 
+    def test_middleware(self):
+        with self.settings(MIDDLEWARE_CLASSES=[
+            'djedi.middleware.translation.DjediTranslationMiddleware',
+        ]):
+            url = reverse('index')
+            response = self.client.get(url)
+            self.assertNotIn(u'window.DJEDI_NODES',
+                             smart_unicode(response.content))
+
     def test_cms(self):
         url = reverse('admin:djedi:cms')
         response = self.client.get(url)

diff --git a/djedi/tests/test_templatetags.py b/djedi/tests/test_templatetags.py
@@ -129,7 +129,12 @@ def test_djedi_admin_tag(self):
         """
 
         user = User(first_name=u'Jonas', last_name=u'Lundberg')
-        context = {'user': user}
+
+        class RequestMock(object):
+            def __init__(self, user):
+                self.user = user
+
+        context = {'request': RequestMock(user=user)}
         html = self.render(source, context)
         assert html == u''