Merge pull request #160 from colab/the_blacklist

The blacklist
colab · Feb 25, 2016 · 8ebdf5b · 8ebdf5b
2 parents 3d16a49 + 6e10a9c
commit 8ebdf5b
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 2 deletions.
diff --git a/colab/urls.py b/colab/urls.py
@@ -4,10 +4,32 @@
 from django.contrib import admin
 from django.views.generic import RedirectView
 from accounts.views import UserProfileUpdateView
+from django.views.defaults import permission_denied
 
 admin.autodiscover()
 
-urlpatterns = patterns('',
+urlpatterns = []
+
+colab_plugins = settings.COLAB_APPS
+
+for plugin in colab_plugins:
+    colab_plugin = colab_plugins.get(plugin)
+    plugin_blacklist = colab_plugin.get('blacklist')
+    if plugin_blacklist:
+        for plugin_url in plugin_blacklist:
+            final_url = colab_plugin.get('urls').get('prefix')
+            final_url += plugin_url
+            urlpatterns += patterns(
+                '', url(final_url, permission_denied))
+
+if hasattr(settings, 'BLACKLIST'):
+    core_blacklist = settings.BLACKLIST
+    for core_url in core_blacklist:
+        urlpatterns += patterns('', url(core_url, permission_denied))
+
+
+urlpatterns += patterns(
+    '',
     url(r'^$', RedirectView.as_view(url=settings.COLAB_HOME_URL), name='home'),
     url(r'^robots.txt$', 'colab.home.views.robots', name='robots'),
     url(r'^dashboard$', 'colab.home.views.dashboard', name='dashboard'),

diff --git a/colab/utils/tests/test_conf.py b/colab/utils/tests/test_conf.py
@@ -1,6 +1,6 @@
 import sys
 
-from django.test import TestCase, override_settings
+from django.test import TestCase, override_settings, Client
 from django.conf import settings
 
 from ..conf import (DatabaseUndefined, validate_database,
@@ -101,3 +101,8 @@ def test_load_widgets_settings_without_settings(self, mock):
                                      '/path/fake/widgets_settings.py'])
     def test_load_widgets_settings_without_settings_d(self, mock):
         self.assertIsNone(load_widgets_settings())
+
+    def test_blacklist(self):
+        client = Client()
+        response = client.get('/test_blacklist')
+        self.assertEquals(403, response.status_code)
diff --git a/docs/source/dev.rst b/docs/source/dev.rst
@@ -78,3 +78,16 @@ This variable will be inserted directly in the page ``context``.
 .. warning::
 
     Warning! Remember to use the tag ``{{ block.super }}`` inside the html block. Otherwise, the page will appear blank.
+
+
+Blacklist
+----------
+
+The blacklist is an array of urls that the user cannot access directly. This
+variable holds an array of urls regex that must be blocked. This variable must
+be set on settings.py, exactly as the following example:
+
+.. code-block:: python
+
+    BLACKLIST = [r'^dashboard$']
+
diff --git a/docs/source/plugindev.rst b/docs/source/plugindev.rst
@@ -300,3 +300,34 @@ Example:
        'myplugin.username_validators.has_uppercase_char',
    )
 
+Blacklist
+-------------------
+
+If you don't want a page to be accessed, you should add in your configuration file
+(/etc/colab/plugins.d) an array of regex strings named 'blacklist' that
+stands for the urls. The pages will then return a 403 error (forbidden).
+
+
+Ex:
+
+.. code-block:: python
+
+    blacklist = [r'^dashboard$']
+
+It also must be said that the full url will that will be blocked is a
+combination of the plugin prefix and one of the elements of the blacklist array.
+For example, given a plugin with this configuration:
+
+
+.. code-block:: python
+
+    urls = {
+        'include': 'colab_plugin.urls',
+        'prefix':  '^plugin/',
+        }
+
+    blacklist = [r'^feature$']
+
+The actual url that will be blocked will them be: plugin/feature.
+
+
diff --git a/tests/colab_settings.py b/tests/colab_settings.py
@@ -57,3 +57,5 @@
 from colab.settings import INSTALLED_APPS
 
 INSTALLED_APPS += ('behave_django', )
+
+BLACKLIST = [r'^test_blacklist$']