Fix embeds not actually working for unauthenticated users

This is why I should have written tests...
nottinghamtec · Jan 11, 2020 · dfb6123 · dfb6123
1 parent 4fb0a0f
commit dfb6123
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 7 deletions.
diff --git a/PyRIGS/decorators.py b/PyRIGS/decorators.py
@@ -6,6 +6,34 @@
 from RIGS import models
 
 
+def get_oembed(login_url, request, oembed_view, kwargs):
+    context = {}
+    context['oembed_url'] = "{0}://{1}{2}".format(request.scheme, request.META['HTTP_HOST'], reverse(oembed_view, kwargs=kwargs))
+    context['login_url'] = "{0}?{1}={2}".format(login_url, REDIRECT_FIELD_NAME, request.get_full_path())
+    resp = render(request, 'login_redirect.html', context=context)
+    return resp
+
+
+def has_oembed(oembed_view, login_url=None):
+    if not login_url:
+        from django.conf import settings
+        login_url = settings.LOGIN_URL
+
+    def _dec(view_func):
+        def _checklogin(request, *args, **kwargs):
+            if request.user.is_authenticated:
+                return view_func(request, *args, **kwargs)
+            else:
+                if oembed_view is not None:
+                    return get_oembed(login_url, request, oembed_view, kwargs)
+                else:
+                    return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, request.get_full_path()))
+        _checklogin.__doc__ = view_func.__doc__
+        _checklogin.__dict__ = view_func.__dict__
+        return _checklogin
+    return _dec
+
+
 def user_passes_test_with_403(test_func, login_url=None, oembed_view=None):
     """
     Decorator for views that checks that the user passes the given test.
@@ -25,11 +53,7 @@ def _checklogin(request, *args, **kwargs):
                 return view_func(request, *args, **kwargs)
             elif not request.user.is_authenticated:
                 if oembed_view is not None:
-                    context = {}
-                    context['oembed_url'] = "{0}://{1}{2}".format(request.scheme, request.META['HTTP_HOST'], reverse(oembed_view, kwargs=kwargs))
-                    context['login_url'] = "{0}?{1}={2}".format(login_url, REDIRECT_FIELD_NAME, request.get_full_path())
-                    resp = render(request, 'login_redirect.html', context=context)
-                    return resp
+                    return get_oembed(login_url, request, oembed_view, kwargs)
                 else:
                     return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, request.get_full_path()))
             else:

diff --git a/assets/urls.py b/assets/urls.py
@@ -5,13 +5,13 @@
 
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.clickjacking import xframe_options_exempt
-from PyRIGS.decorators import permission_required_with_403
+from PyRIGS.decorators import has_oembed, permission_required_with_403
 
 urlpatterns = [
     path('', views.AssetList.as_view(), name='asset_index'),
     path('asset/list/', views.AssetList.as_view(), name='asset_list'),
     # Lazy way to enable the oembed redirect...
-    path('asset/id/<str:pk>/', permission_required_with_403('', oembed_view="asset_oembed")(views.AssetDetail.as_view()), name='asset_detail'),
+    path('asset/id/<str:pk>/', has_oembed(oembed_view="asset_oembed")(views.AssetDetail.as_view()), name='asset_detail'),
     path('asset/create/', permission_required_with_403('assets.add_asset')
          (views.AssetCreate.as_view()), name='asset_create'),
     path('asset/id/<str:pk>/edit/', permission_required_with_403('assets.change_asset')