added decorator, mixin, constants for LTI role-based authorization

6583b1c4 · Colin Murtaugh · 00c1a0b0 · 6583b1c4 · 6583b1c4 · 6583b1c4
Commit 6583b1c4 authored 11 years ago by Colin Murtaugh
--- a/django_auth_lti/const.py
+++ b/django_auth_lti/const.py
+# LTI role name constants
+
+ADMINISTRATOR = 'urn:lti:instrole:ims/lis/Administrator'
+LEARNER = 'Learner'
+INSTRUCTOR = 'Instructor'
+CONTENT_DEVELOPER = 'ContentDeveloper'
+OBSERVER = 'urn:lti:instrole:ims/lis/Observer'
+TEACHING_ASSISTANT = 'urn:lti:role:ims/lis/TeachingAssistant'
--- a/django_auth_lti/decorators.py
+++ b/django_auth_lti/decorators.py
+from functools import wraps
+from django.core.exceptions import PermissionDenied
+from django.utils.decorators import available_attrs
+from django.shortcuts import redirect
+from django.core.urlresolvers import reverse_lazy
+
+
+def lti_role_required(allowed_roles, redirect_url=reverse_lazy('not_authorized'), raise_exception=False):
+    def decorator(view_func):
+        @wraps(view_func, assigned=available_attrs(view_func))
+        def _wrapped_view(request, *args, **kwargs):
+            if not isinstance(allowed_roles, (list, tuple)):
+                allowed = (allowed_roles, )
+            else:
+                allowed = allowed_roles
+
+            lti_params = request.session.get('LTI_LAUNCH', None)
+            user_roles = lti_params.get('roles', [])
+            if set(allowed) & set(user_roles):
+                return view_func(request, *args, **kwargs)
+
+            if raise_exception:
+                raise PermissionDenied
+
+            return redirect(redirect_url)
+        return _wrapped_view
+    return decorator
--- a/django_auth_lti/mixins.py
+++ b/django_auth_lti/mixins.py
+from django.core.urlresolvers import reverse_lazy
+from django.contrib.auth.decorators import login_required
+from django.utils.decorators import method_decorator
+from django.core.exceptions import ImproperlyConfigured
+from django.shortcuts import redirect
+from django.core.exceptions import PermissionDenied
+
+
+class LoginRequiredMixin(object):
+    @method_decorator(login_required)
+    def dispatch(self, request, *args, **kwargs):
+        return super(LoginRequiredMixin, self).dispatch(request, *args, **kwargs)
+
+
+class GroupMembershipRequiredMixin(LoginRequiredMixin):
+    allowed_groups = None
+    redirect_url = reverse_lazy('not_authorized')
+    raise_exception = False
+
+    def dispatch(self, request, *args, **kwargs):
+        if self.allowed_groups is None:
+            raise ImproperlyConfigured(
+                "'GroupMembershipRequiredMixin' requires "
+                "'allowed_groups' attribute to be set.")
+        if not isinstance(self.allowed_groups, (list, tuple)):
+            allowed = (self.allowed_groups, )
+        else:
+            allowed = self.allowed_groups
+
+        group_ids = request.session.get('USER_GROUPS', [])
+        if set(allowed) & set(group_ids):
+            return super(GroupMembershipRequiredMixin, self).dispatch(request, *args, **kwargs)
+
+        if self.raise_exception:
+            raise PermissionDenied
+
+        return redirect(self.redirect_url)