Skip to content
Snippets Groups Projects
Commit dcd36b74 authored by Benjamin Zagorsky's avatar Benjamin Zagorsky
Browse files

refactors common logic from decorators and mixins into new verification module

in doing so, applies the improved error message to mixins as well (previous commit only applied it to decorators)
parent 0eb35060
No related branches found
No related tags found
No related merge requests found
from functools import wraps
from django.core.exceptions import PermissionDenied, ImproperlyConfigured
from django.utils.decorators import available_attrs
from django.shortcuts import redirect
from django.core.urlresolvers import reverse_lazy
from django_auth_lti.verification import is_allowed
def lti_role_required(allowed_roles, redirect_url=reverse_lazy('not_authorized'), raise_exception=False):
def decorator(view_func):
@wraps(view_func, assigned=available_attrs(view_func))
def _wrapped_view(request, *args, **kwargs):
if not isinstance(allowed_roles, (list, tuple)):
allowed = (allowed_roles, )
else:
allowed = allowed_roles
lti_params = request.session.get('LTI_LAUNCH', None)
if lti_params is None:
# If this is raised, then likely the project doesn't have
# the correct settings or is being run outside of an lti context
raise ImproperlyConfigured("No LTI_LAUNCH vale found in session")
user_roles = lti_params.get('roles', [])
if set(allowed) & set(user_roles):
if is_allowed(request, allowed_roles, raise_exception):
return view_func(request, *args, **kwargs)
if raise_exception:
raise PermissionDenied
return redirect(redirect_url)
return _wrapped_view
return decorator
from django.core.urlresolvers import reverse_lazy
from django.core.exceptions import ImproperlyConfigured
from django.shortcuts import redirect
from django.core.exceptions import PermissionDenied
from braces.views import LoginRequiredMixin
from django_auth_lti.verification import is_allowed
class LTIRoleRestrictionMixin(object):
allowed_roles = None
redirect_url = reverse_lazy('not_authorized')
raise_exception = False
def dispatch(self, request, *args, **kwargs):
if self.allowed_roles is None:
raise ImproperlyConfigured(
"'LTIRoleRestrictionMixin' requires "
"'allowed_roles' attribute to be set.")
# Handle allowed roles as either a list or a single string
if not isinstance(self.allowed_roles, (list, tuple)):
allowed = (self.allowed_roles, )
else:
allowed = self.allowed_roles
lti_params = request.session.get('LTI_LAUNCH', None)
user_roles = lti_params.get('roles', [])
if set(allowed) & set(user_roles):
if is_allowed(request, self.allowed_roles, self.raise_exception):
return super(LTIRoleRestrictionMixin, self).dispatch(request, *args, **kwargs)
if self.raise_exception:
raise PermissionDenied
return redirect(self.redirect_url)
......
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
def is_allowed(request, allowed_roles, raise_exception):
# allowed_roles can either be a string (for just one)
# or a tuple or list (for several)
if not isinstance(allowed_roles, (list, tuple)):
allowed = (allowed_roles, )
else:
allowed = allowed_roles
lti_params = request.session.get('LTI_LAUNCH', None)
if lti_params is None:
# If this is raised, then likely the project doesn't have
# the correct settings or is being run outside of an lti context
raise ImproperlyConfigured("No LTI_LAUNCH vale found in session")
user_roles = lti_params.get('roles', [])
is_user_allowed = set(allowed) & set(user_roles)
if not is_user_allowed and raise_exception:
raise PermissionDenied
return is_user_allowed
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment