← Back to branch summary

~michael.nelson/open-goal-tracker/trunk

« back to all changes in this revision

Viewing changes to src/usergoals/userproxies/decorators.py

  • Committer: Michael Nelson
  • Date: 2011-02-21 07:22:03 UTC
  • mfrom: (67.1.5 interaction-tweaks)
  • Revision ID: michael.nelson@canonical.com-20110221072203-jm03mh546w96odns
MergedĀ lp:~michael.nelson/learning-tools/interaction-tweaks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/usergoals/userproxies/decorators.py
 
1
from functools import wraps
 
2
 
 
3
from django.http import HttpResponseNotAllowed
 
4
from django.utils.decorators import available_attrs
 
5
 
 
6
 
 
7
def require_owner_or_proxy(view_func):
 
8
    def _wrapped_view(request, *args, **kwargs):
 
9
        # If the request user matches the url username then don't
 
10
        # bother hitting the database.
 
11
        if request.user.username == kwargs.get('username', None):
 
12
            return view_func(request, *args, **kwargs)
 
13
 
 
14
        # If the request user is a proxy for the url user, then
 
15
        # we allow them too.
 
16
        if request.user.proxy_for.filter(
 
17
            user__username=kwargs.get('username', None)).exists():
 
18
            return view_func(request, *args, **kwargs)
 
19
 
 
20
        return HttpResponseNotAllowed("Only the owner can access")
 
21
    return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)
 
22
 
 
23