1
from functools import wraps
3
from django.http import HttpResponseNotAllowed
4
from django.utils.decorators import available_attrs
7
def require_owner_or_proxy(view_func):
8
def _wrapped_view(request, *args, **kwargs):
9
# If the request user matches the url username then don't
10
# bother hitting the database.
11
if request.user.username == kwargs.get('username', None):
12
return view_func(request, *args, **kwargs)
14
# If the request user is a proxy for the url user, then
16
if request.user.proxy_for.filter(
17
user__username=kwargs.get('username', None)).exists():
18
return view_func(request, *args, **kwargs)
20
return HttpResponseNotAllowed("Only the owner can access")
21
return wraps(view_func, assigned=available_attrs(view_func))(_wrapped_view)