Move view decorators into decorator.py

(imported from commit 737cff552b395493f44864ac06e901b0ba17fa29)
2025-11-04 05:53:43 +00:00 · 2012-11-06 14:27:55 -05:00
parent b278db110f
commit dc8c54e6db
2 changed files with 43 additions and 40 deletions
--- a/zephyr/decorator.py
+++ b/zephyr/decorator.py
@@ -1,3 +1,7 @@
+from django.views.decorators.csrf import csrf_exempt
+from zephyr.models import UserProfile
+from zephyr.lib.response import json_success, json_error
+
 from functools import wraps

 import types
@@ -24,3 +28,40 @@ def asynchronous(method):
    if getattr(method, 'csrf_exempt', False):
        wrapper.csrf_exempt = True
    return wrapper
+
+def require_post(view_func):
+    @wraps(view_func)
+    def _wrapped_view_func(request, *args, **kwargs):
+        if request.method != "POST":
+            return json_error('This form can only be submitted by POST.')
+        return view_func(request, *args, **kwargs)
+    return _wrapped_view_func
+
+# authenticated_api_view will add the authenticated user's user_profile to
+# the view function's arguments list, since we have to look it up
+# anyway.
+def authenticated_api_view(view_func):
+    @csrf_exempt
+    @require_post
+    @wraps(view_func)
+    def _wrapped_view_func(request, *args, **kwargs):
+        try:
+            user_profile = UserProfile.objects.get(user__email=request.POST.get("email"))
+        except UserProfile.DoesNotExist:
+            return json_error("Invalid user")
+        if user_profile is None or request.POST.get("api-key") != user_profile.api_key:
+            return json_error('Invalid API user/key pair.')
+        return view_func(request, user_profile, *args, **kwargs)
+    return _wrapped_view_func
+
+# Checks if the request is a POST request and that the user is logged
+# in.  If not, return an error (the @login_required behavior of
+# redirecting to a login page doesn't make sense for json views)
+def authenticated_json_view(view_func):
+    @require_post
+    @wraps(view_func)
+    def _wrapped_view_func(request, *args, **kwargs):
+        if not request.user.is_authenticated():
+            return json_error("Not logged in")
+        return view_func(request, *args, **kwargs)
+    return _wrapped_view_func