return True
- def can_remove_auth_provider(self, provider):
- if len(self.get_active_auth_providers()) <= 1:
+ def can_remove_auth_provider(self, module):
+ provider = auth_providers.get_provider(module)
+ existing = self.get_active_auth_providers()
+ existing_for_provider = self.get_active_auth_providers(module=module)
+
+ if len(existing) <= 1:
+ return False
+
+ if len(existing_for_provider) == 1 and provider.is_required():
return False
+
return True
def can_change_password(self):
return self.has_auth_provider('local', auth_backend='astakos')
+ def has_required_auth_providers(self):
+ required = auth_providers.REQUIRED_PROVIDERS
+ for provider in required:
+ if not self.has_auth_provider(provider):
+ return False
+ return True
+
def has_auth_provider(self, provider, **kwargs):
return bool(self.auth_providers.filter(module=provider,
**kwargs).count())
return providers
- def get_active_auth_providers(self):
+ def get_active_auth_providers(self, **filters):
providers = []
- for provider in self.auth_providers.active():
+ for provider in self.auth_providers.active(**filters):
if auth_providers.get_provider(provider.module).is_available_for_login():
providers.append(provider)
return providers
class AstakosUserAuthProviderManager(models.Manager):
- def active(self):
- return self.filter(active=True)
+ def active(self, **filters):
+ return self.filter(active=True, **filters)
class AstakosUserAuthProvider(models.Model):
def signed_terms_required(func):
"""
- Decorator checkes whether the request.user is Anonymous and in that case
+ Decorator checks whether the request.user is Anonymous and in that case
redirects to `logout`.
"""
@wraps(func)
return wrapper
+def required_auth_methods_assigned(only_warn=False):
+ """
+ Decorator that checks whether the request.user has all required auth providers
+ assigned.
+ """
+ required_providers = auth_providers.REQUIRED_PROVIDERS.keys()
+
+ def decorator(func):
+ if not required_providers:
+ return func
+
+ @wraps(func)
+ def wrapper(request, *args, **kwargs):
+ if request.user.is_authenticated():
+ for required in required_providers:
+ if not request.user.has_auth_provider(required):
+ provider = auth_providers.get_provider(required)
+ if only_warn:
+ messages.error(request,
+ _(astakos_messages.AUTH_PROVIDER_REQUIRED % {
+ 'provider': provider.get_title_display}))
+ else:
+ return HttpResponseRedirect(reverse('edit_profile'))
+ return func(request, *args, **kwargs)
+ return wrapper
+ return decorator
+
+
+def valid_astakos_user_required(func):
+ return signed_terms_required(required_auth_methods_assigned()(login_required(func)))
+
+
@require_http_methods(["GET", "POST"])
@signed_terms_required
def index(request, login_template_name='im/login.html', profile_template_name='im/profile.html', extra_context=None):
@require_http_methods(["GET", "POST"])
-@login_required
-@signed_terms_required
+@valid_astakos_user_required
@transaction.commit_manually
def invite(request, template_name='im/invitations.html', extra_context=None):
"""
@require_http_methods(["GET", "POST"])
+@required_auth_methods_assigned(only_warn=True)
@login_required
@signed_terms_required
def edit_profile(request, template_name='im/profile.html', extra_context=None):
@require_http_methods(["GET", "POST"])
+@required_auth_methods_assigned(only_warn=True)
@login_required
@signed_terms_required
def feedback(request, template_name='im/feedback.html', email_template_name='im/feedback_mail.txt', extra_context=None):
@require_http_methods(["GET", "POST"])
-@login_required
-@signed_terms_required
+@valid_astakos_user_required
@transaction.commit_manually
def change_email(request, activation_key=None,
email_template_name='registration/email_change_email.txt',
def send_activation(request, user_id, template_name='im/login.html', extra_context=None):
+ if request.user.is_authenticated():
+ messages.error(request, _(astakos_messages.ALREADY_LOGGED_IN))
+ return HttpResponseRedirect(reverse('edit_profile'))
+
if settings.MODERATION_ENABLED:
raise PermissionDenied
@require_http_methods(["GET", "POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_add(request, kind_name='default'):
result = callpoint.list_resources()
#@require_http_methods(["POST"])
@require_http_methods(["GET", "POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_add_complete(request):
model = AstakosGroup
form = AstakosGroupCreationSummaryForm(request.POST)
#@require_http_methods(["GET"])
@require_http_methods(["GET", "POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_list(request):
none = request.user.astakos_groups.none()
query = """
@require_http_methods(["GET", "POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_detail(request, group_id):
q = AstakosGroup.objects.select_related().filter(pk=group_id)
q = q.extra(select={
@require_http_methods(["GET", "POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_search(request, extra_context=None, **kwargs):
q = request.GET.get('q')
if request.method == 'GET':
@require_http_methods(["GET", "POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_all(request, extra_context=None, **kwargs):
q = AstakosGroup.objects.select_related()
q = q.filter(~Q(kind__name='default'))
#@require_http_methods(["POST"])
@require_http_methods(["POST", "GET"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_join(request, group_id):
m = Membership(group_id=group_id,
person=request.user,
@require_http_methods(["POST"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def group_leave(request, group_id):
try:
m = Membership.objects.select_related().get(
#@require_http_methods(["POST"])
@require_http_methods(["POST", "GET"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
@handle_membership
def approve_member(request, membership):
try:
messages.error(request, msg)
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
@handle_membership
def disapprove_member(request, membership):
try:
#@require_http_methods(["GET"])
@require_http_methods(["POST", "GET"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def resource_usage(request):
def with_class(entry):
entry['load_class'] = 'red'
#@require_http_methods(["GET"])
@require_http_methods(["POST", "GET"])
-@signed_terms_required
-@login_required
+@valid_astakos_user_required
def timeline(request):
# data = {'entity':request.user.email}
timeline_body = ()
projects / astakos / commitdiff