fix: access level control on handlers

src/cms/contexts/handlers.py

@@ -1,7 +1,19 @@
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
 
 from . models import WebPath
 
 
+def _get_site_from_host(request):
+    requested_site = re.match(r'^[a-zA-Z0-9\.\-\_]*',
+                              request.get_host()).group()
+
+    website = get_object_or_404(WebSite,
+                                domain=requested_site,
+                                is_active=True)
+    return website
+
+
 class BaseContentHandler(object):
     template = "default_template.html"
 
@@ -59,4 +71,16 @@ def as_view(self): # pragma: no cover
             open
             returns a rendered page
         """
-        raise NotImplementedError()
+        # access level
+        website = _get_site_from_host(self.request)
+        access_level = webpath.get_access_level()
+        if access_level == '0':
+            pass
+        elif not request.user.is_authenticated:
+            return redirect(f"//{settings.MAIN_DOMAIN}{settings.LOGIN_URL}?next=//{website.domain}{webpath.get_full_path()}")
+        elif access_level == '2' or request.user.is_superuser:
+            pass
+        elif getattr(request.user, access_level, None):
+            pass
+        else:
+            raise PermissionDenied

src/cms/contexts/utils.py

@@ -7,13 +7,13 @@
 # from django.contrib.admin.models import LogEntry, CHANGE
 from django.contrib.admin.models import CHANGE
 from django.contrib.contenttypes.models import ContentType
+from django.template.loader import get_template, render_to_string
+from django.template.exceptions import (TemplateDoesNotExist,
+                                        TemplateSyntaxError)
 from django.utils import translation
 from django.utils.module_loading import import_string
 from django.utils.translation import gettext as _
 from django.utils.safestring import mark_safe
-from django.template.loader import get_template, render_to_string
-from django.template.exceptions import (TemplateDoesNotExist,
-                                        TemplateSyntaxError)
 
 from cms.templates.models import Log
 

src/cms/contexts/views.py

@@ -37,6 +37,7 @@
                                     app_settings.SITEMAP_WEBPATHS_PRIORITY)
 ROBOTS_SETTINGS = getattr(settings, 'ROBOTS_SETTINGS', app_settings.ROBOTS_SETTINGS)
 
+
 def _get_site_from_host(request):
     requested_site = re.match(r'^[a-zA-Z0-9\.\-\_]*',
                               request.get_host()).group()

src/cms/publications/handlers.py

@@ -42,6 +42,8 @@ def __init__(self, **kwargs):
         self.webpath = self.pub_context.webpath
 
     def as_view(self):
+        super(PublicationViewHandler, self).as_view()
+
         if not self.pub_context: return Http404()
 
         # i18n
@@ -90,6 +92,8 @@ def breadcrumbs(self):
         return (leaf,)
 
     def as_view(self):
+        super(PublicationListHandler, self).as_view()
+
         category = None
         category_name = self.request.GET.get('category_name')
         if category_name:
@@ -194,6 +198,8 @@ def item_extra_kwargs(self, item):
         return {'content_encoded': self.item_content_encoded(item)}
 
     def as_view(self):
+        super(PublicationRssHandler, self).as_view()
+
         match_dict = self.match.groupdict()
         self.page = Page.objects.filter(is_active=True,
                                    webpath__site=self.website,