Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Project creation auth for user without Admin rights Fixes #6187 #6593

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Prev Previous commit
Next Next commit
Adds requires_permission_class decorator to check permission in API c…
…lass.
giliam committed Jul 24, 2017
commit 74549ee233b20fb775ffbb78ad80512f0dce1faa
20 changes: 19 additions & 1 deletion pootle/core/views/decorators.py
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@
from django.core.exceptions import PermissionDenied

from pootle.i18n.gettext import ugettext as _
from pootle_app.models.permissions import get_matching_permissions
from pootle_app.models.permissions import get_matching_permissions, check_permission


def check_directory_permission(permission_codename, request, directory):
@@ -71,3 +71,21 @@ def method_wrapper(self, request, *args, **kwargs):
return f(self, request, *args, **kwargs)
return method_wrapper
return class_wrapper


def requires_permission_class(permission):

def class_wrapper(f):

@functools.wraps(f)
def method_wrapper(self, request, *args, **kwargs):
has_permission = (
request.user.is_authenticated
and check_permission(permission, request))

if not has_permission:
raise PermissionDenied(
_("Insufficient rights to access this page."), )
return f(self, request, *args, **kwargs)
return method_wrapper
return class_wrapper