Merge lp:~statik/summit/fix-redirects into lp:summit

Proposed by Elliot Murphy
Status: Merged
Merged at revision: 17
Proposed branch: lp:~statik/summit/fix-redirects
Merge into: lp:summit
Diff against target: 115 lines (+22/-10)
1 file modified
summit/sponsor/views.py (+22/-10)
To merge this branch: bzr merge lp:~statik/summit/fix-redirects
Reviewer Review Type Date Requested Status
Dave Walker Pending
Review via email: mp+34493@code.launchpad.net

Description of the change

Fix redirect loops that happen on summit.ubuntu.com when someone tries to visit a URL for which they do not have permission when they are already logged in.

The old way would redirect to the login page, which would auto-redirect back to the original page, which would fail the permissions check and redirect to the login page, in a loop.

This changes things to ensure that the user is logged in, then do a permissions check and if it fails, return a HTTP 403 Forbidden.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'summit/sponsor/views.py'
2--- summit/sponsor/views.py 2010-08-23 21:05:23 +0000
3+++ summit/sponsor/views.py 2010-09-02 21:34:02 +0000
4@@ -15,10 +15,10 @@
5 # along with this program. If not, see <http://www.gnu.org/licenses/>.
6
7 from django.core.exceptions import ObjectDoesNotExist
8-from django.contrib.auth.decorators import login_required, permission_required
9+from django.contrib.auth.decorators import login_required
10 from django.shortcuts import render_to_response, get_object_or_404
11 from django.template import RequestContext
12-from django.http import HttpResponse, HttpResponseRedirect
13+from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
14
15 from summit.schedule.models import Summit
16 from summit.sponsor.models import (Sponsorship, SponsorshipSuggestion,
17@@ -40,6 +40,10 @@
18 'export',
19 )
20
21+def check_permission(request, perm):
22+ if not request.user.has_perm(perm):
23+ raise HttpResponseForbidden
24+
25
26 @login_required
27 def sponsorship(request, summit_name):
28@@ -78,8 +82,9 @@
29 return wizard(request)
30
31
32-@permission_required('sponsor.add_sponsorshipscore')
33+@login_required
34 def nonlaunchpadsponsorship(request, summit_name):
35+ check_permission('sponsor.add_sponsorshipscore')
36 summit = get_object_or_404(Summit, name=summit_name)
37 topics = summit.topic_set.order_by('name')
38
39@@ -98,8 +103,9 @@
40 context_instance=RequestContext(request))
41
42
43-@permission_required('sponsor.add_sponsorshipscore')
44+@login_required
45 def suggestiondone(request, summit_name):
46+ check_permission('sponsor.add_sponsorshipscore')
47 summit = get_object_or_404(Summit, name=summit_name)
48
49 return render_to_response("sponsor/suggestdone.html",
50@@ -107,8 +113,9 @@
51 context_instance=RequestContext(request))
52
53
54-@permission_required('sponsor.add_sponsorshipscore')
55+@login_required
56 def nonlaunchpaddone(request, summit_name):
57+ check_permission('sponsor.add_sponsorshipscore')
58 summit = get_object_or_404(Summit, name=summit_name)
59
60 return render_to_response("sponsor/nonlaunchpaddone.html",
61@@ -116,8 +123,9 @@
62 context_instance=RequestContext(request))
63
64
65-@permission_required('sponsor.add_sponsorshipscore')
66+@login_required
67 def review_list(request, summit_name):
68+ check_permission('sponsor.add_sponsorshipscore')
69 summit = get_object_or_404(Summit, name=summit_name)
70 sponsorships = sorted(summit.sponsorship_set.all(),
71 key=lambda x: (x.numscores > 0 and -1 or 0,
72@@ -141,8 +149,9 @@
73 context_instance=RequestContext(request))
74
75
76-@permission_required('sponsor.add_sponsorshipscore')
77+@login_required
78 def review(request, summit_name, sponsorship_id):
79+ check_permission('sponsor.add_sponsorshipscore')
80 sponsorship = get_object_or_404(Sponsorship, id=sponsorship_id)
81 scores = sponsorship.sponsorshipscore_set.exclude()
82 try:
83@@ -176,8 +185,9 @@
84 context_instance=RequestContext(request))
85
86
87-@permission_required('sponsor.add_sponsorshipscore')
88+@login_required
89 def suggestion_review(request, summit_name, sponsorship_id):
90+ check_permission('sponsor.add_sponsorshipscore')
91 sponsorship = get_object_or_404(SponsorshipSuggestion, id=sponsorship_id)
92 scores = sponsorship.sponsorshipsuggestionscore_set.exclude()
93 try:
94@@ -210,8 +220,9 @@
95 context_instance=RequestContext(request))
96
97
98-@permission_required('sponsor.add_sponsorshipscore')
99+@login_required
100 def nonlaunchpad_review(request, summit_name, sponsorship_id):
101+ check_permission('sponsor.add_sponsorshipscore')
102 sponsorship = get_object_or_404(NonLaunchpadSponsorship, id=sponsorship_id)
103 scores = sponsorship.nonlaunchpadsponsorshipscore_set.exclude()
104 try:
105@@ -244,8 +255,9 @@
106 context_instance=RequestContext(request))
107
108
109-@permission_required('sponsor.add_sponsorshipscore')
110+@login_required
111 def export(request, summit_name):
112+ check_permission('sponsor.add_sponsorshipscore')
113 summit = get_object_or_404(Summit, name=summit_name)
114
115 sponsorships = sorted([s for s in summit.sponsorship_set.all()

Subscribers

People subscribed via source and target branches