Commit f2b6e2f2 authored by J08nY's avatar J08nY

Add list owner auth to appropriate views.

parent bd8dd5fb
......@@ -15,18 +15,56 @@
#
# You should have received a copy of the GNU General Public License along with
# Postorius. If not, see <http://www.gnu.org/licenses/>.
from allauth.account.models import EmailAddress
from django.core.exceptions import PermissionDenied
from django.http import Http404
from six import wraps
from six.moves.urllib_error import HTTPError
from django_pgpmailman.plugin import get_pgp_plugin
def list_view(fn):
def wrapper(request, list_id, *args, **kwargs):
@wraps(fn)
def wrapper(request, *args, **kwargs):
try:
pgp_list = get_pgp_plugin().get_list(list_id)
pgp_list = get_pgp_plugin().get_list(kwargs.pop('list_id'))
except HTTPError:
raise Http404
return fn(request, pgp_list, *args, **kwargs)
return wrapper
def list_class_view(fn):
@wraps(fn)
def wrapper(self, request, *args, **kwargs):
self.pgp_list = get_pgp_plugin().get_list(kwargs.pop('list_id'))
return fn(self, request, *args, **kwargs)
return wrapper
def member_role_required(*roles):
def wrapper(fn):
@wraps(fn)
def wrapped(self, request, *args, **kwargs):
user = request.user
if not user.is_authenticated():
raise PermissionDenied
mlist = self.pgp_list.mlist
addresses = set(EmailAddress.objects.filter(
user=user, verified=True).values_list('email', flat=True))
for role in roles:
for address in addresses:
members = mlist.find_members(address, role)
if len(members) >= 0:
break
else:
raise PermissionDenied
return fn(self, request, *args, **kwargs)
return wrapped
return wrapper
......@@ -43,9 +43,15 @@ class PGPPlugin(Plugin):
return PGPMailingList(self._connection, content['self_link'], content)
plugin = None
def get_pgp_plugin():
client = Client('%s/3.1' %
settings.MAILMAN_REST_API_URL,
settings.MAILMAN_REST_API_USER,
settings.MAILMAN_REST_API_PASS)
return PGPPlugin(client.get_plugin(settings.MAILMAN_PGP_PLUGIN_NAME))
global plugin
if not plugin:
client = Client('%s/3.1' %
settings.MAILMAN_REST_API_URL,
settings.MAILMAN_REST_API_USER,
settings.MAILMAN_REST_API_PASS)
plugin = PGPPlugin(client.get_plugin(settings.MAILMAN_PGP_PLUGIN_NAME))
return plugin
......@@ -29,7 +29,8 @@ from django.utils.translation import ugettext_lazy as _
from django.views.generic import FormView
from six.moves.urllib.error import HTTPError
from django_pgpmailman.decorators import list_view
from django_pgpmailman.decorators import (list_view, list_class_view,
member_role_required)
from django_pgpmailman.forms import (ListSignatureSettingsForm,
ListEncryptionSettingsForm,
ListMiscSettingsForm)
......@@ -37,8 +38,7 @@ from django_pgpmailman.plugin import get_pgp_plugin
def pgp_list_index(request):
return render(request,
'django_pgpmailman/index.html',
return render(request, 'django_pgpmailman/index.html',
{'lists': get_pgp_plugin().lists})
......@@ -48,7 +48,18 @@ def pgp_list_summary(request, pgp_list):
{'pgp_list': pgp_list})
# TODO: proper list owner auth
@list_view
def pgp_list_pubkey(request, pgp_list):
pubkey = pgp_list.pubkey
pubkey_file = ContentFile(str(pubkey))
response = HttpResponse(pubkey_file, 'application/pgp-keys')
response['Content-Length'] = pubkey_file.size
response[
'Content-Disposition'] = 'attachment; filename="%s.asc"' % pgp_list.list_id
return response
@method_decorator(login_required, name='dispatch')
class ListSettings(FormView):
properties = None
......@@ -65,9 +76,9 @@ class ListSettings(FormView):
data['mlist'] = self.pgp_list.mlist
return data
@method_decorator(login_required)
@list_class_view
@member_role_required('owner')
def dispatch(self, request, *args, **kwargs):
self.pgp_list = get_pgp_plugin().get_list(kwargs['list_id'])
return super(ListSettings, self).dispatch(request, *args, **kwargs)
def form_valid(self, form):
......@@ -122,20 +133,8 @@ class ListKeyManagementView(ListSettings):
pass
# TODO: proper list owner auth
@login_required
@list_view
def pgp_list_key_management(request, pgp_list):
return render(request, 'django_pgpmailman/list/key_management.html',
{'pgp_list': pgp_list})
@list_view
def pgp_list_pubkey(request, pgp_list):
pubkey = pgp_list.pubkey
pubkey_file = ContentFile(str(pubkey))
response = HttpResponse(pubkey_file, 'application/pgp-keys')
response['Content-Length'] = pubkey_file.size
response[
'Content-Disposition'] = 'attachment; filename="%s.asc"' % pgp_list.list_id
return response
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment