my_api/context_processors.py
# -*- coding: utf-8 -*-
import logging
from functools import wraps
from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.views import redirect_to_login
from django.core.exceptions import PermissionDenied
from django.shortcuts import resolve_url
logger = logging.getLogger(__name__)
def user_roles(request):
"""Global context management for user roles"""
logger.debug('user roles')
if not hasattr(request, 'user') or not request.user.is_authenticated:
return {
'admin': False,
'super user': False,
'roles': {},
}
# here you get in db or ldap the user's authorizations
# in this skeleton I did not share it for now
admin = False
super_user = False
roles = {'api_file': {'GET': True, 'POST': False}}
return {
'admin': admin,
'super user': super_user,
'roles': roles,
}
def user_roles_check(request):
"""Control of user access rights"""
logger.debug('right_user_check')
options = {
'api_file': {'GET': True, 'POST': False}
}
url_name = request.request.resolver_match.url_name
if not request.request.user.is_authenticated:
return False
user_have_right = options[url_name][request.request.method]
if user_have_right:
return True
raise PermissionDenied
def check_authorization_user(login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
"""
Decorator for views that checks that the user has permission to access the information.
"""
def decorator(view_func):
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if user_roles_check(request):
return view_func(request, *args, **kwargs)
path = args[0].path
resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
return redirect_to_login(
path, resolved_login_url, redirect_field_name)
return _wrapped_view
return decorator