Gitlab CSE Unil

views.py 1.8 KB
Newer Older
1
from django.views.decorators.clickjacking import xframe_options_exempt
M. Chardon's avatar
M. Chardon committed
2
from django.http.response import HttpResponseRedirect, Http404
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
from django.core.urlresolvers import reverse
from django.shortcuts import get_object_or_404, render
from adim.models.annotables import AnObj
from adim.permissions import get_permission_class
from rest_framework.authtoken.models import Token

from .decorators import attp_login

@attp_login(persist=True)
@xframe_options_exempt
def login(request):
    """
    Log a user in based on the attp_message given in parameters
    Persist the login info in session
    :param request:
    :param attp_msg64:
    :param attp_hash:
    :return:
    """
M. Chardon's avatar
M. Chardon committed
22
    if request.user.is_anonymous:
23
        raise Http404()
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
    token, _ = Token.objects.get_or_create(user=request.user)
    return render(request, "adim_ttp/logged.html", context={'token': token})


@attp_login(persist=True)
def validate(request):
    """
    This view is called by the TTP, containing a valid attp_message.
    It is responsible for persisting the attp_message and redirect to the final AnObj

    :param request:
    :return:
    """
    if not hasattr(request, 'attp_message'):
        # TODO: lof some message for missing attp_message
        raise Http404()

    attp_anobj = request.attp_message.get('anobj', {})
    anobj = get_object_or_404(AnObj, uuid=attp_anobj.get('id'))

    permission = get_permission_class(anobj.sharing_mode)
    if permission is None or not permission.ttp:
        return HttpResponseRedirect("adim_app:home")

    permission.set_attp_status(request, anobj, attp_anobj.get('status', 'denied'))
    # session_key = "anobj_{}".format(anobj.uuid[:12])
    # request.session[session_key] = attp_anobj.get('status')

Julien Furrer's avatar
Julien Furrer committed
52
    return HttpResponseRedirect(reverse("adim_app:annotate", kwargs={'anobj_uuid': attp_anobj.get('id')}))