Gitlab CSE Unil

views.py 1.83 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
from django.core.exceptions import PermissionDenied
from django.views.decorators.clickjacking import xframe_options_exempt
from django.http.response import HttpResponseRedirect, HttpResponse, HttpResponseForbidden, Http404
from django.core.urlresolvers import reverse
from django.shortcuts import get_object_or_404, render
from adim.models.annotables import AnObj
from adim.permissions import get_permission_class
from rest_framework.authtoken.models import Token

from .decorators import attp_login

@attp_login(persist=True)
@xframe_options_exempt
def login(request):
    """
    Log a user in based on the attp_message given in parameters
    Persist the login info in session
    :param request:
    :param attp_msg64:
    :param attp_hash:
    :return:
    """
    token, _ = Token.objects.get_or_create(user=request.user)
    return render(request, "adim_ttp/logged.html", context={'token': token})


@attp_login(persist=True)
def validate(request):
    """
    This view is called by the TTP, containing a valid attp_message.
    It is responsible for persisting the attp_message and redirect to the final AnObj

    :param request:
    :return:
    """
    if not hasattr(request, 'attp_message'):
        # TODO: lof some message for missing attp_message
        raise Http404()

    attp_anobj = request.attp_message.get('anobj', {})
    anobj = get_object_or_404(AnObj, uuid=attp_anobj.get('id'))

    permission = get_permission_class(anobj.sharing_mode)
    if permission is None or not permission.ttp:
        return HttpResponseRedirect("adim_app:home")

    permission.set_attp_status(request, anobj, attp_anobj.get('status', 'denied'))
    # session_key = "anobj_{}".format(anobj.uuid[:12])
    # request.session[session_key] = attp_anobj.get('status')

    return HttpResponseRedirect(reverse("adim_app:annotate", kwargs={'anobj_uuid': attp_anobj.get('id')}))