mirror of
https://github.com/TandoorRecipes/recipes.git
synced 2025-12-24 02:39:20 -05:00
87 lines
3.7 KiB
Python
87 lines
3.7 KiB
Python
from django.contrib.auth.models import Group
|
|
from django.http import HttpResponseRedirect
|
|
from django.urls import reverse
|
|
from django_scopes import scope, scopes_disabled
|
|
from oauth2_provider.contrib.rest_framework import OAuth2Authentication
|
|
from psycopg2.errors import UniqueViolation
|
|
from rest_framework.exceptions import AuthenticationFailed
|
|
|
|
import random
|
|
|
|
from cookbook.helper.permission_helper import create_space_for_user
|
|
from cookbook.models import Space, UserSpace
|
|
from cookbook.views import views
|
|
from recipes import settings
|
|
|
|
|
|
class ScopeMiddleware:
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request):
|
|
prefix = settings.SCRIPT_NAME or ''
|
|
|
|
# need to disable scopes for writing requests into userpref and enable for loading ?
|
|
if request.path.startswith(prefix + '/api/user-preference/'):
|
|
with scopes_disabled():
|
|
return self.get_response(request)
|
|
|
|
if request.user.is_authenticated:
|
|
|
|
if request.path.startswith(prefix + '/admin/'):
|
|
with scopes_disabled():
|
|
return self.get_response(request)
|
|
|
|
if request.path.startswith(prefix + '/signup/') or request.path.startswith(prefix + '/invite/'):
|
|
return self.get_response(request)
|
|
|
|
if request.path.startswith(prefix + '/accounts/'):
|
|
return self.get_response(request)
|
|
|
|
if request.path.startswith(prefix + '/switch-space/'):
|
|
return self.get_response(request)
|
|
|
|
if request.path.startswith(prefix + '/invite/'):
|
|
return self.get_response(request)
|
|
|
|
# get active user space, if for some reason more than one space is active select first (group permission checks will fail, this is not intended at this point)
|
|
user_space = request.user.userspace_set.filter(active=True).first()
|
|
|
|
if not user_space and request.user.userspace_set.count() > 0:
|
|
# if the users has a userspace but nothing is active, activate the first one
|
|
user_space = request.user.userspace_set.first()
|
|
if user_space:
|
|
user_space.active = True
|
|
user_space.save()
|
|
|
|
if not user_space:
|
|
if 'signup_token' in request.session:
|
|
# if user is authenticated, has no space but a signup token (InviteLink) is present, redirect to invite link logic
|
|
return HttpResponseRedirect(reverse('view_invite', args=[request.session.pop('signup_token', '')]))
|
|
else:
|
|
# if user does not yet have a space create one for him
|
|
user_space = create_space_for_user(request.user)
|
|
|
|
# TODO remove the need for this view
|
|
if user_space.groups.count() == 0 and not reverse('account_logout') in request.path:
|
|
return views.no_groups(request)
|
|
|
|
request.space = user_space.space
|
|
with scope(space=request.space):
|
|
return self.get_response(request)
|
|
else:
|
|
if request.path.startswith(prefix + '/api/'):
|
|
try:
|
|
if auth := OAuth2Authentication().authenticate(request):
|
|
user_space = auth[0].userspace_set.filter(active=True).first()
|
|
if user_space:
|
|
request.space = user_space.space
|
|
with scope(space=request.space):
|
|
return self.get_response(request)
|
|
except AuthenticationFailed:
|
|
pass
|
|
|
|
with scopes_disabled():
|
|
request.space = None
|
|
return self.get_response(request)
|