kpsul/kfet/open/views.py

from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.contrib.auth.decorators import permission_required
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_POST

from .open import kfet_open


TRUE_STR = ['1', 'True', 'true']


@csrf_exempt
@require_POST
def raw_open(request):
    token = request.POST.get('token')
    if token != settings.KFETOPEN_TOKEN:
        raise PermissionDenied
    raw_open = request.POST.get('raw_open') in TRUE_STR
    kfet_open.raw_open = raw_open
    kfet_open.send_ws()
    return HttpResponse()


@permission_required('kfet.can_force_close', raise_exception=True)
@require_POST
def force_close(request):
    force_close = request.POST.get('force_close') in TRUE_STR
    kfet_open.force_close = force_close
    kfet_open.send_ws()
    return HttpResponse()
add token check to raw_open edit view 2017-06-22 15:48:45 +02:00			`from django.conf import settings`
			`from django.core.exceptions import PermissionDenied`
kfet.open kfet.open app - Base data (raw_open, last_update...) is stored and shared through cache system. - 2 websockets groups: one for team users, one for other users. - UI is initialized and kept up-to-date with WS. - raw_open and force_close can be updated with standard HTTP requests. At this time, there isn't any restriction on raw_open view. Common sense tell us to change this behavior. Misc - Clean channels routing. - 'PermConsumerMixin': user who sent the message is available as argument in connection_groups method, which returns groups to which the user should be appended on websocket connection (and discarded on disconnection). - New kfet.utils module: should be used for mixins, whatever is useful and not concerns the kfet app. - Clean JS dependencies. 2017-06-21 07:08:28 +02:00			`from django.contrib.auth.decorators import permission_required`
			`from django.http import HttpResponse`
			`from django.views.decorators.csrf import csrf_exempt`
			`from django.views.decorators.http import require_POST`

			`from .open import kfet_open`


			`TRUE_STR = ['1', 'True', 'true']`


			`@csrf_exempt`
			`@require_POST`
			`def raw_open(request):`
add token check to raw_open edit view 2017-06-22 15:48:45 +02:00			`token = request.POST.get('token')`
			`if token != settings.KFETOPEN_TOKEN:`
			`raise PermissionDenied`
kfet.open kfet.open app - Base data (raw_open, last_update...) is stored and shared through cache system. - 2 websockets groups: one for team users, one for other users. - UI is initialized and kept up-to-date with WS. - raw_open and force_close can be updated with standard HTTP requests. At this time, there isn't any restriction on raw_open view. Common sense tell us to change this behavior. Misc - Clean channels routing. - 'PermConsumerMixin': user who sent the message is available as argument in connection_groups method, which returns groups to which the user should be appended on websocket connection (and discarded on disconnection). - New kfet.utils module: should be used for mixins, whatever is useful and not concerns the kfet app. - Clean JS dependencies. 2017-06-21 07:08:28 +02:00			`raw_open = request.POST.get('raw_open') in TRUE_STR`
			`kfet_open.raw_open = raw_open`
			`kfet_open.send_ws()`
			`return HttpResponse()`


			`@permission_required('kfet.can_force_close', raise_exception=True)`
			`@require_POST`
			`def force_close(request):`
			`force_close = request.POST.get('force_close') in TRUE_STR`
			`kfet_open.force_close = force_close`
			`kfet_open.send_ws()`
			`return HttpResponse()`