blob: 8ae04651b11808a26911f382bdfda466c9f626af (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
from django.http import HttpResponseRedirect
from django.conf import settings
from re import compile
from django.core.urlresolvers import reverse
EXEMPT_URLS = [reverse('login'),reverse('logout')]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += settings.LOGIN_EXEMPT_URLS
"""
Middleware that requires a user to be authenticated to view any page other
than LOGIN_URL. Exemptions to this requirement can optionally be specified
in settings via a list of regular expressions in LOGIN_EXEMPT_URLS (which
you can copy from your urls.py).
Requires authentication middleware and template context processors to be
loaded. You'll get an error if they aren't.
"""
class LoginRequiredMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if not request.user or not request.user.is_authenticated():
path = request.path_info
if path not in EXEMPT_URLS:
login_uri = '%s?next=%s' % (settings.LOGIN_URL, request.path_info)
return HttpResponseRedirect(login_uri)
else:
# I don't really like this but I don't really see a better
# way of checking for this
try:
identity = request.user.identity
except:
allowed_paths = [ reverse('identity_create', kwargs={'user_id': request.user.pk}) ]
allowed_paths.extend(EXEMPT_URLS)
print(allowed_paths)
if request.path_info not in allowed_paths:
return HttpResponseRedirect(allowed_paths[0])
return self.get_response(request)
# TODO: Have the middleware automatically set the default identity
# if not set and a superuser creates one
|
