Skip to content

Views

hypha.elevate.views

elevate.views ~~~~~~~~~~~~~

© © 2017-present by Justin Mayer. © © 2014-2016 by Matt Robenolt. :license: BSD, see LICENSE for more details.

ElevateView

Bases: View

The default view for the Elevate mode page. The role of this page is to prompt the user for their password again, and if successful, redirect them back to next.

form_class class-attribute instance-attribute 

form_class = ElevateForm

template_name class-attribute instance-attribute 

template_name = 'elevate/elevate.html'

extra_context class-attribute instance-attribute 

extra_context = None

handle_elevate 

handle_elevate(request, redirect_to, context)
Source code in hypha/elevate/views.py 
50
51
def handle_elevate(self, request, redirect_to, context):
    return request.method == "POST" and context["form"].is_valid()

grant_elevated_privileges 

grant_elevated_privileges(request, redirect_to)
Source code in hypha/elevate/views.py 
53
54
55
56
57
58
59
60
61
62
63
64
def grant_elevated_privileges(self, request, redirect_to):
    grant_elevated_privileges(request)
    # Restore the redirect destination from the GET request
    redirect_to = request.session.pop(REDIRECT_TO_FIELD_NAME, redirect_to)
    # Double check we're not redirecting to other sites
    if not url_has_allowed_host_and_scheme(
        redirect_to,
        allowed_hosts=[request.get_host()],
        require_https=request.is_secure(),
    ):
        redirect_to = resolve_url(REDIRECT_URL)
    return HttpResponseRedirect(redirect_to)

dispatch 

dispatch(request)
Source code in hypha/elevate/views.py 
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
@method_decorator(sensitive_post_parameters())
@method_decorator(never_cache)
@method_decorator(csrf_protect)
@method_decorator(login_required)
def dispatch(self, request):
    redirect_to = request.GET.get(REDIRECT_FIELD_NAME, REDIRECT_URL)

    # Make sure we're not redirecting to other sites
    if not url_has_allowed_host_and_scheme(
        redirect_to,
        allowed_hosts=[request.get_host()],
        require_https=request.is_secure(),
    ):
        redirect_to = resolve_url(REDIRECT_URL)

    if request.is_elevated():
        return HttpResponseRedirect(redirect_to)

    if request.method == "GET":
        request.session[REDIRECT_TO_FIELD_NAME] = redirect_to

    context = {
        "form": self.form_class(request, request.user, request.POST or None),
        "request": request,
        REDIRECT_FIELD_NAME: redirect_to,
    }
    if self.handle_elevate(request, redirect_to, context):
        return self.grant_elevated_privileges(request, redirect_to)
    if self.extra_context is not None:
        context.update(self.extra_context)
    return TemplateResponse(request, self.template_name, context)

elevate 

elevate(request, **kwargs)
Source code in hypha/elevate/views.py 
 99
100
def elevate(request, **kwargs):
    return ElevateView(**kwargs).dispatch(request)

redirect_to_elevate 

redirect_to_elevate(next_url, elevate_url=None)

Redirects the user to the login page, passing the given 'next' page

Source code in hypha/elevate/views.py 
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
def redirect_to_elevate(next_url, elevate_url=None):
    """
    Redirects the user to the login page, passing the given 'next' page
    """
    if elevate_url is None:
        elevate_url = URL

    try:
        # django 1.10 and greater can't resolve the string 'elevate.views.elevate' to a URL
        # https://docs.djangoproject.com/en/1.10/releases/1.10/#removed-features-1-10
        elevate_url = import_string(elevate_url)
    except ImportError:
        pass  # wasn't a dotted path

    elevate_url_parts = list(urlparse(resolve_url(elevate_url)))

    querystring = QueryDict(elevate_url_parts[4], mutable=True)
    querystring[REDIRECT_FIELD_NAME] = next_url
    elevate_url_parts[4] = querystring.urlencode(safe="/")

    return HttpResponseRedirect(urlunparse(elevate_url_parts))