[TASK] Add a simple middleware that enforces the active project id.

citavi_mapper/settings.py

@@ -60,6 +60,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'frontend.proxy.EnforceActiveProjectProxy',
 )
 
 ROOT_URLCONF = 'citavi_mapper.urls'

frontend/proxy.py

@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+
+from django.http import HttpResponse, HttpResponseRedirect
+
+class EnforceActiveProjectProxy():
+    
+    def do_debug_output(self, request, *args, **kwargs):
+        print "\n########## <session> ##########"
+        print ',\n'.join("%s: %s" % item for item in request.session.items())        
+        print "########## </session> ##########"        
+        print "\n########## <request> ##########"
+        print ',\n'.join("%s: %s" % item for item in vars(request).items())
+        print "########## </request> ##########"
+        print "\n########## <args> ##########"
+        print args
+        print "########## </args> ##########"
+        print "\n########## <kwargs> ##########"
+        print kwargs
+        print "########## </kwargs> ##########\n"
+            
+    def do_project_id_check(self, request, *args, **kwargs):
+        # kwargs project_id AND path project_id have to match!
+        print request.path
+        try:
+            project_id_arg = args[2][u'project_id']
+            if request.session[u'project_id'] != None:
+                print "Active project ID: " + request.session[u'project_id']
+                if project_id_arg != request.session[u'project_id']:
+                    return HttpResponse("<proxy> You tried to work on a project with ID " + project_id_arg + ", but your active project id is " + request.session['project_id'] + ".")            
+        except KeyError:
+            print "No project attribute set."
+        return None
+    
+    def process_view(self,  request, *args, **kwargs):
+        print "\n##########  <EnforceActiveProjectProxy:process_view> ##########"
+        self.do_debug_output(request, *args, **kwargs)
+        print "########## </EnforceActiveProjectProxy:process_view> ##########\n"
+        return self.do_project_id_check(request, *args, **kwargs)
+
+
+"""    def process_request(self,  request, *args, **kwargs):
+        return None
+        print "\n########## <EnforceActiveProjectProxy:process_request> ##########"
+        self.do_debug_output(request, *args, **kwargs)
+        print "########## </EnforceActiveProjectProxy:process_request> ##########\n"
+        return None
+"""
+

frontend/templates/project.html

@@ -3,7 +3,6 @@
 	{% load crispy_forms_tags %}
 {% endblock %}
 {% block navbar-header %}
-	{{block.super}}
 	<li><a href="{% url 'frontend-leave-project-detail' request.session.project_id %}">Leave Project</a></li>
 {% endblock %}
 {% block content %}

frontend/templates/projects.html

@@ -24,7 +24,7 @@
 						<td>{{project.id}}</td>
 						<td>{{project.name}}</td>
 						<td>{{project.description}}</td>
-						<td><a href="{% url 'frontend-project-detail' project.id %}">Enter project</a></td>
+						<td><a href="{% url 'frontend-enter-project-detail' project.id %}">Enter project</a></td>
 					</tr>
 				{% endfor %}
 			</tbody>

frontend/views.py

@@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-
 
-
 from django.http import HttpResponse, HttpResponseRedirect
 from django.views.generic import TemplateView, FormView, CreateView, UpdateView
 from django.views.generic.detail import SingleObjectMixin
@@ -89,7 +88,7 @@ class ProtectedUpdateView(LoggedInMixin, MyUpdateView):
 def enterProject(request, project_id=None):
     try:
         if request.session['project_id'] != project_id:
-            return HttpResponse("Please leave your current project - Project ID " + request.session['project_id'] + " is still active.")
+            return HttpResponse("<enterProject> Please leave your current project - Project ID " + request.session['project_id'] + " is still active.")
     except KeyError:
         pass
     request.session['project_id'] = project_id
@@ -100,7 +99,7 @@ def leaveProject(request, project_id=None):
         if request.session['project_id'] == project_id:
             del request.session['project_id']
         else:
-            return HttpResponse("You tried to leave project with ID " + project_id + ", but your active project id is " + request.session['project_id'] + ".")            
+            return HttpResponse("<leaveProject> You tried to leave project with ID " + project_id + ", but your active project id is " + request.session['project_id'] + ".")            
     except KeyError:
         pass
     return HttpResponseRedirect('/projects/')
@@ -130,7 +129,7 @@ class ProjectView(ProtectedFormView, SingleObjectMixin):
     form_class = FileUploadForm
 
     success_url = '/projects/'
-    
+       
     def get(self, request, *args, **kwargs):
         project_id = kwargs[u'project_id']
         self.object = Project.objects.get(pk=project_id)