[TASK] Add a simple middleware that enforces the active project id.

2014-08-29 15:52:09 +02:00 · 2014-08-29 15:52:09 +02:00 · 714ff880b7
parent c9eb70e3da
commit 714ff880b7
5 changed files with 53 additions and 6 deletions
--- a/citavi_mapper/settings.py
+++ b/citavi_mapper/settings.py
@ -60,6 +60,7 @@ MIDDLEWARE_CLASSES = (
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'frontend.proxy.EnforceActiveProjectProxy',
 )

 ROOT_URLCONF = 'citavi_mapper.urls'
--- a/frontend/proxy.py
+++ b/frontend/proxy.py
@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+
+from django.http import HttpResponse, HttpResponseRedirect
+
+class EnforceActiveProjectProxy():
+    
+    def do_debug_output(self, request, *args, **kwargs):
+        print "\n########## <session> ##########"
+        print ',\n'.join("%s: %s" % item for item in request.session.items())        
+        print "########## </session> ##########"        
+        print "\n########## <request> ##########"
+        print ',\n'.join("%s: %s" % item for item in vars(request).items())
+        print "########## </request> ##########"
+        print "\n########## <args> ##########"
+        print args
+        print "########## </args> ##########"
+        print "\n########## <kwargs> ##########"
+        print kwargs
+        print "########## </kwargs> ##########\n"
+            
+    def do_project_id_check(self, request, *args, **kwargs):
+        # kwargs project_id AND path project_id have to match!
+        print request.path
+        try:
+            project_id_arg = args[2][u'project_id']
+            if request.session[u'project_id'] != None:
+                print "Active project ID: " + request.session[u'project_id']
+                if project_id_arg != request.session[u'project_id']:
+                    return HttpResponse("<proxy> You tried to work on a project with ID " + project_id_arg + ", but your active project id is " + request.session['project_id'] + ".")            
+        except KeyError:
+            print "No project attribute set."
+        return None
+    
+    def process_view(self,  request, *args, **kwargs):
+        print "\n##########  <EnforceActiveProjectProxy:process_view> ##########"
+        self.do_debug_output(request, *args, **kwargs)
+        print "########## </EnforceActiveProjectProxy:process_view> ##########\n"
+        return self.do_project_id_check(request, *args, **kwargs)
+
+
+"""    def process_request(self,  request, *args, **kwargs):
+        return None
+        print "\n########## <EnforceActiveProjectProxy:process_request> ##########"
+        self.do_debug_output(request, *args, **kwargs)
+        print "########## </EnforceActiveProjectProxy:process_request> ##########\n"
+        return None
+"""
+
--- a/frontend/templates/project.html
+++ b/frontend/templates/project.html
@ -3,7 +3,6 @@
 	{% load crispy_forms_tags %}
 {% endblock %}
 {% block navbar-header %}
-	{{block.super}}
 	<li><a href="{% url 'frontend-leave-project-detail' request.session.project_id %}">Leave Project</a></li>
 {% endblock %}
 {% block content %}
--- a/frontend/templates/projects.html
+++ b/frontend/templates/projects.html
@ -24,7 +24,7 @@
 						<td>{{project.id}}</td>
 						<td>{{project.name}}</td>
 						<td>{{project.description}}</td>
-						<td><a href="{% url 'frontend-project-detail' project.id %}">Enter project</a></td>
+						<td><a href="{% url 'frontend-enter-project-detail' project.id %}">Enter project</a></td>
 					</tr>
 				{% endfor %}
 			</tbody>
--- a/frontend/views.py
+++ b/frontend/views.py
@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-

-
 from django.http import HttpResponse, HttpResponseRedirect
 from django.views.generic import TemplateView, FormView, CreateView, UpdateView
 from django.views.generic.detail import SingleObjectMixin
@ -89,7 +88,7 @@ class ProtectedUpdateView(LoggedInMixin, MyUpdateView):
 def enterProject(request, project_id=None):
    try:
        if request.session['project_id'] != project_id:
-            return HttpResponse("Please leave your current project - Project ID " + request.session['project_id'] + " is still active.")
+            return HttpResponse("<enterProject> Please leave your current project - Project ID " + request.session['project_id'] + " is still active.")
    except KeyError:
        pass
    request.session['project_id'] = project_id
@ -100,7 +99,7 @@ def leaveProject(request, project_id=None):
        if request.session['project_id'] == project_id:
            del request.session['project_id']
        else:
-            return HttpResponse("You tried to leave project with ID " + project_id + ", but your active project id is " + request.session['project_id'] + ".")            
+            return HttpResponse("<leaveProject> You tried to leave project with ID " + project_id + ", but your active project id is " + request.session['project_id'] + ".")            
    except KeyError:
        pass
    return HttpResponseRedirect('/projects/')