mirror of
https://github.com/Findus23/RPGnotes.git
synced 2024-09-19 15:43:45 +02:00
41 lines
1.8 KiB
Python
41 lines
1.8 KiB
Python
from django.contrib.auth.views import redirect_to_login
|
|
from django.core.exceptions import PermissionDenied
|
|
from django.http import HttpRequest, HttpResponseRedirect
|
|
from django.template.response import TemplateResponse
|
|
|
|
from campaigns.models import Campaign
|
|
from rpg_notes.secrets import HOME_DOMAIN_URL
|
|
from rpg_notes.settings import DEBUG
|
|
from users.models import TenantUser
|
|
|
|
demo_campaign_id = 4 if DEBUG else 8
|
|
|
|
|
|
class AuthMiddleware:
|
|
def __init__(self, get_response):
|
|
self.get_response = get_response
|
|
|
|
def __call__(self, request: HttpRequest):
|
|
# Code to be executed for each request before
|
|
# the view (and later middleware) are called.
|
|
current_user: TenantUser = request.user
|
|
tenant: Campaign = request.tenant
|
|
if tenant.pk == 1 \
|
|
or request.path.startswith("/login") \
|
|
or request.path.startswith("/css"):
|
|
return self.get_response(request)
|
|
if tenant.pk == demo_campaign_id:
|
|
if request.method in {"GET", "HEAD"} or request.path.startswith("/i18n/setlang"):
|
|
return self.get_response(request)
|
|
elif not current_user.is_authenticated:
|
|
r = TemplateResponse(request, "common/demo_readonly.jinja", status=405)
|
|
r.render()
|
|
return r
|
|
if tenant.pk != 1 and request.path.startswith("/password_reset/"):
|
|
# password reset should always been done on the main domain
|
|
return HttpResponseRedirect(HOME_DOMAIN_URL + request.path)
|
|
if not current_user.is_authenticated:
|
|
return redirect_to_login(request.get_full_path())
|
|
if not current_user.tenants.filter(pk=tenant.pk).exists():
|
|
raise PermissionDenied()
|
|
return self.get_response(request)
|