in src/olympia/devhub/decorators.py [0:0]
def decorator(f):
@addon_view_factory(qs=qs)
@login_required
@functools.wraps(f)
def wrapper(request, addon, *args, **kw):
def fun():
return f(request, *args, **{'addon_id': addon.id, 'addon': addon, **kw})
if request.method in ('HEAD', 'GET'):
# Allow reviewers for read operations, if file_id is present
# and the reviewer is the right kind of reviewer for this file.
if allow_reviewers_for_read:
file_id = kw.get('file_id')
if file_id:
is_unlisted = Version.unfiltered.filter(
file__id=file_id, channel=amo.CHANNEL_UNLISTED
).exists()
has_required_permission = (
acl.is_unlisted_addons_viewer_or_reviewer(request.user)
if is_unlisted
else (acl.is_listed_addons_viewer_or_reviewer(request.user))
)
if has_required_permission:
return fun()
else:
raise ImproperlyConfigured
# On read-only requests, we can allow developers, and even let
# authors see mozilla disabled add-ons.
if acl.check_addon_ownership(
request.user,
addon,
allow_developer=True,
allow_mozilla_disabled_addon=True,
):
# Redirect to the submit flow if they're not done with
# listed submission.
if not submitting and addon.should_redirect_to_submit_flow():
return redirect('devhub.submit.details', addon.slug)
return fun()
# Require an owner or deveveloper for POST requests (if the add-on
# status is disabled that check will return False).
elif request.method == 'POST':
if acl.check_addon_ownership(
request.user,
addon,
allow_developer=not owner_for_post,
):
return fun()
raise PermissionDenied
return wrapper