mygpo/administration/auth.py

   1 from functools import wraps
   2
   3 from django.http import Http404, HttpResponseRedirect
   4 from django.conf import settings
   5
   6
   7 def require_staff(protected_view):
   8     @wraps(protected_view)
   9     def wrapper(request, *args, **kwargs):
  10
  11         staff_token = settings.STAFF_TOKEN
  12         token_auth = staff_token is not None and staff_token == request.GET.get(
  13             "staff", None
  14         )
  15         if token_auth:
  16             return protected_view(request, *args, **kwargs)
  17
  18         if not request.user.is_authenticated:
  19             return HttpResponseRedirect("/login/")
  20
  21         if request.user.is_staff:
  22             return protected_view(request, *args, **kwargs)
  23
  24         raise Http404
  25
  26     return wrapper