It's safe to edit accesskey on the list.
[redakcja.git] / apps / wiki / helpers.py
index d4daf1a..bc4b760 100644 (file)
@@ -1,8 +1,8 @@
 from django import http
 from django.utils import simplejson as json
 from django.utils.functional import Promise
-from django.template.loader import render_to_string
 from datetime import datetime
+from functools import wraps
 
 
 class ExtendedEncoder(json.JSONEncoder):
@@ -24,9 +24,8 @@ class JSONResponse(http.HttpResponse):
         # get rid of mimetype
         kwargs.pop('mimetype', None)
 
-        super(JSONResponse, self).__init__(
-            json.dumps(data, cls=ExtendedEncoder),
-            mimetype="application/json", **kwargs)
+        data = json.dumps(data, cls=ExtendedEncoder)
+        super(JSONResponse, self).__init__(data, mimetype="application/json", **kwargs)
 
 
 # return errors
@@ -39,3 +38,23 @@ class JSONServerError(JSONResponse):
     def __init__(self, *args, **kwargs):
         kwargs['status'] = 500
         super(JSONServerError, self).__init__(*args, **kwargs)
+
+
+def ajax_login_required(view):
+    @wraps(view)
+    def authenticated_view(request, *args, **kwargs):
+        if not request.user.is_authenticated():
+            return http.HttpResponse("Login required.", status=401, mimetype="text/plain")
+        return view(request, *args, **kwargs)
+    return authenticated_view
+
+
+def ajax_require_permission(permission):
+    def decorator(view):
+        @wraps(view)
+        def authorized_view(request, *args, **kwargs):
+            if not request.user.has_perm(permission):
+                return http.HttpResponse("Access Forbidden.", status=403, mimetype="text/plain")
+            return view(request, *args, **kwargs)
+        return authorized_view
+    return decorator