diff --git a/src/postorius/auth/decorators.py b/src/postorius/auth/decorators.py index 1b4ea88..7fc369b 100644 --- a/src/postorius/auth/decorators.py +++ b/src/postorius/auth/decorators.py @@ -23,6 +23,7 @@ from postorius.models import (Domain, List, Member, MailmanUser, MailmanApiError, Mailman404Error) +from postorius.utils import user_is_in_list_roster def basic_auth_login(fn): @@ -56,14 +57,13 @@ raise PermissionDenied if user.is_superuser: return fn(*args, **kwargs) - if getattr(user, 'is_list_owner', None): + if not hasattr(user, 'is_list_owner'): + mlist = List.objects.get_or_404(fqdn_listname=list_id) + user.is_list_owner = user_is_in_list_roster(user, mlist, "owners") + if user.is_list_owner: return fn(*args, **kwargs) - mlist = List.objects.get_or_404(fqdn_listname=list_id) - if user.email not in mlist.owners: - raise PermissionDenied else: - user.is_list_owner = True - return fn(*args, **kwargs) + raise PermissionDenied return wrapper @@ -79,22 +79,19 @@ raise PermissionDenied if user.is_superuser: return fn(*args, **kwargs) - if getattr(user, 'is_list_owner', None): + if (not hasattr(user, 'is_list_owner') + or not hasattr(user, 'is_list_moderator')): + mlist = List.objects.get_or_404(fqdn_listname=list_id) + if not hasattr(user, 'is_list_owner'): + user.is_list_owner = user_is_in_list_roster( + user, mlist, "owners") + if not hasattr(user, 'is_list_moderator'): + user.is_list_moderator = user_is_in_list_roster( + user, mlist, "moderators") + if user.is_list_owner or user.is_list_moderator: return fn(*args, **kwargs) - if getattr(user, 'is_list_moderator', None): - return fn(*args, **kwargs) - mlist = List.objects.get_or_404(fqdn_listname=list_id) - if user.email not in mlist.moderators and \ - user.email not in mlist.owners: - raise PermissionDenied else: - if user.email in mlist.moderators and \ - user.email not in mlist.owners: - user.is_list_moderator = True - else: - user.is_list_moderator = True - user.is_list_owner = True - return fn(*args, **kwargs) + raise PermissionDenied return wrapper diff --git a/src/postorius/utils.py b/src/postorius/utils.py index 5270543..a34ff63 100644 --- a/src/postorius/utils.py +++ b/src/postorius/utils.py @@ -75,3 +75,13 @@ return if user.email in user.other_emails: user.other_emails.remove(user.email) + +def user_is_in_list_roster(user, mailing_list, roster): + if not user.is_authenticated(): + return False + if not hasattr(user, 'other_emails'): + set_other_emails(user) + addresses = set([user.email]) | set(user.other_emails) + if addresses & set(getattr(mailing_list, roster)): + return True # At least one address is in the roster + return False diff --git a/src/postorius/views/generic.py b/src/postorius/views/generic.py index 647e601..896a098 100644 --- a/src/postorius/views/generic.py +++ b/src/postorius/views/generic.py @@ -48,14 +48,6 @@ def _get_list(self, list_id, page): return List.objects.get_or_404(fqdn_listname=list_id) - def _is_in_list_roster(self, user, mailing_list, roster): - if not user.is_authenticated(): - return False - addresses = set(user.email) | set(user.other_emails) - if addresses & set(getattr(mailing_list, roster)): - return True # At least one address is in the roster - return False - def dispatch(self, request, *args, **kwargs): # get the list object. if 'list_id' in kwargs: @@ -65,9 +57,9 @@ except MailmanApiError: return utils.render_api_error(request) utils.set_other_emails(request.user) - request.user.is_list_owner = self._is_in_list_roster( + request.user.is_list_owner = utils.user_is_in_list_roster( request.user, self.mailing_list, "owners") - request.user.is_list_moderator = self._is_in_list_roster( + request.user.is_list_moderator = utils.user_is_in_list_roster( request.user, self.mailing_list, "moderators") # set the template if 'template' in kwargs: