Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/findit/common/base_handler.py

Issue 2537143003: [Findit] Redirect to original page after login for triage. (Closed)
Patch Set: Fix test failures & rename var. Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | appengine/findit/common/test/base_handler_test.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2014 The Chromium Authors. All rights reserved. 1 # Copyright 2014 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be 2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file. 3 # found in the LICENSE file.
4 4
5 import collections 5 import collections
6 import json 6 import json
7 import logging 7 import logging
8 8
9 from google.appengine.api import users 9 from google.appengine.api import users
10 import jinja2 10 import jinja2
(...skipping 20 matching lines...) Expand all
31 ADMIN = 0 31 ADMIN = 0
32 CORP_USER = 8 32 CORP_USER = 8
33 ANYONE = 16 33 ANYONE = 16
34 34
35 35
36 class BaseHandler(webapp2.RequestHandler): 36 class BaseHandler(webapp2.RequestHandler):
37 # By default, set permission level to ADMIN only. 37 # By default, set permission level to ADMIN only.
38 # Subclass needs to overwrite it explicitly to give wider access. 38 # Subclass needs to overwrite it explicitly to give wider access.
39 PERMISSION_LEVEL = Permission.ADMIN 39 PERMISSION_LEVEL = Permission.ADMIN
40 40
41 # By default, redirect to destination page after login for GET requests.
42 LOGIN_REDIRECT_TO_DISTINATION_PAGE_FOR_GET = True
43
41 def _HasPermission(self): 44 def _HasPermission(self):
42 if (self.request.headers.get('X-AppEngine-QueueName') or 45 if (self.request.headers.get('X-AppEngine-QueueName') or
43 self.request.headers.get('X-AppEngine-Cron')): 46 self.request.headers.get('X-AppEngine-Cron')):
44 # Requests from task queues or cron jobs could access all HTTP endpoints. 47 # Requests from task queues or cron jobs could access all HTTP endpoints.
45 return True 48 return True
46 elif self.PERMISSION_LEVEL == Permission.ANYONE: 49 elif self.PERMISSION_LEVEL == Permission.ANYONE:
47 return True 50 return True
48 elif self.PERMISSION_LEVEL == Permission.CORP_USER: 51 elif self.PERMISSION_LEVEL == Permission.CORP_USER:
49 # Only give access to google accounts or admins. 52 # Only give access to google accounts or admins.
50 return self.IsCorpUserOrAdmin() 53 return self.IsCorpUserOrAdmin()
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
145 content_type = 'text/html' 148 content_type = 'text/html'
146 149
147 if cache_expiry is not None: 150 if cache_expiry is not None:
148 self.response.headers['cache-control'] = ( 151 self.response.headers['cache-control'] = (
149 'max-age=%s, public' % cache_expiry) 152 'max-age=%s, public' % cache_expiry)
150 self.response.headers['Content-Type'] = content_type 153 self.response.headers['Content-Type'] = content_type
151 self.response.write(data) 154 self.response.write(data)
152 155
153 def GetLoginUrl(self): 156 def GetLoginUrl(self):
154 """Returns the login url.""" 157 """Returns the login url."""
155 if self.request.method == 'GET': 158 # For GET, all parameters are included in the URL. So it is safe to redirect
156 # For GET, all parameters are included in the URL. 159 # to the destination page. However, for POST, the parameters could be in the
160 # body and include files, so it is better to redirect to the original page.
161 if (self.request.method == 'GET' and
162 self.LOGIN_REDIRECT_TO_DISTINATION_PAGE_FOR_GET):
157 return users.create_login_url(self.request.url) 163 return users.create_login_url(self.request.url)
158 else: 164 else:
159 # For others like POST, the parameters could be in the body and include
160 # file, etc. Thus return to the original page if available.
161 return users.create_login_url(self.request.referrer) 165 return users.create_login_url(self.request.referrer)
162 166
163 def _Handle(self, handler_func): 167 def _Handle(self, handler_func):
164 try: 168 try:
165 if not self._HasPermission(): 169 if not self._HasPermission():
166 template = 'error.html' 170 template = 'error.html'
167 data = { 171 data = {
168 'error_message': 172 'error_message':
169 ('Either not login or no permission. ' 173 ('Either not login or no permission. '
170 'Please login with your google.com account.'), 174 'Please login with your google.com account.'),
(...skipping 20 matching lines...) Expand all
191 return_code = 500 195 return_code = 500
192 cache_expiry = None 196 cache_expiry = None
193 197
194 self._SendResponse(template, data, return_code, cache_expiry) 198 self._SendResponse(template, data, return_code, cache_expiry)
195 199
196 def get(self): 200 def get(self):
197 self._Handle(self.HandleGet) 201 self._Handle(self.HandleGet)
198 202
199 def post(self): 203 def post(self):
200 self._Handle(self.HandlePost) 204 self._Handle(self.HandlePost)
OLDNEW
« no previous file with comments | « no previous file | appengine/findit/common/test/base_handler_test.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698