skill-back/access/middleware.py

from django.http import HttpResponseForbidden

from django.http import QueryDict
import json


class CheckPerm(object):
    @staticmethod
    def process_request(request):
        if len(request.path) > 6 and \
              ('/admin' == request.path[:6]
              or'/analy' == request.path[:6]):
              #or "/api/v" == request.path[:6]):

            if not request.user.is_authenticated():
                return HttpResponseForbidden()

            if not (request.user.in_role == "M" or request.user.in_role == "S"
                    or request.user.in_role == "A" or request.user.is_admin):

                return HttpResponseForbidden()


class RequestToApi(object):
    @staticmethod
    def process_request(request):
        if len(request.path) > 4 and '/api' == request.path[:4]:
            if request.method == 'POST':
                data = json.loads(request.body.decode('utf-8'))
                q_data = QueryDict('', mutable=True)
                for value in data:
                    q_data.update({value: data[value]})
                request.JSON = q_data
            if request.method == 'POST' or request.method == 'DELETE':
                setattr(request, '_dont_enforce_csrf_checks', True)