alfortville: check DGS and DGA roles

welco/contrib/alfortville/views.py

@@ -39,6 +39,12 @@ class DgsMailHome(MailHome):
 class Dgs(HomeScreen):
     source_klass = DgsMailHome
 
+    def check_user_ok(self):
+        mellon = self.request.session['mellon_session']
+        params = {'NameID': mellon['name_id_content']}
+        user_roles = get_wcs_data('api/user/', params).get('user_roles')
+        return 'DGS' in [x.get('name') for x in user_roles]
+
 dgs = login_required(Dgs.as_view())
 
 
@@ -50,6 +56,12 @@ class DgaMailHome(MailHome):
 class Dga(HomeScreen):
     source_klass = DgaMailHome
 
+    def check_user_ok(self):
+        mellon = self.request.session['mellon_session']
+        params = {'NameID': mellon['name_id_content']}
+        user_roles = get_wcs_data('api/user/', params).get('user_roles')
+        return any([x for x in user_roles if x['name'].startswith('DGA')])
+
 dga = login_required(Dga.as_view())
 
 

welco/views.py

@@ -22,6 +22,7 @@ from django.contrib.auth import logout as auth_logout
 from django.contrib.auth import views as auth_views
 from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse
 from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import resolve_url
@@ -91,7 +92,12 @@ class Home(TemplateView):
     template_name = 'welco/home.html'
     source_klass = MailHome
 
+    def check_user_ok(self):
+        return True
+
     def get_context_data(self, **kwargs):
+        if not self.check_user_ok():
+            raise PermissionDenied()
         context = super(Home, self).get_context_data(**kwargs)
         context['source'] = self.source_klass(self.request)
         context['kb'] = KbHomeZone(self.request)