Keep track of passed page view restrictions in the session

2024-12-01 03:31:04 +01:00 · 2014-06-04 16:02:43 +01:00 · 2014-06-04 16:02:43 +01:00 · 1e71e10cd2
commit 1e71e10cd2
parent e4008a8148
2 changed files with 18 additions and 6 deletions
--- a/wagtail/wagtailcore/views.py
+++ b/wagtail/wagtailcore/views.py
@ -3,6 +3,7 @@ import warnings
 from django.http import HttpResponse, Http404
 from django.shortcuts import get_object_or_404, redirect
 from django.core.urlresolvers import reverse
+from django.conf import settings

 from wagtail.wagtailcore import hooks
 from wagtail.wagtailcore.models import Page, PageViewRestriction
@ -43,7 +44,15 @@ def authenticate_with_password(request, page_view_restriction_id, page_id):
    if request.POST:
        form = PasswordPageViewRestrictionForm(request.POST, instance=restriction)
        if form.is_valid():
-            # TODO: record 'has authenticated against this page view restriction' flag in the session
+            has_existing_session = (settings.SESSION_COOKIE_NAME in request.COOKIES)
+            passed_restrictions = request.session.setdefault('passed_page_view_restrictions', [])
+            if restriction.id not in passed_restrictions:
+                passed_restrictions.append(restriction.id)
+            if not has_existing_session:
+                # if this is a session we've created, set it to expire at the end
+                # of the browser session
+                request.session.set_expiry(0)
+
            return redirect(form.cleaned_data['return_url'])
    else:
        form = PasswordPageViewRestrictionForm(instance=restriction)
--- a/wagtail/wagtailcore/wagtail_hooks.py
+++ b/wagtail/wagtailcore/wagtail_hooks.py
@ -7,10 +7,13 @@ from wagtail.wagtailcore.forms import PasswordPageViewRestrictionForm
 def check_view_restrictions(page, request):
    restrictions = PageViewRestriction.objects.filter(page__in=page.get_ancestors(inclusive=True))

-    for restriction in restrictions:
-        form = PasswordPageViewRestrictionForm(instance=restriction,
-            initial={'return_url': request.get_full_path()})
-        action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
-        return page.serve_password_required_response(request, form, action_url)
+    if restrictions:
+        passed_restrictions = request.session.get('passed_page_view_restrictions', [])
+        for restriction in restrictions:
+            if restriction.id not in passed_restrictions:
+                form = PasswordPageViewRestrictionForm(instance=restriction,
+                    initial={'return_url': request.get_full_path()})
+                action_url = reverse('wagtailcore_authenticate_with_password', args=[restriction.id, page.id])
+                return page.serve_password_required_response(request, form, action_url)

 hooks.register('before_serve_page', check_view_restrictions)