Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
AE
Sith
Commits
aa732a4e
Commit
aa732a4e
authored
Dec 07, 2015
by
Skia
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed
parent
6cc78514
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
44 additions
and
5 deletions
+44
-5
core/templates/core/403.html
core/templates/core/403.html
+8
-0
core/templates/core/404.html
core/templates/core/404.html
+9
-0
core/views/__init__.py
core/views/__init__.py
+24
-5
sith/urls.py
sith/urls.py
+3
-0
No files found.
core/templates/core/403.html
0 → 100644
View file @
aa732a4e
{% extends "core/base.html" %}
{% block content %}
<h3>
403, Forbidden
</h3>
{% endblock %}
core/templates/core/404.html
0 → 100644
View file @
aa732a4e
{% extends "core/base.html" %}
{% block content %}
<h3>
404, Not Found
</h3>
{% endblock %}
core/views/__init__.py
View file @
aa732a4e
from
django.shortcuts
import
render
from
django.http
import
HttpResponseForbidden
from
django.core.exceptions
import
PermissionDenied
from
django.views.generic.base
import
View
from
core.models
import
Group
def
forbidden
(
request
):
return
render
(
request
,
"core/403.html"
)
def
not_found
(
request
):
return
render
(
request
,
"core/404.html"
)
# TODO: see models.py's TODO!
class
CanEditPropMixin
(
View
):
"""
...
...
@@ -19,8 +27,11 @@ class CanEditPropMixin(View):
user
=
self
.
request
.
user
if
obj
is
None
:
return
res
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
if
user
.
is_superuser
or
user
.
groups
.
filter
(
name
=
obj
.
owner_group
.
name
).
exists
():
return
res
raise
PermissionDenied
return
HttpResponseForbidden
(
"403, Forbidden"
)
class
CanEditMixin
(
CanEditPropMixin
):
...
...
@@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
object
"""
def
dispatch
(
self
,
request
,
*
arg
,
**
kwargs
):
res
=
super
(
CanEditMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
if
res
.
status_code
!=
403
:
# TODO: WIP: fix permissions with exceptions!
try
:
res
=
super
(
CanEditMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
except
PermissionDenied
:
pass
except
:
return
res
obj
=
self
.
object
user
=
self
.
request
.
user
...
...
@@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin):
if
user
.
groups
.
filter
(
name
=
g
.
name
).
exists
():
return
super
(
CanEditPropMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
if
isinstance
(
obj
,
User
)
and
obj
==
user
:
return
super
(
CanEditPropMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
return
super
(
CanEditPropMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
raise
PermissionDenied
return
HttpResponseForbidden
(
"403, Forbidden"
)
class
CanViewMixin
(
CanEditMixin
):
...
...
@@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
the object
"""
def
dispatch
(
self
,
request
,
*
arg
,
**
kwargs
):
res
=
super
(
CanViewMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
if
res
.
status_code
!=
403
:
try
:
res
=
super
(
CanViewMixin
,
self
).
dispatch
(
request
,
*
arg
,
**
kwargs
)
except
PermissionDenied
:
pass
except
:
return
res
obj
=
self
.
object
user
=
self
.
request
.
user
...
...
sith/urls.py
View file @
aa732a4e
...
...
@@ -16,6 +16,9 @@ Including another URLconf
from
django.conf.urls
import
include
,
url
from
django.contrib
import
admin
handler403
=
"core.views.forbidden"
handler404
=
"core.views.not_found"
urlpatterns
=
[
url
(
r
'^'
,
include
(
'core.urls'
,
namespace
=
"core"
,
app_name
=
"core"
)),
url
(
r
'^admin/'
,
include
(
admin
.
site
.
urls
)),
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment