WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed

aa732a4e · Skia · 6cc78514 · aa732a4e · aa732a4e · aa732a4e
Commit aa732a4e authored Dec 07, 2015 by Skia
Showing with 44 additions and 5 deletions

core/templates/core/403.html core/templates/core/403.html +8 -0

core/templates/core/404.html core/templates/core/404.html +9 -0

core/views/__init__.py core/views/__init__.py +24 -5

sith/urls.py sith/urls.py +3 -0

No files found.
--- a/core/templates/core/403.html
+++ b/core/templates/core/403.html
+{% extends "core/base.html" %}
+
+{% block content %}
+
+<h3>403, Forbidden</h3>
+
+{% endblock %}
+
--- a/core/templates/core/404.html
+++ b/core/templates/core/404.html
+{% extends "core/base.html" %}
+
+{% block content %}
+
+<h3>404, Not Found</h3>
+
+{% endblock %}
+
+
--- a/core/views/__init__.py
+++ b/core/views/__init__.py

+from django.shortcuts import render
 from django.http import HttpResponseForbidden
 from django.core.exceptions import PermissionDenied
 from django.views.generic.base import View

 from core.models import Group

+def forbidden(request):
+    return render(request, "core/403.html")
+
+def not_found(request):
+    return render(request, "core/404.html")
+
+
 # TODO: see models.py's TODO!
 class CanEditPropMixin(View):
    """
@@ -19,8 +27,11 @@ class CanEditPropMixin(View):
        user = self.request.user
        if obj is None:
            return res
+        # TODO: add permission scale validation, to allow some groups other than superuser to manipulate
+        # all objects of a class if they are in the right group
        if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
            return res
+        raise PermissionDenied
        return HttpResponseForbidden("403, Forbidden")

 class CanEditMixin(CanEditPropMixin):
@@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
    object
    """
    def dispatch(self, request, *arg, **kwargs):
-        res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
-        if res.status_code != 403:
+        # TODO: WIP: fix permissions with exceptions!
+        try:
+            res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
+        except PermissionDenied:
+            pass
+        except:
            return res
        obj = self.object
        user = self.request.user
@@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin):
            if user.groups.filter(name=g.name).exists():
                return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
        if isinstance(obj, User) and obj == user:
-                return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+            return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+        raise PermissionDenied
        return HttpResponseForbidden("403, Forbidden")

 class CanViewMixin(CanEditMixin):
@@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
    the object
    """
    def dispatch(self, request, *arg, **kwargs):
-        res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
-        if res.status_code != 403:
+        try:
+            res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
+        except PermissionDenied:
+            pass
+        except:
            return res
        obj = self.object
        user = self.request.user

--- a/sith/urls.py
+++ b/sith/urls.py
@@ -16,6 +16,9 @@ Including another URLconf
 from django.conf.urls import include, url
 from django.contrib import admin

+handler403 = "core.views.forbidden"
+handler404 = "core.views.not_found"
+
 urlpatterns = [
    url(r'^', include('core.urls', namespace="core", app_name="core")),
    url(r'^admin/', include(admin.site.urls)),