Commit aa732a4e authored by Skia's avatar Skia

WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed

parent 6cc78514
{% extends "core/base.html" %}
{% block content %}
<h3>403, Forbidden</h3>
{% endblock %}
{% extends "core/base.html" %}
{% block content %}
<h3>404, Not Found</h3>
{% endblock %}
from django.shortcuts import render
from django.http import HttpResponseForbidden from django.http import HttpResponseForbidden
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.views.generic.base import View from django.views.generic.base import View
from core.models import Group from core.models import Group
def forbidden(request):
return render(request, "core/403.html")
def not_found(request):
return render(request, "core/404.html")
# TODO: see models.py's TODO! # TODO: see models.py's TODO!
class CanEditPropMixin(View): class CanEditPropMixin(View):
""" """
...@@ -19,8 +27,11 @@ class CanEditPropMixin(View): ...@@ -19,8 +27,11 @@ class CanEditPropMixin(View):
user = self.request.user user = self.request.user
if obj is None: if obj is None:
return res return res
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists(): if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
return res return res
raise PermissionDenied
return HttpResponseForbidden("403, Forbidden") return HttpResponseForbidden("403, Forbidden")
class CanEditMixin(CanEditPropMixin): class CanEditMixin(CanEditPropMixin):
...@@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin): ...@@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
object object
""" """
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs) # TODO: WIP: fix permissions with exceptions!
if res.status_code != 403: try:
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
except PermissionDenied:
pass
except:
return res return res
obj = self.object obj = self.object
user = self.request.user user = self.request.user
...@@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin): ...@@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin):
if user.groups.filter(name=g.name).exists(): if user.groups.filter(name=g.name).exists():
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
if isinstance(obj, User) and obj == user: if isinstance(obj, User) and obj == user:
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
raise PermissionDenied
return HttpResponseForbidden("403, Forbidden") return HttpResponseForbidden("403, Forbidden")
class CanViewMixin(CanEditMixin): class CanViewMixin(CanEditMixin):
...@@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin): ...@@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
the object the object
""" """
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs) try:
if res.status_code != 403: res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
except PermissionDenied:
pass
except:
return res return res
obj = self.object obj = self.object
user = self.request.user user = self.request.user
......
...@@ -16,6 +16,9 @@ Including another URLconf ...@@ -16,6 +16,9 @@ Including another URLconf
from django.conf.urls import include, url from django.conf.urls import include, url
from django.contrib import admin from django.contrib import admin
handler403 = "core.views.forbidden"
handler404 = "core.views.not_found"
urlpatterns = [ urlpatterns = [
url(r'^', include('core.urls', namespace="core", app_name="core")), url(r'^', include('core.urls', namespace="core", app_name="core")),
url(r'^admin/', include(admin.site.urls)), url(r'^admin/', include(admin.site.urls)),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment