Commit aa732a4e authored by Skia's avatar Skia

WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed

parent 6cc78514
{% extends "core/base.html" %}
{% block content %}
<h3>403, Forbidden</h3>
{% endblock %}
{% extends "core/base.html" %}
{% block content %}
<h3>404, Not Found</h3>
{% endblock %}
from django.shortcuts import render
from django.http import HttpResponseForbidden
from django.core.exceptions import PermissionDenied
from django.views.generic.base import View
from core.models import Group
def forbidden(request):
return render(request, "core/403.html")
def not_found(request):
return render(request, "core/404.html")
# TODO: see models.py's TODO!
class CanEditPropMixin(View):
"""
......@@ -19,8 +27,11 @@ class CanEditPropMixin(View):
user = self.request.user
if obj is None:
return res
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
return res
raise PermissionDenied
return HttpResponseForbidden("403, Forbidden")
class CanEditMixin(CanEditPropMixin):
......@@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
object
"""
def dispatch(self, request, *arg, **kwargs):
# TODO: WIP: fix permissions with exceptions!
try:
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
if res.status_code != 403:
except PermissionDenied:
pass
except:
return res
obj = self.object
user = self.request.user
......@@ -41,6 +56,7 @@ class CanEditMixin(CanEditPropMixin):
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
if isinstance(obj, User) and obj == user:
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
raise PermissionDenied
return HttpResponseForbidden("403, Forbidden")
class CanViewMixin(CanEditMixin):
......@@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
the object
"""
def dispatch(self, request, *arg, **kwargs):
try:
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
if res.status_code != 403:
except PermissionDenied:
pass
except:
return res
obj = self.object
user = self.request.user
......
......@@ -16,6 +16,9 @@ Including another URLconf
from django.conf.urls import include, url
from django.contrib import admin
handler403 = "core.views.forbidden"
handler404 = "core.views.not_found"
urlpatterns = [
url(r'^', include('core.urls', namespace="core", app_name="core")),
url(r'^admin/', include(admin.site.urls)),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment