WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed

2015-12-07 17:23:52 +01:00 · 2015-12-07 17:23:52 +01:00 · aa732a4ec0
parent 6cc7851487
commit aa732a4ec0
4 changed files with 44 additions and 5 deletions
--- a/core/templates/core/403.html
+++ b/core/templates/core/403.html
@ -0,0 +1,8 @@
+{% extends "core/base.html" %}
+
+{% block content %}
+
+<h3>403, Forbidden</h3>
+
+{% endblock %}
+
--- a/core/templates/core/404.html
+++ b/core/templates/core/404.html
@ -0,0 +1,9 @@
+{% extends "core/base.html" %}
+
+{% block content %}
+
+<h3>404, Not Found</h3>
+
+{% endblock %}
+
+
--- a/core/views/init.py
+++ b/core/views/init.py
@ -1,10 +1,18 @@

+from django.shortcuts import render
 from django.http import HttpResponseForbidden
 from django.core.exceptions import PermissionDenied
 from django.views.generic.base import View

 from core.models import Group

+def forbidden(request):
+    return render(request, "core/403.html")
+
+def not_found(request):
+    return render(request, "core/404.html")
+
+
 # TODO: see models.py's TODO!
 class CanEditPropMixin(View):
    """
@ -19,8 +27,11 @@ class CanEditPropMixin(View):
        user = self.request.user
        if obj is None:
            return res
+        # TODO: add permission scale validation, to allow some groups other than superuser to manipulate
+        # all objects of a class if they are in the right group
        if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
            return res
+        raise PermissionDenied
        return HttpResponseForbidden("403, Forbidden")

 class CanEditMixin(CanEditPropMixin):
@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
    object
    """
    def dispatch(self, request, *arg, **kwargs):
-        res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
-        if res.status_code != 403:
+        # TODO: WIP: fix permissions with exceptions!
+        try:
+            res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
+        except PermissionDenied:
+            pass
+        except:
            return res
        obj = self.object
        user = self.request.user
@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin):
            if user.groups.filter(name=g.name).exists():
                return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
        if isinstance(obj, User) and obj == user:
-                return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+            return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+        raise PermissionDenied
        return HttpResponseForbidden("403, Forbidden")

 class CanViewMixin(CanEditMixin):
@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
    the object
    """
    def dispatch(self, request, *arg, **kwargs):
-        res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
-        if res.status_code != 403:
+        try:
+            res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
+        except PermissionDenied:
+            pass
+        except:
            return res
        obj = self.object
        user = self.request.user
--- a/sith/urls.py
+++ b/sith/urls.py
@ -16,6 +16,9 @@ Including another URLconf
 from django.conf.urls import include, url
 from django.contrib import admin

+handler403 = "core.views.forbidden"
+handler404 = "core.views.not_found"
+
 urlpatterns = [
    url(r'^', include('core.urls', namespace="core", app_name="core")),
    url(r'^admin/', include(admin.site.urls)),