mirror of
https://github.com/ae-utbm/sith.git
synced 2024-12-22 07:41:14 +00:00
WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed
This commit is contained in:
parent
6cc7851487
commit
aa732a4ec0
8
core/templates/core/403.html
Normal file
8
core/templates/core/403.html
Normal file
@ -0,0 +1,8 @@
|
||||
{% extends "core/base.html" %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
<h3>403, Forbidden</h3>
|
||||
|
||||
{% endblock %}
|
||||
|
9
core/templates/core/404.html
Normal file
9
core/templates/core/404.html
Normal file
@ -0,0 +1,9 @@
|
||||
{% extends "core/base.html" %}
|
||||
|
||||
{% block content %}
|
||||
|
||||
<h3>404, Not Found</h3>
|
||||
|
||||
{% endblock %}
|
||||
|
||||
|
@ -1,10 +1,18 @@
|
||||
|
||||
from django.shortcuts import render
|
||||
from django.http import HttpResponseForbidden
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.views.generic.base import View
|
||||
|
||||
from core.models import Group
|
||||
|
||||
def forbidden(request):
|
||||
return render(request, "core/403.html")
|
||||
|
||||
def not_found(request):
|
||||
return render(request, "core/404.html")
|
||||
|
||||
|
||||
# TODO: see models.py's TODO!
|
||||
class CanEditPropMixin(View):
|
||||
"""
|
||||
@ -19,8 +27,11 @@ class CanEditPropMixin(View):
|
||||
user = self.request.user
|
||||
if obj is None:
|
||||
return res
|
||||
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
|
||||
# all objects of a class if they are in the right group
|
||||
if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
|
||||
return res
|
||||
raise PermissionDenied
|
||||
return HttpResponseForbidden("403, Forbidden")
|
||||
|
||||
class CanEditMixin(CanEditPropMixin):
|
||||
@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
|
||||
object
|
||||
"""
|
||||
def dispatch(self, request, *arg, **kwargs):
|
||||
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
|
||||
if res.status_code != 403:
|
||||
# TODO: WIP: fix permissions with exceptions!
|
||||
try:
|
||||
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
|
||||
except PermissionDenied:
|
||||
pass
|
||||
except:
|
||||
return res
|
||||
obj = self.object
|
||||
user = self.request.user
|
||||
@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin):
|
||||
if user.groups.filter(name=g.name).exists():
|
||||
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
||||
if isinstance(obj, User) and obj == user:
|
||||
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
||||
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
|
||||
raise PermissionDenied
|
||||
return HttpResponseForbidden("403, Forbidden")
|
||||
|
||||
class CanViewMixin(CanEditMixin):
|
||||
@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
|
||||
the object
|
||||
"""
|
||||
def dispatch(self, request, *arg, **kwargs):
|
||||
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
||||
if res.status_code != 403:
|
||||
try:
|
||||
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
||||
except PermissionDenied:
|
||||
pass
|
||||
except:
|
||||
return res
|
||||
obj = self.object
|
||||
user = self.request.user
|
||||
|
@ -16,6 +16,9 @@ Including another URLconf
|
||||
from django.conf.urls import include, url
|
||||
from django.contrib import admin
|
||||
|
||||
handler403 = "core.views.forbidden"
|
||||
handler404 = "core.views.not_found"
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^', include('core.urls', namespace="core", app_name="core")),
|
||||
url(r'^admin/', include(admin.site.urls)),
|
||||
|
Loading…
Reference in New Issue
Block a user