WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed

This commit is contained in:
Skia 2015-12-07 17:23:52 +01:00
parent 6cc7851487
commit aa732a4ec0
4 changed files with 44 additions and 5 deletions

View File

@ -0,0 +1,8 @@
{% extends "core/base.html" %}
{% block content %}
<h3>403, Forbidden</h3>
{% endblock %}

View File

@ -0,0 +1,9 @@
{% extends "core/base.html" %}
{% block content %}
<h3>404, Not Found</h3>
{% endblock %}

View File

@ -1,10 +1,18 @@
from django.shortcuts import render
from django.http import HttpResponseForbidden
from django.core.exceptions import PermissionDenied
from django.views.generic.base import View
from core.models import Group
def forbidden(request):
return render(request, "core/403.html")
def not_found(request):
return render(request, "core/404.html")
# TODO: see models.py's TODO!
class CanEditPropMixin(View):
"""
@ -19,8 +27,11 @@ class CanEditPropMixin(View):
user = self.request.user
if obj is None:
return res
# TODO: add permission scale validation, to allow some groups other than superuser to manipulate
# all objects of a class if they are in the right group
if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
return res
raise PermissionDenied
return HttpResponseForbidden("403, Forbidden")
class CanEditMixin(CanEditPropMixin):
@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
object
"""
def dispatch(self, request, *arg, **kwargs):
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
if res.status_code != 403:
# TODO: WIP: fix permissions with exceptions!
try:
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
except PermissionDenied:
pass
except:
return res
obj = self.object
user = self.request.user
@ -40,7 +55,8 @@ class CanEditMixin(CanEditPropMixin):
if user.groups.filter(name=g.name).exists():
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
if isinstance(obj, User) and obj == user:
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
raise PermissionDenied
return HttpResponseForbidden("403, Forbidden")
class CanViewMixin(CanEditMixin):
@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
the object
"""
def dispatch(self, request, *arg, **kwargs):
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
if res.status_code != 403:
try:
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
except PermissionDenied:
pass
except:
return res
obj = self.object
user = self.request.user

View File

@ -16,6 +16,9 @@ Including another URLconf
from django.conf.urls import include, url
from django.contrib import admin
handler403 = "core.views.forbidden"
handler404 = "core.views.not_found"
urlpatterns = [
url(r'^', include('core.urls', namespace="core", app_name="core")),
url(r'^admin/', include(admin.site.urls)),