WIP: Add custom 403 and 404, but break a bit the permissions! To be fixed

core/templates/core/403.html

@@ -0,0 +1,8 @@
+{% extends "core/base.html" %}
+
+{% block content %}
+
+<h3>403, Forbidden</h3>
+
+{% endblock %}
+

core/templates/core/404.html

@@ -0,0 +1,9 @@
+{% extends "core/base.html" %}
+
+{% block content %}
+
+<h3>404, Not Found</h3>
+
+{% endblock %}
+
+

core/views/__init__.py

@@ -1,10 +1,18 @@
 
+from django.shortcuts import render
 from django.http import HttpResponseForbidden
 from django.core.exceptions import PermissionDenied
 from django.views.generic.base import View
 
 from core.models import Group
 
+def forbidden(request):
+    return render(request, "core/403.html")
+
+def not_found(request):
+    return render(request, "core/404.html")
+
+
 # TODO: see models.py's TODO!
 class CanEditPropMixin(View):
     """
@@ -19,8 +27,11 @@ class CanEditPropMixin(View):
         user = self.request.user
         if obj is None:
             return res
+        # TODO: add permission scale validation, to allow some groups other than superuser to manipulate
+        # all objects of a class if they are in the right group
         if user.is_superuser or user.groups.filter(name=obj.owner_group.name).exists():
             return res
+        raise PermissionDenied
         return HttpResponseForbidden("403, Forbidden")
 
 class CanEditMixin(CanEditPropMixin):
@@ -29,8 +40,12 @@ class CanEditMixin(CanEditPropMixin):
     object
     """
     def dispatch(self, request, *arg, **kwargs):
+        # TODO: WIP: fix permissions with exceptions!
+        try:
             res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
-        if res.status_code != 403:
+        except PermissionDenied:
+            pass
+        except:
             return res
         obj = self.object
         user = self.request.user
@@ -41,6 +56,7 @@ class CanEditMixin(CanEditPropMixin):
                 return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
         if isinstance(obj, User) and obj == user:
             return super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
+        raise PermissionDenied
         return HttpResponseForbidden("403, Forbidden")
 
 class CanViewMixin(CanEditMixin):
@@ -49,8 +65,11 @@ class CanViewMixin(CanEditMixin):
     the object
     """
     def dispatch(self, request, *arg, **kwargs):
+        try:
             res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
-        if res.status_code != 403:
+        except PermissionDenied:
+            pass
+        except:
             return res
         obj = self.object
         user = self.request.user

sith/urls.py

@@ -16,6 +16,9 @@ Including another URLconf
 from django.conf.urls import include, url
 from django.contrib import admin
 
+handler403 = "core.views.forbidden"
+handler404 = "core.views.not_found"
+
 urlpatterns = [
     url(r'^', include('core.urls', namespace="core", app_name="core")),
     url(r'^admin/', include(admin.site.urls)),