Skip to content
Snippets Groups Projects
Commit 8cee4a4c authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB
Browse files

Better 403 handling with template rendering for event views

parent ce232d31
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
gracedb/events/views.py
+ 7
2
View file @ 8cee4a4c
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.http import HttpResponseRedirect, HttpResponseNotFound, HttpResponseBadRequest, Http404
from django.http import HttpResponseForbidden, HttpResponseServerError
......@@ -74,10 +75,14 @@ def event_and_auth_required(view):
# maps to 'view', and unsafe methods map to 'CHANGE'
if request.method=='GET':
if not user_has_perm(request.user, 'view', event):
return HttpResponseForbidden("Forbidden")
msg = ('You do not have permission to view this event. '
'If you think you should be able to view it, make sure '
'you are logged in.')
return render(request, '403.html', status=403,
context={'graceid': graceid, 'message': msg})
elif request.method in ['POST', 'DELETE']:
if not user_has_perm(request.user, 'change', event):
return HttpResponseForbidden("Forbidden")
raise PermissionDenied
return view(request, event, *args, **kwargs)
return inner
......
gracedb/templates/403.html
+ 6
3
View file @ 8cee4a4c
{% extends "base.html" %}
{% block title %}403 – Forbidden{% endblock %}
{% block heading %}Forbidden {{ object.graceid }}{% endblock %}
{% block heading %}Forbidden {{ graceid }}{% endblock %}
{% block content %}
<p>You do not have the required permissions for the requested action.</p>
{{ message|safe }}
{% if message %}
<p>{{ message|safe }}</p>
{% else %}
<p>You do not have permission to perform the requested action.</p>
{% endif %}
{% endblock %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment