Skip to content

Commit

Permalink
Direct users to login on 403 errors
Browse files Browse the repository at this point in the history 
References #46
  • Loading branch information
@u8sand
u8sand committed Sep 14, 2018
1 parent b56a5bc commit cb902a4
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 7 deletions.
2 changes: 1 addition & 1 deletion FAIRshake/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@

if not settings.DEBUG:
handler400 = 'FAIRshakeHub.views.handler400'
handler403 = 'FAIRshakeHub.views.handler403'
handler404 = 'FAIRshakeHub.views.handler404'
handler500 = 'FAIRshakeHub.views.handler500'
handler403 = 'FAIRshakeHub.views.handler403'

urlpatterns = [
path(settings.BASE_URL + '', include('FAIRshakeHub.urls')),
Expand Down
4 changes: 1 addition & 3 deletions FAIRshakeAPI/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,9 +158,7 @@ class Assessment(models.Model):
timestamp = models.DateTimeField(auto_now_add=True)

def has_permission(self, user, perm):
if perm in ['list', 'retrieve']:
return True
elif perm in ['create', 'add']:
if perm in ['list', 'retrieve', 'create', 'add']:
return user.is_authenticated or user.is_staff
elif perm in ['modify', 'remove', 'delete']:
if self is None:
Expand Down
4 changes: 4 additions & 0 deletions FAIRshakeAPI/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
from django.core.cache import cache
from django.db.models import Q
from django.forms import ModelChoiceField
from django.core.exceptions import PermissionDenied
from rest_framework import views, viewsets, schemas, response, mixins, decorators, renderers, permissions
from functools import reduce

Expand Down Expand Up @@ -250,6 +251,9 @@ def save_form(self, request, form):
return assessment

def get_template_context(self, request, context):
if not self.get_model().has_permission(self, request.user, self.action):
raise PermissionDenied

if self.action in ['modify', 'retrieve']:
assessment = self.get_object()
assessment_form = forms.AssessmentForm(instance=assessment)
Expand Down
11 changes: 8 additions & 3 deletions FAIRshakeHub/views.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from django.shortcuts import render
from django.shortcuts import render, redirect
from django.core.paginator import Paginator
from django.conf import settings
from django.urls import reverse
from django import http
from FAIRshakeAPI import search, models, stats

Expand Down Expand Up @@ -53,15 +54,19 @@ def privacy_policy(request):
return render(request, 'fairshake/privacy_policy.html')

def handler(code, message):
def _handler(request):
def _handler(request, *args, **kwargs):
return render(request, 'fairshake/error.html', dict(
code=code,
message=message,
))
return _handler

def handler403(request, *args, **kwargs):
if request.user.is_anonymous:
return redirect(reverse('account_login') + '?next=' + request.get_full_path())
return handler(403, 'Permission denied')(request, *args, **kwargs)

handler400 = handler(400, 'Bad Request')
handler403 = handler(403, 'Permission Denied')
handler404 = handler(404, 'Page not Found')
handler500 = handler(500, 'Server error')

Expand Down

0 comments on commit cb902a4

Please sign in to comment.