Create proper template for 403 messages

By using a real template, we both make permission denied messages look
better (properly rendered), and also makes it possible to tell the user
*why* access was denied.

This makes using PermissionDenied exceptions a lot more useful, so
update a number of places that were sending out access denied messages
as 404s.

diff --git a/postgresqleu/confreg/backendviews.py b/postgresqleu/confreg/backendviews.py
index 44704e4f928389c961f73d8c8c03c6d8389b994f..76b03b8bf5a99883b01a3b3e8ad975e72670f8d8 100644 (file)
--- a/postgresqleu/confreg/backendviews.py
+++ b/postgresqleu/confreg/backendviews.py
@@ -56,7 +56,7 @@ def get_authenticated_conference(request, urlname=None, confid=None):
                        return c
                if c.series.administrators.filter(pk=request.user.id).exists():
                        return c
-               raise Http404()
+               raise PermissionDenied()
 
 def backend_process_form(request, urlname, formclass, id, cancel_url='../', saved_url='../', allow_new=True, allow_delete=True, breadcrumbs=None, permissions_already_checked=False, conference=None, bypass_conference_filter=False, instancemaker=None, deleted_url=None):
        if not conference and not bypass_conference_filter:

diff --git a/postgresqleu/confreg/views.py b/postgresqleu/confreg/views.py
index d8ab310acdcc81ecd5f439898fdcb2afbdd8787d..b626f0e7ed2a11ae47423e93bfd7eaa1cbd6f539 100644 (file)
--- a/postgresqleu/confreg/views.py
+++ b/postgresqleu/confreg/views.py
@@ -1,6 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 from django.shortcuts import render, get_object_or_404
+from django.core.exceptions import PermissionDenied
 from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect, HttpResponse, Http404
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.csrf import csrf_exempt
@@ -1940,7 +1941,7 @@ def viewvouchers_user(request, confname, batchid):
        conference = get_object_or_404(Conference, urlname=confname)
        batch = get_object_or_404(PrepaidBatch, conference=conference, pk=batchid)
        if batch.buyer != request.user:
-               raise Http404()
+               raise PermissionDenied()
        vouchers = batch.prepaidvoucher_set.all()
 
        return render_conference_response(request, conference, 'reg', 'confreg/prepaid_list.html', {
@@ -2101,7 +2102,7 @@ def bulkpay_view(request, confname, bulkpayid):
 def talkvote(request, confname):
        conference = get_object_or_404(Conference, urlname=confname)
        if not conference.talkvoters.filter(pk=request.user.id).exists() and not conference.administrators.filter(pk=request.user.id).exists() and not conference.series.administrators.filter(pk=request.user.id).exists():
-               return HttpResponse('You are not a talk voter or administrator for this conference!')
+               raise PermissionDenied('You are not a talk voter or administrator for this conference!')
 
        isvoter = conference.talkvoters.filter(pk=request.user.id).exists()
        isadmin = conference.administrators.filter(pk=request.user.id).exists() or conference.series.administrators.filter(pk=request.user.id).exists()
@@ -2209,7 +2210,7 @@ def talkvote(request, confname):
 def talkvote_status(request, confname):
        conference = get_object_or_404(Conference, urlname=confname)
        if not conference.talkvoters.filter(pk=request.user.id).exists() and not conference.administrators.filter(pk=request.user.id).exists() and not conference.series.administrators.filter(pk=request.user.id).exists():
-               return HttpResponse('You are not a talk voter or administrator for this conference!')
+               raise PermissionDenied('You are not a talk voter or administrator for this conference!')
 
        isadmin = conference.administrators.filter(pk=request.user.id).exists() or conference.series.administrators.filter(pk=request.user.id).exists()
        if not isadmin:
@@ -2230,7 +2231,7 @@ def talkvote_status(request, confname):
 def talkvote_vote(request, confname):
        conference = get_object_or_404(Conference, urlname=confname)
        if not conference.talkvoters.filter(pk=request.user.id):
-               return HttpResponse('You are not a talk voter for this conference!')
+               raise PermissionDenied('You are not a talk voter for this conference!')
        if request.method!='POST':
                return HttpResponse('Can only use POST')
 
@@ -2254,7 +2255,7 @@ def talkvote_vote(request, confname):
 def talkvote_comment(request, confname):
        conference = get_object_or_404(Conference, urlname=confname)
        if not conference.talkvoters.filter(pk=request.user.id):
-               return HttpResponse('You are not a talk voter for this conference!')
+               raise PermissionDenied('You are not a talk voter for this conference!')
        if request.method!='POST':
                return HttpResponse('Can only use POST')
 
@@ -2274,7 +2275,7 @@ def createschedule(request, confname):
        if not (request.user.is_superuser or is_admin or
                        conference.talkvoters.filter(pk=request.user.id).exists()
                        ):
-               raise Http404('You are not an administrator or talk voter for this conference!')
+               raise PermissionDenied('You are not an administrator or talk voter for this conference!')
 
 
        if request.method=="POST":
@@ -2289,7 +2290,7 @@ def createschedule(request, confname):
                # Else we are saving. This is only allowed by superusers and administrators,
                # not all talk voters (as it potentially changes the website).
                if not request.user.is_superuser and not is_admin:
-                       raise Http404('Only administrators can save!')
+                       raise PermissionDenied('Only administrators can save!')
 
                # Remove all the existing mappings, and add new ones
                # Yes, we do this horribly inefficiently, but it doesn't run very

diff --git a/postgresqleu/confwiki/views.py b/postgresqleu/confwiki/views.py
index 0c33b54847b324ab741587d1260ad4728bd933fb..c50bad80ccb530d153427a1499fb294323366509 100644 (file)
--- a/postgresqleu/confwiki/views.py
+++ b/postgresqleu/confwiki/views.py
@@ -1,5 +1,5 @@
 from django.shortcuts import render, get_object_or_404
-from django.http import HttpResponseRedirect, Http404
+from django.http import HttpResponseRedirect
 from django.core.exceptions import PermissionDenied
 from django.contrib.auth.decorators import login_required
 from django.db import transaction, connection

diff --git a/template/403.html b/template/403.html
new file mode 100644 (file)
index 0000000..7ca6bb4
--- /dev/null
+++ b/template/403.html
@@ -0,0 +1,11 @@
+{%extends "navbase.html" %}
+{%block title%}Access denied{%endblock%}
+{%block content%}
+<h1>Access denied</h1>
+{%if exception%}
+{{exception}}
+{%else%}
+Access denied.
+{%endif%}
+{%endblock%}
+