mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-05-20 17:28:55 +00:00
Code Issues Projects Releases Wiki Activity

add handler for 403s

Browse source 
fixes #3104
This commit is contained in:
Hugh Rundle 2023-11-18 12:36:03 +11:00
parent 06568aab88
commit d620bd7350
No known key found for this signature in database
GPG key ID: A7E35779918253F9
5 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
bookwyrm/templates/403.html Normal file
View file

@ -0,0 +1,16 @@
{% extends 'layout.html' %}
{% load i18n %}
{% load utilities %}
{% block title %}{% trans "Oh no!" %}{% endblock %}
{% block content %}
<div class="block">
<h1 class="title">{% trans "Permission Denied" %}</h1>
{% blocktrans trimmed with level=request.user|get_user_permission %}
<p class="content">You do not have permission to view this page. Your user permission level is <code>{{ level }}</code>.</p>
<p class="content">If you think you should have access to this page, please speak to your BookWyrm server administrator.</p>
{% endblocktrans %}
</div>
{% endblock %}

7
bookwyrm/templatetags/utilities.py
View file

@ -125,3 +125,10 @@ def id_to_username(user_id):
value = f"{name}@{domain}"
return value
@register.filter(name="get_user_permission")
def get_user_permission(user):
"""given a user, return their permission level"""
return user.groups.first() if user.groups.first() else "User"

3
bookwyrm/urls.py
View file

@ -792,3 +792,6 @@ urlpatterns.extend(staticfiles_urlpatterns())
# pylint: disable=invalid-name
handler500 = "bookwyrm.views.server_error"
# pylint: disable=invalid-name
handler403 = "bookwyrm.views.permission_required"

1
bookwyrm/views/__init__.py
View file

@ -167,3 +167,4 @@ from .annual_summary import (
summary_revoke_key,
)
from .server_error import server_error
from .permission_required import permission_required

8
bookwyrm/views/permission_required.py Normal file
View file

@ -0,0 +1,8 @@
"""custom 403 handler to enable context processors"""
from django.template.response import TemplateResponse
def permission_required(request, exception): # pylint: disable=unused-argument
"""permission denied page"""
return TemplateResponse(request, "403.html")