mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-26 03:21:05 +00:00
always return 403 to POST requests
- POST requests need to receive a 403 error code - minor wording updates
This commit is contained in:
parent
8ddafafa84
commit
a56ba0ce1c
3 changed files with 10 additions and 3 deletions
|
@ -8,8 +8,8 @@
|
|||
<div class="block">
|
||||
<h1 class="title">{% trans "Permission Denied" %}</h1>
|
||||
{% blocktrans trimmed with level=request.user|get_user_permission %}
|
||||
<p class="content">You do not have permission to view this page. Your user permission level is <code>{{ level }}</code>.</p>
|
||||
<p class="content">If you think you should have access to this page, please speak to your BookWyrm server administrator.</p>
|
||||
<p class="content">You do not have permission to view this page or perform this action. Your user permission level is <code>{{ level }}</code>.</p>
|
||||
<p class="content">If you think you should have access, please speak to your BookWyrm server administrator.</p>
|
||||
{% endblocktrans %}
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
|
@ -131,4 +131,4 @@ def id_to_username(user_id):
|
|||
def get_user_permission(user):
|
||||
"""given a user, return their permission level"""
|
||||
|
||||
return user.groups.first() if user.groups.first() else "User"
|
||||
return user.groups.first() or "User"
|
||||
|
|
|
@ -1,8 +1,15 @@
|
|||
"""custom 403 handler to enable context processors"""
|
||||
|
||||
from django.http import HttpResponse
|
||||
from django.template.response import TemplateResponse
|
||||
|
||||
from .helpers import is_api_request
|
||||
|
||||
|
||||
def permission_denied(request, exception): # pylint: disable=unused-argument
|
||||
"""permission denied page"""
|
||||
|
||||
if request.method == "POST" or is_api_request(request):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
return TemplateResponse(request, "403.html")
|
||||
|
|
Loading…
Reference in a new issue