mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-26 11:31:08 +00:00
commit
b022b5a1b7
5 changed files with 46 additions and 0 deletions
20
bookwyrm/templates/403.html
Normal file
20
bookwyrm/templates/403.html
Normal file
|
@ -0,0 +1,20 @@
|
|||
{% extends 'layout.html' %}
|
||||
{% load i18n %}
|
||||
{% load utilities %}
|
||||
|
||||
{% block title %}{% trans "Oh no!" %}{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="block">
|
||||
<h1 class="title">{% trans "Permission Denied" %}</h1>
|
||||
<p class="content">
|
||||
{% blocktrans trimmed with level=request.user|get_user_permission %}
|
||||
You do not have permission to view this page or perform this action. Your user permission level is <code>{{ level }}</code>.
|
||||
{% endblocktrans %}
|
||||
</p>
|
||||
<p class="content">{% trans "If you think you should have access, please speak to your BookWyrm server administrator." %}
|
||||
</p>
|
||||
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
@ -128,6 +128,13 @@ def id_to_username(user_id):
|
|||
return value
|
||||
|
||||
|
||||
@register.filter(name="get_user_permission")
|
||||
def get_user_permission(user):
|
||||
"""given a user, return their permission level"""
|
||||
|
||||
return user.groups.first() or "User"
|
||||
|
||||
|
||||
@register.filter(name="is_instance_admin")
|
||||
def is_instance_admin(localname):
|
||||
"""Returns a boolean indicating whether the user is the instance admin account"""
|
||||
|
|
|
@ -792,3 +792,6 @@ urlpatterns.extend(staticfiles_urlpatterns())
|
|||
|
||||
# pylint: disable=invalid-name
|
||||
handler500 = "bookwyrm.views.server_error"
|
||||
|
||||
# pylint: disable=invalid-name
|
||||
handler403 = "bookwyrm.views.permission_denied"
|
||||
|
|
|
@ -167,3 +167,4 @@ from .annual_summary import (
|
|||
summary_revoke_key,
|
||||
)
|
||||
from .server_error import server_error
|
||||
from .permission_denied import permission_denied
|
||||
|
|
15
bookwyrm/views/permission_denied.py
Normal file
15
bookwyrm/views/permission_denied.py
Normal file
|
@ -0,0 +1,15 @@
|
|||
"""custom 403 handler to enable context processors"""
|
||||
|
||||
from django.http import HttpResponse
|
||||
from django.template.response import TemplateResponse
|
||||
|
||||
from .helpers import is_api_request
|
||||
|
||||
|
||||
def permission_denied(request, exception): # pylint: disable=unused-argument
|
||||
"""permission denied page"""
|
||||
|
||||
if request.method == "POST" or is_api_request(request):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
return TemplateResponse(request, "403.html")
|
Loading…
Reference in a new issue