core: add generic error view

2018-12-11 15:29:58 +01:00 · 2018-12-11 15:29:58 +01:00 · 26618afb5a
parent d77bbd2120
commit 26618afb5a
4 changed files with 52 additions and 5 deletions
--- a/passbook/core/templates/login/denied.html
+++ b/passbook/core/templates/login/denied.html
@ -0,0 +1,31 @@
+{% extends 'login/base.html' %}
+
+{% load static %}
+{% load i18n %}
+{% load utils %}
+
+{% block head %}
+{{ block.super }}
+<style>
+    .pf-icon {
+        font-size: 48px;
+        text-align: center;
+    }
+</style>
+{% endblock %}
+
+{% block card %}
+<header class="login-pf-header">
+  <h1>{% trans title %}</h1>
+</header>
+{% include 'partials/messages.html' %}
+<form method="POST">
+  {% csrf_token %}
+  {% include 'partials/form_login.html' %}
+  <span class="pf-icon pficon-error-circle-o btn-block"></span>
+  Access denied
+  {% if 'back' in request.GET %}
+  <a href="{% back %}" class="btn btn-primary btn-block btn-lg">{% trans 'Back' %}</a>
+  {% endif %}
+</form>
+{% endblock %}
--- a/passbook/core/views/utils.py
+++ b/passbook/core/views/utils.py
@ -20,3 +20,14 @@ class LoadingView(TemplateView):
        kwargs['title'] = self.title
        kwargs['target_url'] = self.get_url()
        return super().get_context_data(**kwargs)
+
+class PermissionDeniedView(TemplateView):
+    """Generic Permission denied view"""
+
+    template_name = 'login/denied.html'
+    title = _('Permission denied.')
+
+    def get_context_data(self, **kwargs):
+        kwargs['is_login'] = True
+        kwargs['title'] = self.title
+        return super().get_context_data(**kwargs)
--- a/passbook/oauth_provider/urls.py
+++ b/passbook/oauth_provider/urls.py
@ -10,6 +10,8 @@ urlpatterns = [
         name="oauth2-authorize"),
    path('authorize/permission_ok/', oauth2.PassbookAuthorizationView.as_view(),
         name="oauth2-ok-authorize"),
+    path('authorize/permission_denied/', oauth2.OAuthPermissionDenied.as_view(),
+         name='oauth2-permission-denied'),
    # OAuth API
    path('', include('oauth2_provider.urls', namespace='oauth2_provider')),
 ]
--- a/passbook/oauth_provider/views/oauth2.py
+++ b/passbook/oauth_provider/views/oauth2.py
@ -2,13 +2,12 @@
 from logging import getLogger
 from urllib.parse import urlencode

-from django.http import Http404
-from django.shortcuts import get_object_or_404, reverse
+from django.shortcuts import get_object_or_404, redirect, reverse
 from django.utils.translation import ugettext as _
 from oauth2_provider.views.base import AuthorizationView

 from passbook.core.views.access import AccessMixin
-from passbook.core.views.utils import LoadingView
+from passbook.core.views.utils import LoadingView, PermissionDeniedView
 from passbook.oauth_provider.models import OAuth2Provider

 LOGGER = getLogger(__name__)
@ -23,6 +22,11 @@ class PassbookAuthorizationLoadingView(LoadingView):
        querystring = urlencode(self.request.GET)
        return reverse('passbook_oauth_provider:oauth2-ok-authorize')+'?'+querystring

+
+class OAuthPermissionDenied(PermissionDeniedView):
+    """Show permission denied view"""
+
+
 class PassbookAuthorizationView(AccessMixin, AuthorizationView):
    """Custom OAuth2 Authorization View which checks rules, etc"""

@ -40,8 +44,7 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
        self._application = application
        # Check permissions
        if not self.user_has_access(self._application, request.user):
-            # TODO: Create a general error class for access denied
-            raise Http404
+            return redirect(reverse('passbook_oauth_provider:oauth2-permission-denied'))
        actual_response = super().dispatch(request, *args, **kwargs)
        if actual_response.status_code == 400:
            LOGGER.debug(request.GET.get('redirect_uri'))