From da4ee13debe842427d05643afaf27a81c774dffb Mon Sep 17 00:00:00 2001 From: Yohan Boniface Date: Sat, 8 Sep 2018 16:49:25 +0200 Subject: [PATCH] Display a message on the site when trying to do a POST in readonly mode --- umap/decorators.py | 3 +-- umap/middleware.py | 3 ++- umap/static/umap/js/umap.xhr.js | 2 +- umap/tests/test_map_views.py | 2 +- umap/views.py | 14 +++++++------- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/umap/decorators.py b/umap/decorators.py index 971a9257..8fb7bc95 100644 --- a/umap/decorators.py +++ b/umap/decorators.py @@ -38,8 +38,7 @@ def map_permissions_check(view_func): if not can_edit: if map_inst.owner and not user.is_authenticated: return simple_json_response(login_required=str(LOGIN_URL)) - else: - return HttpResponseForbidden('Action not allowed for user.') + return HttpResponseForbidden() return view_func(request, *args, **kwargs) return wrapper diff --git a/umap/middleware.py b/umap/middleware.py index 6e031769..dc76490f 100644 --- a/umap/middleware.py +++ b/umap/middleware.py @@ -1,6 +1,7 @@ from django.conf import settings from django.core.exceptions import MiddlewareNotUsed from django.http import HttpResponseForbidden +from django.utils.translation import ugettext as _ def readonly_middleware(get_response): @@ -10,7 +11,7 @@ def readonly_middleware(get_response): def middleware(request): if request.method not in ['GET', 'OPTIONS']: - return HttpResponseForbidden('Site is readonly') + return HttpResponseForbidden(_('Site is readonly for maintenance')) return get_response(request) diff --git a/umap/static/umap/js/umap.xhr.js b/umap/static/umap/js/umap.xhr.js index ce994ad8..cd35ded0 100644 --- a/umap/static/umap/js/umap.xhr.js +++ b/umap/static/umap/js/umap.xhr.js @@ -59,7 +59,7 @@ L.U.Xhr = L.Evented.extend({ settings.callback.call(settings.context || xhr, xhr.responseText, xhr); } else if (xhr.status === 403) { - self.ui.alert({content: L._('Action not allowed :('), level: 'error'}); + self.ui.alert({content: xhr.responseText || L._('Action not allowed :('), level: 'error'}); } else if (xhr.status === 412) { var msg = L._('Woops! Someone else seems to have edited the data. You can save anyway, but this will erase the changes made by others.'); diff --git a/umap/tests/test_map_views.py b/umap/tests/test_map_views.py index bddbf9cb..f8d7947c 100644 --- a/umap/tests/test_map_views.py +++ b/umap/tests/test_map_views.py @@ -480,4 +480,4 @@ def test_create_readonly(client, user, post_data, settings): client.login(username=user.username, password="123123") response = client.post(url, post_data) assert response.status_code == 403 - assert response.content == b'Site is readonly' + assert response.content == b'Site is readonly for maintenance' diff --git a/umap/views.py b/umap/views.py index 17879f6b..35688583 100644 --- a/umap/views.py +++ b/umap/views.py @@ -426,7 +426,7 @@ class MapView(MapDetailMixin, DetailView): canonical = "?".join([canonical, request.META['QUERY_STRING']]) return HttpResponsePermanentRedirect(canonical) if not self.object.can_view(request): - return HttpResponseForbidden('Forbidden') + return HttpResponseForbidden() return super(MapView, self).get(request, *args, **kwargs) def get_canonical_url(self): @@ -585,7 +585,7 @@ class AttachAnonymousMap(View): or not self.object.is_anonymous_owner(self.request) or not self.object.can_edit(self.request.user, self.request) or not self.request.user.is_authenticated): - return HttpResponseForbidden('Forbidden.') + return HttpResponseForbidden() self.object.owner = self.request.user self.object.save() return simple_json_response() @@ -602,7 +602,7 @@ class MapDelete(DeleteView): _('Only its owner can delete the map.')) if not self.object.owner\ and not self.object.is_anonymous_owner(self.request): - return HttpResponseForbidden('Forbidden.') + return HttpResponseForbidden() self.object.delete() return simple_json_response(redirect="/") @@ -612,7 +612,7 @@ class MapClone(View): def post(self, *args, **kwargs): if not getattr(settings, "UMAP_ALLOW_ANONYMOUS", False) \ and not self.request.user.is_authenticated: - return HttpResponseForbidden('Forbidden') + return HttpResponseForbidden() owner = self.request.user if self.request.user.is_authenticated else None self.object = kwargs['map_inst'].clone(owner=owner) response = simple_json_response(redirect=self.object.get_absolute_url()) @@ -661,7 +661,7 @@ class MapAnonymousEditUrl(RedirectView): try: pk = signer.unsign(self.kwargs['signature']) except BadSignature: - return HttpResponseForbidden('Bad Signature') + return HttpResponseForbidden() else: map_inst = get_object_or_404(Map, pk=pk) url = map_inst.get_absolute_url() @@ -786,7 +786,7 @@ class DataLayerUpdate(FormLessEditMixin, GZipMixin, UpdateView): def post(self, request, *args, **kwargs): self.object = self.get_object() if self.object.map != self.kwargs['map_inst']: - return HttpResponseForbidden('Route to nowhere') + return HttpResponseForbidden() if not self.if_match(): return HttpResponse(status=412) return super(DataLayerUpdate, self).post(request, *args, **kwargs) @@ -798,7 +798,7 @@ class DataLayerDelete(DeleteView): def delete(self, *args, **kwargs): self.object = self.get_object() if self.object.map != self.kwargs['map_inst']: - return HttpResponseForbidden('Route to nowhere') + return HttpResponseForbidden() self.object.delete() return simple_json_response(info=_("Layer successfully deleted."))