jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Display a message on the site when trying to do a POST in readonly mode

Browse source
This commit is contained in:
Yohan Boniface 2018-09-08 16:49:25 +02:00
parent 4c446998e7
commit da4ee13deb
5 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
umap/decorators.py
View file

@ -38,8 +38,7 @@ def map_permissions_check(view_func):
if not can_edit: if not can_edit:
if map_inst.owner and not user.is_authenticated: if map_inst.owner and not user.is_authenticated:
return simple_json_response(login_required=str(LOGIN_URL)) return simple_json_response(login_required=str(LOGIN_URL))
else: return HttpResponseForbidden()
return HttpResponseForbidden('Action not allowed for user.')
return view_func(request, *args, **kwargs) return view_func(request, *args, **kwargs)
return wrapper return wrapper

3
umap/middleware.py
View file

@ -1,6 +1,7 @@
from django.conf import settings from django.conf import settings
from django.core.exceptions import MiddlewareNotUsed from django.core.exceptions import MiddlewareNotUsed
from django.http import HttpResponseForbidden from django.http import HttpResponseForbidden
from django.utils.translation import ugettext as _
def readonly_middleware(get_response): def readonly_middleware(get_response):
@ -10,7 +11,7 @@ def readonly_middleware(get_response):
def middleware(request): def middleware(request):
if request.method not in ['GET', 'OPTIONS']: if request.method not in ['GET', 'OPTIONS']:
return HttpResponseForbidden('Site is readonly') return HttpResponseForbidden(_('Site is readonly for maintenance'))
return get_response(request) return get_response(request)

2
umap/static/umap/js/umap.xhr.js
View file

@ -59,7 +59,7 @@ L.U.Xhr = L.Evented.extend({
settings.callback.call(settings.context || xhr, xhr.responseText, xhr); settings.callback.call(settings.context || xhr, xhr.responseText, xhr);
} }
else if (xhr.status === 403) { else if (xhr.status === 403) {
self.ui.alert({content: L._('Action not allowed :('), level: 'error'}); self.ui.alert({content: xhr.responseText || L._('Action not allowed :('), level: 'error'});
} }
else if (xhr.status === 412) { else if (xhr.status === 412) {
var msg = L._('Woops! Someone else seems to have edited the data. You can save anyway, but this will erase the changes made by others.'); var msg = L._('Woops! Someone else seems to have edited the data. You can save anyway, but this will erase the changes made by others.');

2
umap/tests/test_map_views.py
View file

@ -480,4 +480,4 @@ def test_create_readonly(client, user, post_data, settings):
client.login(username=user.username, password="123123") client.login(username=user.username, password="123123")
response = client.post(url, post_data) response = client.post(url, post_data)
assert response.status_code == 403 assert response.status_code == 403
assert response.content == b'Site is readonly' assert response.content == b'Site is readonly for maintenance'

14
umap/views.py
View file

@ -426,7 +426,7 @@ class MapView(MapDetailMixin, DetailView):
canonical = "?".join([canonical, request.META['QUERY_STRING']]) canonical = "?".join([canonical, request.META['QUERY_STRING']])
return HttpResponsePermanentRedirect(canonical) return HttpResponsePermanentRedirect(canonical)
if not self.object.can_view(request): if not self.object.can_view(request):
return HttpResponseForbidden('Forbidden') return HttpResponseForbidden()
return super(MapView, self).get(request, *args, **kwargs) return super(MapView, self).get(request, *args, **kwargs)
def get_canonical_url(self): def get_canonical_url(self):
@ -585,7 +585,7 @@ class AttachAnonymousMap(View):
or not self.object.is_anonymous_owner(self.request) or not self.object.is_anonymous_owner(self.request)
or not self.object.can_edit(self.request.user, self.request) or not self.object.can_edit(self.request.user, self.request)
or not self.request.user.is_authenticated): or not self.request.user.is_authenticated):
return HttpResponseForbidden('Forbidden.') return HttpResponseForbidden()
self.object.owner = self.request.user self.object.owner = self.request.user
self.object.save() self.object.save()
return simple_json_response() return simple_json_response()
@ -602,7 +602,7 @@ class MapDelete(DeleteView):
_('Only its owner can delete the map.')) _('Only its owner can delete the map.'))
if not self.object.owner\ if not self.object.owner\
and not self.object.is_anonymous_owner(self.request): and not self.object.is_anonymous_owner(self.request):
return HttpResponseForbidden('Forbidden.') return HttpResponseForbidden()
self.object.delete() self.object.delete()
return simple_json_response(redirect="/") return simple_json_response(redirect="/")
@ -612,7 +612,7 @@ class MapClone(View):
def post(self, *args, **kwargs): def post(self, *args, **kwargs):
if not getattr(settings, "UMAP_ALLOW_ANONYMOUS", False) \ if not getattr(settings, "UMAP_ALLOW_ANONYMOUS", False) \
and not self.request.user.is_authenticated: and not self.request.user.is_authenticated:
return HttpResponseForbidden('Forbidden') return HttpResponseForbidden()
owner = self.request.user if self.request.user.is_authenticated else None owner = self.request.user if self.request.user.is_authenticated else None
self.object = kwargs['map_inst'].clone(owner=owner) self.object = kwargs['map_inst'].clone(owner=owner)
response = simple_json_response(redirect=self.object.get_absolute_url()) response = simple_json_response(redirect=self.object.get_absolute_url())
@ -661,7 +661,7 @@ class MapAnonymousEditUrl(RedirectView):
try: try:
pk = signer.unsign(self.kwargs['signature']) pk = signer.unsign(self.kwargs['signature'])
except BadSignature: except BadSignature:
return HttpResponseForbidden('Bad Signature') return HttpResponseForbidden()
else: else:
map_inst = get_object_or_404(Map, pk=pk) map_inst = get_object_or_404(Map, pk=pk)
url = map_inst.get_absolute_url() url = map_inst.get_absolute_url()
@ -786,7 +786,7 @@ class DataLayerUpdate(FormLessEditMixin, GZipMixin, UpdateView):
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
self.object = self.get_object() self.object = self.get_object()
if self.object.map != self.kwargs['map_inst']: if self.object.map != self.kwargs['map_inst']:
return HttpResponseForbidden('Route to nowhere') return HttpResponseForbidden()
if not self.if_match(): if not self.if_match():
return HttpResponse(status=412) return HttpResponse(status=412)
return super(DataLayerUpdate, self).post(request, *args, **kwargs) return super(DataLayerUpdate, self).post(request, *args, **kwargs)
@ -798,7 +798,7 @@ class DataLayerDelete(DeleteView):
def delete(self, *args, **kwargs): def delete(self, *args, **kwargs):
self.object = self.get_object() self.object = self.get_object()
if self.object.map != self.kwargs['map_inst']: if self.object.map != self.kwargs['map_inst']:
return HttpResponseForbidden('Route to nowhere') return HttpResponseForbidden()
self.object.delete() self.object.delete()
return simple_json_response(info=_("Layer successfully deleted.")) return simple_json_response(info=_("Layer successfully deleted."))