Display a message on the site when trying to do a POST in readonly mode

2018-09-08 16:49:25 +02:00 · 2018-09-08 16:49:25 +02:00 · da4ee13deb
commit da4ee13deb
parent 4c446998e7
5 changed files with 12 additions and 12 deletions
--- a/umap/decorators.py
+++ b/umap/decorators.py
@ -38,8 +38,7 @@ def map_permissions_check(view_func):
            if not can_edit:
                if map_inst.owner and not user.is_authenticated:
                    return simple_json_response(login_required=str(LOGIN_URL))
-                else:
-                    return HttpResponseForbidden('Action not allowed for user.')
+                return HttpResponseForbidden()
        return view_func(request, *args, **kwargs)
    return wrapper

--- a/umap/middleware.py
+++ b/umap/middleware.py
@ -1,6 +1,7 @@
 from django.conf import settings
 from django.core.exceptions import MiddlewareNotUsed
 from django.http import HttpResponseForbidden
+from django.utils.translation import ugettext as _


 def readonly_middleware(get_response):
@ -10,7 +11,7 @@ def readonly_middleware(get_response):

    def middleware(request):
        if request.method not in ['GET', 'OPTIONS']:
-            return HttpResponseForbidden('Site is readonly')
+            return HttpResponseForbidden(_('Site is readonly for maintenance'))

        return get_response(request)

--- a/umap/static/umap/js/umap.xhr.js
+++ b/umap/static/umap/js/umap.xhr.js
@ -59,7 +59,7 @@ L.U.Xhr = L.Evented.extend({
                    settings.callback.call(settings.context || xhr, xhr.responseText, xhr);
                }
                else if (xhr.status === 403) {
-                    self.ui.alert({content: L._('Action not allowed :('), level: 'error'});
+                    self.ui.alert({content: xhr.responseText || L._('Action not allowed :('), level: 'error'});
                }
                else if (xhr.status === 412) {
                    var msg = L._('Woops! Someone else seems to have edited the data. You can save anyway, but this will erase the changes made by others.');
--- a/umap/tests/test_map_views.py
+++ b/umap/tests/test_map_views.py
@ -480,4 +480,4 @@ def test_create_readonly(client, user, post_data, settings):
    client.login(username=user.username, password="123123")
    response = client.post(url, post_data)
    assert response.status_code == 403
-    assert response.content == b'Site is readonly'
+    assert response.content == b'Site is readonly for maintenance'
--- a/umap/views.py
+++ b/umap/views.py
@ -426,7 +426,7 @@ class MapView(MapDetailMixin, DetailView):
                canonical = "?".join([canonical, request.META['QUERY_STRING']])
            return HttpResponsePermanentRedirect(canonical)
        if not self.object.can_view(request):
-            return HttpResponseForbidden('Forbidden')
+            return HttpResponseForbidden()
        return super(MapView, self).get(request, *args, **kwargs)

    def get_canonical_url(self):
@ -585,7 +585,7 @@ class AttachAnonymousMap(View):
           or not self.object.is_anonymous_owner(self.request)
           or not self.object.can_edit(self.request.user, self.request)
           or not self.request.user.is_authenticated):
-            return HttpResponseForbidden('Forbidden.')
+            return HttpResponseForbidden()
        self.object.owner = self.request.user
        self.object.save()
        return simple_json_response()
@ -602,7 +602,7 @@ class MapDelete(DeleteView):
                _('Only its owner can delete the map.'))
        if not self.object.owner\
           and not self.object.is_anonymous_owner(self.request):
-            return HttpResponseForbidden('Forbidden.')
+            return HttpResponseForbidden()
        self.object.delete()
        return simple_json_response(redirect="/")

@ -612,7 +612,7 @@ class MapClone(View):
    def post(self, *args, **kwargs):
        if not getattr(settings, "UMAP_ALLOW_ANONYMOUS", False) \
           and not self.request.user.is_authenticated:
-            return HttpResponseForbidden('Forbidden')
+            return HttpResponseForbidden()
        owner = self.request.user if self.request.user.is_authenticated else None
        self.object = kwargs['map_inst'].clone(owner=owner)
        response = simple_json_response(redirect=self.object.get_absolute_url())
@ -661,7 +661,7 @@ class MapAnonymousEditUrl(RedirectView):
        try:
            pk = signer.unsign(self.kwargs['signature'])
        except BadSignature:
-            return HttpResponseForbidden('Bad Signature')
+            return HttpResponseForbidden()
        else:
            map_inst = get_object_or_404(Map, pk=pk)
            url = map_inst.get_absolute_url()
@ -786,7 +786,7 @@ class DataLayerUpdate(FormLessEditMixin, GZipMixin, UpdateView):
    def post(self, request, *args, **kwargs):
        self.object = self.get_object()
        if self.object.map != self.kwargs['map_inst']:
-            return HttpResponseForbidden('Route to nowhere')
+            return HttpResponseForbidden()
        if not self.if_match():
            return HttpResponse(status=412)
        return super(DataLayerUpdate, self).post(request, *args, **kwargs)
@ -798,7 +798,7 @@ class DataLayerDelete(DeleteView):
    def delete(self, *args, **kwargs):
        self.object = self.get_object()
        if self.object.map != self.kwargs['map_inst']:
-            return HttpResponseForbidden('Route to nowhere')
+            return HttpResponseForbidden()
        self.object.delete()
        return simple_json_response(info=_("Layer successfully deleted."))