Merge remote-tracking branch 'spaetz/formerge/538_FORBIDDEN_admin_pages'

* spaetz/formerge/538_FORBIDDEN_admin_pages:
  Fix error page text
  Return code 403 when accessing admin pages
  Implement generic error pages
This commit is contained in:
Elrond 2012-11-29 15:27:50 +01:00
commit e4f33f4093
3 changed files with 35 additions and 16 deletions

View File

@ -14,18 +14,19 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from mediagoblin.tools.response import render_to_response, render_404
from mediagoblin.db.util import DESCENDING
from mediagoblin.decorators import require_active_login
from mediagoblin.tools.response import (render_to_response, render_403,
render_404)
@require_active_login
def admin_processing_panel(request):
'''
Show the global processing panel for this instance
'''
# TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
if not request.user.is_admin:
return render_404(request)
return render_403(request)
processing_entries = request.db.MediaEntry.find(
{'state': u'processing'}).sort('created', DESCENDING)

View File

@ -17,15 +17,12 @@
#}
{% extends "mediagoblin/base.html" %}
{% block title %}404 &mdash; {{ super() }}{% endblock %}
{% block title %}{{err_code}} &mdash; {{ super() }}{% endblock %}
{% block mediagoblin_content %}
<img class="right_align" src="{{ request.staticdirect('/images/404.png') }}"
alt="{% trans %}Image of 404 goblin stressing out{% endtrans %}" />
<h1>{% trans %}Oops!{% endtrans %}</h1>
<p>{% trans %}There doesn't seem to be a page at this address. Sorry!{% endtrans %}</p>
<p>
{%- trans %}If you're sure the address is correct, maybe the page you're looking for has been moved or deleted.{% endtrans -%}
</p>
alt="{% trans %}Image of goblin stressing out{% endtrans %}" />
<h1>{{ title }}</h1>
<p>{{ err_msg|safe }}</p>
<div class="clear"></div>
{% endblock %}

View File

@ -16,6 +16,7 @@
from webob import Response, exc
from mediagoblin.tools.template import render_template
from mediagoblin.tools.translate import fake_ugettext_passthrough as _
def render_to_response(request, template, context, status=200):
@ -25,13 +26,33 @@ def render_to_response(request, template, context, status=200):
status=status)
def render_404(request):
"""
Render a 404.
"""
return render_to_response(
request, 'mediagoblin/404.html', {}, status=404)
def render_error(request, status=500, title=_('Oops!'),
err_msg=_('An error occured')):
"""Render any error page with a given error code, title and text body
Title and description are passed through as-is to allow html. Make
sure no user input is contained therein for security reasons. The
description will be wrapped in <p></p> tags.
"""
return Response(render_template(request, 'mediagoblin/error.html',
{'err_code': status, 'title': title, 'err_msg': err_msg}),
status=status)
def render_403(request):
"""Render a standard 403 page"""
title = _('Operation not allowed')
err_msg = _("Sorry Dave, I can't let you do that!</p><p>You have tried "
" to perform a function that you are not allowed to. Have you "
"been trying to delete all user accounts again?")
return render_error(request, 403, title, err_msg)
def render_404(request):
"""Render a standard 404 page."""
err_msg = _("There doesn't seem to be a page at this address. Sorry!</p>"
"<p>If you're sure the address is correct, maybe the page "
"you're looking for has been moved or deleted.")
return render_error(request, 404, err_msg=err_msg)
def redirect(request, *args, **kwargs):
"""Returns a HTTPFound(), takes a request and then urlgen params"""