Merge remote-tracking branch 'spaetz/formerge/538_FORBIDDEN_admin_pages'

* spaetz/formerge/538_FORBIDDEN_admin_pages:
  Fix error page text
  Return code 403 when accessing admin pages
  Implement generic error pages

mediagoblin/admin/views.py

@@ -14,18 +14,19 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from mediagoblin.tools.response import render_to_response, render_404
 from mediagoblin.db.util import DESCENDING
 from mediagoblin.decorators import require_active_login
-
+from mediagoblin.tools.response import (render_to_response, render_403,
+                                        render_404)
 
 @require_active_login
 def admin_processing_panel(request):
     '''
     Show the global processing panel for this instance
     '''
+    # TODO: Why not a "require_admin_login" decorator throwing a 403 exception?
     if not request.user.is_admin:
-        return render_404(request)
+        return render_403(request)
 
     processing_entries = request.db.MediaEntry.find(
         {'state': u'processing'}).sort('created', DESCENDING)

mediagoblin/templates/mediagoblin/error.html

@@ -17,15 +17,12 @@
 #}
 {% extends "mediagoblin/base.html" %}
 
-{% block title %}404 — {{ super() }}{% endblock %}
+{% block title %}{{err_code}} — {{ super() }}{% endblock %}
 
 {% block mediagoblin_content %}
   <img class="right_align" src="{{ request.staticdirect('/images/404.png') }}"
-       alt="{% trans %}Image of 404 goblin stressing out{% endtrans %}" />
+       alt="{% trans %}Image of goblin stressing out{% endtrans %}" />
-  <h1>{% trans %}Oops!{% endtrans %}</h1>
+  <h1>{{ title }}</h1>
-  <p>{% trans %}There doesn't seem to be a page at this address. Sorry!{% endtrans %}</p>
+  <p>{{ err_msg|safe }}</p>
-  <p>
-    {%- trans %}If you're sure the address is correct, maybe the page you're looking for has been moved or deleted.{% endtrans -%}
-  </p>
   <div class="clear"></div>
 {% endblock %}

mediagoblin/tools/response.py

@@ -16,6 +16,7 @@
 
 from webob import Response, exc
 from mediagoblin.tools.template import render_template
+from mediagoblin.tools.translate import fake_ugettext_passthrough as _
 
 
 def render_to_response(request, template, context, status=200):
@@ -25,13 +26,33 @@ def render_to_response(request, template, context, status=200):
         status=status)
 
 
-def render_404(request):
+def render_error(request, status=500, title=_('Oops!'),
-    """
+                 err_msg=_('An error occured')):
-    Render a 404.
+    """Render any error page with a given error code, title and text body
-    """
-    return render_to_response(
-        request, 'mediagoblin/404.html', {}, status=404)
 
+    Title and description are passed through as-is to allow html. Make
+    sure no user input is contained therein for security reasons. The
+    description will be wrapped in <p></p> tags.
+    """
+    return Response(render_template(request, 'mediagoblin/error.html',
+        {'err_code': status, 'title': title, 'err_msg': err_msg}),
+        status=status)
+
+
+def render_403(request):
+    """Render a standard 403 page"""
+    title = _('Operation not allowed')
+    err_msg = _("Sorry Dave, I can't let you do that!</p><p>You have tried "
+                " to perform a function that you are not allowed to. Have you "
+                "been trying to delete all user accounts again?")
+    return render_error(request, 403, title, err_msg)
+
+def render_404(request):
+    """Render a standard 404 page."""
+    err_msg = _("There doesn't seem to be a page at this address. Sorry!</p>"
+                "<p>If you're sure the address is correct, maybe the page "
+                "you're looking for has been moved or deleted.")
+    return render_error(request, 404, err_msg=err_msg)
 
 def redirect(request, *args, **kwargs):
     """Returns a HTTPFound(), takes a request and then urlgen params"""