Raise PermissionDenied instead of redirecting with a message if user doesn't have the tag attach permission. GL issue #235.

This commit is contained in:
Roberto Rosario
2015-10-24 00:45:48 -04:00
parent dfda765d34
commit b0f5e8741b
2 changed files with 13 additions and 10 deletions

View File

@@ -182,7 +182,7 @@ class TagViewTestCase(GenericDocumentViewTestCase):
}
)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.status_code, 403)
self.assertEqual(self.document.tags.count(), 0)
def test_document_attach_tag_view_with_permission(self):

View File

@@ -6,7 +6,7 @@ from django.contrib import messages
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse, reverse_lazy
from django.conf import settings
from django.http import HttpResponseRedirect
from django.http import Http404, HttpResponseRedirect
from django.shortcuts import get_object_or_404, render_to_response
from django.template import RequestContext
from django.utils.translation import ugettext_lazy as _, ungettext
@@ -45,14 +45,6 @@ def tag_attach(request, document_id=None, document_id_list=None):
elif document_id_list:
queryset = Document.objects.filter(pk__in=document_id_list)
if not queryset:
messages.error(request, _('Must provide at least one document.'))
return HttpResponseRedirect(
request.META.get(
'HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)
)
)
try:
Permission.check_permissions(request.user, (permission_tag_attach,))
except PermissionDenied:
@@ -60,6 +52,17 @@ def tag_attach(request, document_id=None, document_id_list=None):
permission_tag_attach, request.user, queryset
)
if not queryset:
if document_id:
raise PermissionDenied
else:
messages.error(request, _('Must provide at least one document.'))
return HttpResponseRedirect(
request.META.get(
'HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)
)
)
post_action_redirect = None
previous = request.POST.get(
'previous', request.GET.get(