From b0f5e8741b8a49a41f4bb8c04e35d3dc6e3d51ee Mon Sep 17 00:00:00 2001
From: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Date: Sat, 24 Oct 2015 00:45:48 -0400
Subject: [PATCH] Raise PermissionDenied instead of redirecting with a message
 if user doesn't have the tag attach permission. GL issue #235.

---
 mayan/apps/tags/tests/test_views.py |  2 +-
 mayan/apps/tags/views.py            | 21 ++++++++++++---------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/mayan/apps/tags/tests/test_views.py b/mayan/apps/tags/tests/test_views.py
index 66b5fa726c..f89a30599d 100644
--- a/mayan/apps/tags/tests/test_views.py
+++ b/mayan/apps/tags/tests/test_views.py
@@ -182,7 +182,7 @@ class TagViewTestCase(GenericDocumentViewTestCase):
             }
         )
 
-        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response.status_code, 403)
         self.assertEqual(self.document.tags.count(), 0)
 
     def test_document_attach_tag_view_with_permission(self):
diff --git a/mayan/apps/tags/views.py b/mayan/apps/tags/views.py
index 9c59250d38..63d9af436c 100644
--- a/mayan/apps/tags/views.py
+++ b/mayan/apps/tags/views.py
@@ -6,7 +6,7 @@ from django.contrib import messages
 from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse, reverse_lazy
 from django.conf import settings
-from django.http import HttpResponseRedirect
+from django.http import Http404, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render_to_response
 from django.template import RequestContext
 from django.utils.translation import ugettext_lazy as _, ungettext
@@ -45,14 +45,6 @@ def tag_attach(request, document_id=None, document_id_list=None):
     elif document_id_list:
         queryset = Document.objects.filter(pk__in=document_id_list)
 
-    if not queryset:
-        messages.error(request, _('Must provide at least one document.'))
-        return HttpResponseRedirect(
-            request.META.get(
-                'HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)
-            )
-        )
-
     try:
         Permission.check_permissions(request.user, (permission_tag_attach,))
     except PermissionDenied:
@@ -60,6 +52,17 @@ def tag_attach(request, document_id=None, document_id_list=None):
             permission_tag_attach, request.user, queryset
         )
 
+    if not queryset:
+        if document_id:
+            raise PermissionDenied
+        else:
+            messages.error(request, _('Must provide at least one document.'))
+            return HttpResponseRedirect(
+                request.META.get(
+                    'HTTP_REFERER', reverse(settings.LOGIN_REDIRECT_URL)
+                )
+            )
+
     post_action_redirect = None
     previous = request.POST.get(
         'previous', request.GET.get(