-
- Downloads
Dedicated error page for permission errors
Prior to this change permission errors (i.e. the user is logged in but does
not have a required group) were reported with flash('Access denied') and a
redirect to the selfservice index page. This causes two problems: The error
is reported with HTTP status 301/200 which is difficult to check for in tests.
This can also cause redirect loops as soon as the selfservice uses more
differentiated permission checks (see #104).
With this change a dedicated error page is displayed in place the requested
page and the HTTP status 403 is returned. This is implemented with
flask's errorhandler concept for 403.
Showing
- tests/test_invite.py 1 addition, 4 deletionstests/test_invite.py
- tests/test_role.py 10 additions, 4 deletionstests/test_role.py
- tests/test_rolemod.py 7 additions, 8 deletionstests/test_rolemod.py
- uffd/__init__.py 6 additions, 2 deletionsuffd/__init__.py
- uffd/invite/views.py 2 additions, 3 deletionsuffd/invite/views.py
- uffd/mail/views.py 3 additions, 4 deletionsuffd/mail/views.py
- uffd/mfa/views.py 1 addition, 2 deletionsuffd/mfa/views.py
- uffd/oauth2/views.py 4 additions, 10 deletionsuffd/oauth2/views.py
- uffd/role/views.py 3 additions, 4 deletionsuffd/role/views.py
- uffd/rolemod/views.py 6 additions, 10 deletionsuffd/rolemod/views.py
- uffd/session/views.py 1 addition, 2 deletionsuffd/session/views.py
- uffd/templates/403.html 23 additions, 0 deletionsuffd/templates/403.html
- uffd/translations/de/LC_MESSAGES/messages.mo 0 additions, 0 deletionsuffd/translations/de/LC_MESSAGES/messages.mo
- uffd/translations/de/LC_MESSAGES/messages.po 61 additions, 50 deletionsuffd/translations/de/LC_MESSAGES/messages.po
- uffd/user/views_group.py 4 additions, 5 deletionsuffd/user/views_group.py
- uffd/user/views_user.py 3 additions, 4 deletionsuffd/user/views_user.py
Loading
Please register or sign in to comment